Review Your Online Security: Large List of Hacked Email Accounts Being Sold Online

Payza Security

The internet can be a dangerous place, so we want to make sure you are protected. Payza takes your security very seriously and we take all the necessary precautions to protect your information and your money, but there are things you can do as well.

A new report came out last week detailing how 21 million Gmail accounts and 5 million Yahoo accounts are being sold online, all for less than $500 USD. It’s a scary reminder of how easily and freely sensitive information like this can flow through the internet.

It’s also a reminder about how important it is to use techniques that will help you protect yourself against these data breaches, even if your information is compromised.

How hackers use your data

When hackers get a hold of usernames and passwords they will often try them on lots of different websites. Hackers know that most people use the same password for all, or most, of the websites they log into.

This is why you should always choose a unique password for your Payza account. If one of your username and password combinations has been compromised, don’t put your Payza account at risk. Keep it safe by using a different password for Payza than you use for other online accounts, especially your email account.

Most of the passwords that were discovered for sale were compromised in breaches from 2016 or earlier. If you haven’t updated your passwords in the last three to six months, it’s a good idea to change them as soon as possible.

This type of security breach is unfortunately becoming more and more common. That is why we recommend updating your passwords regularly.

Payza’s tips on good password practices

At Payza, we’re always looking for ways to keep your data secure. We have procedures in place to protect your information and your money, and we are constantly reviewing and improving our security practices. We do our part, but the most effective way to protect your account is in your hands: using a strong, unique password and updating it regularly.

Here are some tips on how to make sure your account is as secure as possible:

Use a unique password for your most important accounts: Ideally, you should use a unique password for every website you use. We understand that can sometimes be difficult, so we’ve already written about a good password formula that will help you accomplish this.

If you do end up deciding to use the same password for multiple websites, you should still pick a new password for highly sensitive accounts, like your email accounts and e-wallets. This will help protect your accounts if one of the sites you used is ever compromised.

Update your passwords regularly: Hackers can’t use your old passwords against you if you’ve already changed them. Even when a big security breach occurs, it usually takes time for attackers to use the information they’ve collected. By changing your passwords regularly, and always picking new passwords that you’ve never used before, you will make it very hard for attackers to do anything with your information even if they do get their hands on it.

Check if your accounts have been compromised: There are online databases that keep track of security breaches and that can help you discover whether or not your accounts have been hacked. You can use sites like https://hacked-emails.com/, https://www.hacked-db.com/ and https://haveibeenpwned.com/ to check if your account has ever been compromised. If it has, be sure to update your passwords right away!

For more security news and tips from Payza, visit the Online Security section of the Payza Blog.

5 Tips to Help You Be Safe When Shopping Online This Holiday Season

Are you one of the increasing numbers of shoppers who embraces the convenience of making holiday purchases online? If you said yes, you’re part of a rapidly growing sector of consumers. Analysts predict that online retail sales this holiday season will surpass $94 billion this year, a new record.

If you’re like the majority of today’s consumers, making online purchases has become second nature and e-commerce is the new normal. Our collective acceptance of digital retail outlets, however, should not make us so complacent that we overlook the emerging risk of fraud.

A recent article in Forbes surveying 125 retailers found that online fraud attempts are estimated to increase by 43% this year. That’s a big jump. Rather than feeling anxious, these stats should motivate us to look for simple strategies to help minimize risks when shopping online.

With the right advice, it’s easy to shop online safely and benefit from great deals on holiday purchases. Here are 5 safety tips you can start using right away.

Review your transaction history often

Rather than waiting for your monthly statement to arrive, we recommend occasionally reviewing your transaction histories for your credit card, bank account, and Payza account. Make a quick review each week in December and January when your transactions are at their highest. If you wait for your statement to arrive, this high volume makes it more difficult to identify unauthorized purchases.

If you spot a transaction that you don’t remember making, report it immediately to your bank, credit card company, or Payza.

Watch out for phishing emails

Fraudsters know  you are shopping online more than usual during the holidays, which makes keeping track of all the online stores you visit and purchases you make more difficult. Expect more phishing email scams to show up in your inbox as cyber criminals try to take advantage of the holiday rush. Beware of fraudulent emails claiming there is a problem with a recent purchase made at a popular online retailer, or that claims there is a problem with your bank or credit card. Be very suspicious of any email requesting your personal financial information, passwords, and/or usernames for any issue related to payments and online shopping.

