By Greg Hammermaster, Sage Payment Solutions
According to a recent Forrester Research report, “U.S. Online Holiday Retail Forecast 2011,” online holiday sales will hit $59.5 billion, an increase of 15% year over year. Forrester estimates the growth will largely be attributed to the tight economy, as consumers look to the web for the best bargains.
And, according to Forrester, the surge will be furthered by the growing popularity and proliferation of web-enabled smart phones. While this spending increase may portend an economic recovery – a good thing, indeed – the bad news is credit card fraud is especially rampant during times when the overall number of credit card transactions increases exponentially.
Credit card safety is always important, but is particularly top-of-mind during the holiday shopping season.
While the traditional holiday shopping images are of beleaguered consumers running around town, hoping to procure that season’s coveted item, the season is increasingly about the click of the mouse. According to Shop.org's eHoliday survey, consumers are planning to do 36% of their 2011holiday shopping online, compared with 32.7% in 2010.
What this eSales surge means
Unfortunately, online shoppers have become the target of choice for fraudsters, who send emails advertising the harder-to-get products. I suggest that consumers treat an unsolicited online offer much in the same way they advise their kids not to talk to strangers.
There will be an uptick in the number of scam email offers during the holiday season. One recent scam, according to Mashable, involved emails appearing to be from UPS, “telling the recipient that a package they sent has not been delivered and inviting them to click a ‘track package’ link,” which directed to infected sites, not the UPS site.
If you have not already done so, now is the time to sit down with your teenagers and older parents and discuss taking precautions in the online world, as well as on the street, due to the ease in which virtually anyone can open an account to accept credit cards on their mobile phone.
This year’s holiday shoppers will likely encounter more outlets with mobile phones and tablet devices processing credit cards. While a large number of legitimate businesses and charities are using mobile devices for accepting credit card payments, the fraudsters have had some time to study the broadly distributed mobile payment providers, so consumers should be cautious about giving their credit cards to quasi-looking businesses or organizations exclusively using mobile phones and tablets.
What the industry should do to protect consumers
Payment Card Industry (PCI) compliance is a requirement of all businesses interacting with credit or debit cards. Now is a good time for businesses who are not PCI compliant to get on board. For merchants, being PCI compliant is both an offensive and defensive strategy. A good offense is to shore up all security holes while a good defense is to have that PCI badge to mitigate the consequences of a breach. However, the real exposure is the merchant’s brand.
Consumers won’t be repeat customers if their credit card is compromised at a merchant’s store, especially if it is revealed the merchant is not PCI compliant. Now is a good time for merchants to work closely with their payment providers to work through the PCI questionnaire and use payment security software to scan their connected environment.
Whether merchants are PCI compliant or not, they can ensure all their points of payments are fully encrypted. End-to-end encryption is a technical term, which simply means the information being transmitted from one device to another is garbled bits of data that is extremely difficult to un-garble.
Merchants should check with their service providers to make sure any credit card terminals, e-commerce web sites, software applications and, yes, any mobile phones and tablets accepting credit cards are encrypted. Some mobile payment providers have mass-distributed, unencrypted solutions, so not all providers are equal.
With a bit of caution on the part of consumers, and protective measures on the part of merchants, credit card fraud should not keep any of us from having happy holidays.
Greg Hammermaster is president of Sage Payment Solutions, the payments division for Sage North America, where he is responsible for executive management for the company’s credit card processing operations in Virginia and check and ACH processing operations in Florida. His responsibilities also include payments process and data integration with Sage’s business software solutions. He speaks at payments industry conferences, and is currently on the board of Commercial Payments International.