Archives

GM Sectec: Cyber threats vectors & Ecommerce into 2023

GM-Sectec-Cyber-threats-vectors-_-Ecommerce-into-2023

Kicking off with Amazon’s Prime Day in October, to the holiday season, to the milestones of Black Friday and CyberMonday, the last 100 days of the year are the biggest retail sales season in the world.

In the United States alone, Adobe Analytics predicted that online holiday sales will reach $209.7 billion through December 31st, 2022, representing 2.5% year-over-year growth.

According to Bloomberg, the United States will lead Christmas sales in the continent with 59% of transactions, followed by countries such as Brazil (13%), Mexico (6%) and Peru (1.6%).

E-commerce has come to reign among consumer preferences, convenience, choice and with that same token becoming the launchpad of attacks and fraud by cybercriminals.  According to the Visa Biannual Threats Report study, up to the first half of 2022, almost 75% of the fraud and data breach cases investigated by Visa teams worldwide involved e-commerce companies.

Also Read: OpenText Achieves FedRAMP ‘In Process’ Designation

“Targeting e-commerce platforms and third-party code integrations are among the most common tactics used by threat actors conducting digital theft attacks,”, Visa’s report notes. “These e-com

merce attack tactics, techniques and procedures confirm that threat actors target supply chains and third-party service providers with a high frequency and show continued interest in payment account data and personally identifiable information (PII).”

Ensure the protection of your electronic payment transactions

Cyberattacks are becoming increasingly sophisticated and, as statistics show, payment transactions in e-commerce environments is already a key focus for cybercrime targets.

“There is no silver bullet when it comes to fraud. You can implement the best systems in the world, but they still rely on human beings who have exploitable blind spots. That’s why educating your consumers and employees is imperative to stopping fraud. Making sure every link in your supply chain institutes a zero-trust architecture helps combat fraud before it starts, but it only takes one text message, LinkedIn message or email for a fraudster to gain access to your systems. Making sure everyone knows the signs is the best way to stop fraud,” says Michael Jabbara, Global Head of Fraud Services at Visa.

The Payment Card Industry Data Security Standards (PCI DSS) is a standard governed by the principal card brands (Visa, Mastercard, American Express, Discovery and JCB) and add value in protecting cardholder data. In this regard, all merchants that process, store or transmit credit

Regarding the state of adoption of standards for the protection of data in electronic transactions, the 2022 Verizon Payment Security Report (2022 PSR) confirms a significant improvement in PCI DSS compliance since 2020, with 43.4% of organizations aligned with the regulations versus the 27.9% reported in 2019. However, this diagnostic revealed that more than half (56.7 %) of organizations failed interim validation assessments due to omissions of one or more security controls.

Further strengthening the payment security landscape on the table for CISOs and other organizational security professionals, the PCI SSC standard recently instituted one of the most significant updates to the DSS since its launch in 2004: PCI DSS v4.0 will go into effect in 2024.

“Security leaders must focus their attention and resources to catch up with these new requirements. The threat of credit card fraud and information theft in the global retail sector has never been more prevalent. PCI compliance, governance and risk management practices are imperative for all organizations that interact with cardholder data”, said Héctor Guillermo Martínez, President GM Sectec.