For even more information about phishing emails, check out our blog article on how to identify these fraud emails.

Shop on sites you know and trust, read reviews for sites you don’t know

If a deal seems too good to be true, it probably is. There are countless websites claiming to have high-end merchandise for sale at bargain prices. Most online retailers are legitimate businesses, but some aren’t. Play it safe and limit your purchases to retailers you know. If there’s a deal you simply can’t pass up from a site you’ve never heard of, be sure to research the reputation of the retailer before making a purchase. This is especially important for online auction sites where the seller may not be associated with the website – read the reviews and feedback for sellers.

Beware of fake reviews as well. A high number of positive reviews posted over a period of months to years offer the best estimate of trustworthiness for a seller.

Update your anti-virus software and operating system today

Be certain that you have downloaded all recent updates to your anti-virus and operating system. This ensures your computer is protected from known malware, spyware, and spamware bots that lurk behind the scenes at some online retailers and infect online shopping cart payment gateways. Make sure you are using the latest version of your preferred internet browser as well. Browsers are updated regularly to remove software vulnerabilities known to have been exploited by cyber criminals.

Use secure payment methods and check security certificates

Credit cards and online payment options, like your Payza e-wallet, are more secure methods to make purchases online because they have built-in fraud prevention screening tools to help protect your information. These protections may be absent when you make purchases using direct money transfers or personal checks.

Be sure to only make purchases from websites that have encryption technologies that protect your personal information, such as SSL (Secure Sockets Layer) and HTTPS protocols (the “S” means “Secure”). You should see a “lock” icon next to the web address; when you click it, a security certificate should appear for that website; if no security certificate appears, you are likely at a fraudulent website and should navigate away immediately.

Additional resources

Here are even more tips and resources to help you stay safe this holiday season.

Updating Your Business Security Before the Holiday Shopping Season

Back-to-School season is behind us and that means consumers can take a well-deserved break from their shopping duties. Businesses, on the other hand, get no such break. The gap between Labour Day and Thanksgiving is a very important one: it’s the time when online retailers need to take a good hard look at their security practices and make sure they’re up to snuff in time for the demanding holiday shopping season.

Last year, e-commerce sales on Cyber Monday topped $3 billion in the US, marking the busiest online shopping day in American history. Consumers swarm to online stores and marketplaces on the first Monday after Thanksgiving, and if you’re not ready for them you could find yourself being left behind. Whether you run out of stock, your website crashes from too much traffic or, worst of all, you find your business (and your customer base) infiltrated by cybercriminals, if you don’t prepare your web store for the holiday rush this year, you may not be around next year to try again.

In 2016, Cyber Monday falls on November 28th, but every year consumers begin their holiday shopping sooner and sooner. With the amount of money that will be flowing through the e-commerce industry on Cyber Monday, there will be no small amount of hackers trying to take some of it for themselves. The promise of deals and the charm of holiday greetings are often used to disguise malware; many of your visitors could already be infected, so you need to make sure your website is fully prepared to sustain any potential attacks. The quicker you can prepare, the richer you’ll be New Year’s Day, and here’s how you get started:

  • Firewalls: Security experts are always trying to find new vulnerabilities before the hackers do, and each time they get more sophisticated so do the hackers. Regardless of the size of your business, firewalls are only strong if they are up-to-date, so make sure to have the latest rules and updates installed.
  • Patches: To circumvent firewalls, many attacks can happen through legitimate applications installed by your business. Firewalls view these programs as trustworthy, but if the program itself is vulnerable, hackers and malware can get into your network using that hole in your security chain. Before the highly vulnerable shopping season begins, make sure all of your applications are updated with the latest patches from their manufacturers.
  • Traffic: Monitoring the traffic on your website is most important during the busy holiday season. Cybercriminals attempting to make fraudulent transactions are counting on going unnoticed due to the heavy traffic. Make sure you address any red flags in your system right away.
  • Communication: Social media is not just for marketing. Monitor and engage in social media channels and respond through your customer service channels so that you can be the first to know if any shoppers are experiencing any suspicious activity or bugs in your system.
  • Maintenance: Being able to handle a high volume of traffic is not just important to your sales figures – the heavy load can cause some features to malfunction and open up vulnerabilities that hackers can use to launch an attack. It’s vital to have more than enough bandwidth capacity, so go with a web host you trust and opt for enough headroom to run smoothly even if your most extreme sales predictions come true.

Let’s not forget that sales are everything. High-bandwidth capacity isn’t just a security feature; if your website crashes, or even if it takes just a little too long to load, you’re going to lose customers. Running out of stock also means lost sales, so again, it’s better to have too much than too little. The busiest shopping day of the year, Cyber Monday, is your biggest opportunity to gain new customers that will keep coming back for the rest of the year, but only if you can handle the traffic.

And finally, if you skimp out on any our recommendations above and as a result, you experience a security breach, even a minor one, it’s going to do lasting damage to the level of consumer confidence you’ve worked so hard to build. The worst thing you can do before the holiday shopping season is to take security for granted.

KYC: The Key to Business Security

online security business

While the market shifts toward omni-channel commerce and the payments landscape becomes more diverse and less traditional, it has become a challenge for merchants to provide a functional and flexible way to handle transactions. To do so elegantly is key to customer satisfaction, and to do so securely is all the more important. This is where Know Your Customer (KYC) comes in.

The central element of business security is Know Your Customer.  This broad concept was first coined within the financial sector, KYC is now standard practice in a wide range of industries. When identifying the security needs of your business, there is no better place to start than by knowing your customer.

In brief, KYC is the practice of collecting data about your customers for a variety of purposes beneficial to your business. For businesses seeking to add payments functionality for their customers, implementing a company-wide KYC policy could be the determining factor in consumers and business partners choosing you over the competition.

Knowing your customer has three distinct advantages:

  1. Fraudsters lie in wait for a company that doesn’t take KYC seriously. If that turns out to be you, your business could be facilitating fraud, identity theft, money laundering, and terrorist financing without you even knowing it.
  2. Regulatory bodies keep careful watch on payment providers and financial institutions. A KYC-compliant business will have a smoother and more profitable relationship with their payment provider and other business partners.
  3. The data you collect by knowing your customers is an invaluable knowledgebase for understanding your consumer base, developing your products, and marketing around their needs and desires.

One cannot understate the importance of KYC in today’s digital marketplace, especially when you conduct your business online rather than face-to-face. KYC is central to operating a secure and sustainable business and it doubles as a tool to offer a personalized, omni-channel customer experience.

Why Implement KYC

In most jurisdictions, there is a basic level of KYC standards enforced by law. This is most stringent in the financial sector, with banks spending up to 500 million USD per year on KYC.

Because of the benefits of a robust KYC policy, most financial institutions choose to go above and beyond the basic requirements. Simply put, KYC is the most effective security measure there is. The costs associated with a sub-par KYC policy, which allows cybercriminals to conduct illegal activities using your product, service or platform, are much higher than the expenses involved in implementing KYC.

Failing to maintain adequate security controls not only puts you at risk but your business partners, banking partners and all of your law-abiding customers as well. This could result in fines, legal expenses, and long-term reputational damage. The only way to create a sustainable online business is to practice top-of-the-line security right from the beginning and to know every one of your customers at least in terms of their name and place of residence.

How to Implement KYC

There are countless KYC practices that fall under four main categories:

  • Customer Acceptance – Develop clear and explicit criteria for who you do business with and ensure that all of your customers are who they say they are.
  • Customer Identification – Develop procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product.
  • Monitoring – Identify unusual and high-risk transactions, such as large or complex transactions that don’t fit the typical behavior of your customers, and subject them to an extra level of scrutiny.
  • Risk Management – Internal audits and compliance screenings as well as company-wide training programs should be in place to minimize both the frequency of risky activities and the consequences of security breaches.

Knowing your customer is key to operating a successful business and to providing a good experience for everyone you do business. To find out more about best practices in business security, visit the Payza Security Center.

Payza maintains a strict KYC policy above and beyond the basic requirements of customer due diligence and KYC compliance. For businesses seeking to offer the most secure and flexible payments functionality to their customers, visit Payza.com to learn more.

 

KYC fraud prevention customer support

An example of KYC in action at Payza: we use KYC data to prevent fraudsters from accessing your account.

7 Tips to Protect Your Business Against Cyber Criminals

Congratulations, you’ve made an effort and created a strong password for each of your online accounts. Now you can resume your daily routine, free from the worry that your business may be at risk of a cyber-attack.

Not so fast.

Although a strong password minimizes the likelihood of a security breach, it is not the be-all-and-end-all solution. Today’s cyber criminals are looking for various kinds of weaknesses in your organization. They need data, and will do whatever it takes to get it. Everything from credit card numbers, bank account information, Social Security numbers, email addresses, online passwords, and much more.

Unfortunately, small businesses and freelancers often dismiss the possibility that they could be targets of a cyber-attack. The truth is, cyber criminals consider your accounts to be easy targets. Without an information security officer by your side, they know your business is more vulnerable. The same holds true whether you are freelancing as a social media expert, taking online bookings for your next sight-seeing tour, or selling your ceramic coffee cups through your website. According to Symantec’s 2016 Internet Security Threat, 43% of cyber-attacks target small business because of their lack of knowledge and training on security. Just as the internet opens you up to new opportunities in e-commerce and freelancing, it also opens you up to new ways of being defrauded, scammed and robbed.

Don’t panic, though. There are some measures you can take to keep these criminals at bay and protect you, your business, and your customers from attacks.

Here are 7 additional tips to keep your business safe:

1] Make use of security certifications and encryption technologies that help protect sensitive data, and display any accompanying logos signifying that your website is safe. Immediately notify your clientele of any breaches in security. Protecting your clients’ information should be your top priority.

2] Learn as much as you can about how to avoid security risks and make the effort to participate in free webinars and reading online articles from trusted sources.

3] Get a good antivirus software, and keep it updated. IT security organizations like McAfee and AVG have loads of useful tips and tricks.

4] Always update your operating systems and web browsers.

5] Create and maintain internal and customer-facing risk management policies and procedures so your employees know what’s appropriate and what isn’t when working online. Establish clear Internet and social media usage policies as well as rules for using email safely.

6] Familiarize yourself with the contracts you have with your financial institutions and other business partners. Know your liability in case of losses through fraud and other security breaches.

7] As a freelancer, you must also protect yourself outside your home. For those times when you decide to work from a library or café, remember that most public networks tend to be unsafe and risky to use. Protect yourself using a Virtual Private Network (VPN); it will create an encrypted connection that acts like a tunnel between you and an outside server.

By following these tips, you are preventing yourself, your assets and your customers from falling victim to potential threats lurking online. Some of the most important changes a small business or freelancer can make to safeguard against data breaches are relatively simple and require minimal effort. Taking appropriate measures to ensure the trust of your current clientele is as important as making new ones. After all, your business depends on the trust built between you and your customers.

For more tips on securing your e-commerce business, visit the Online Security section of the Payza Blog and follow us on Facebook or Twitter.

Stay Secure and Use a Password for Your Payza Account that is Different From All Other Accounts

We want your account to remain safe.

Using the same, or similar, passwords online puts your account at risk—a risk that is easy to avoid.  

*********

password blog--email same as payzaPreventing security breaches is a top priority at Payza and we need your help to ensure your account remains safe from hackers. Your first line of defense is to use a strong and distinct password for your Payza account.

By distinct, we mean that your password to log in to Payza is different from your passwords for your email, social media, and other online accounts.

A common mistake is to reuse passwords because a security breach at one website can result in many online accounts being accessed by a cybercriminal.

If you reuse a password for your Payza account, please go change it now.

Changing your password is simple; here is how:

  1. Log in to your account.
  2. Click on your name next to your avatar in the top left corner.
  3. Select ‘Password’ and make necessary changes.

email password payza password distinct

Here we provide you with a guide on how to pick a great password and show how you can avoid common security risks by understanding how they occur in the first place. You will find at the end of this post additional resources about online security, scams and fraud.

password blog--no password remember formulaMemorizing complex passwords for all your online accounts is difficult and often frustrating. You can avoid this frustration and make strong passwords that are memorable if you use a strategy or “password formula”.

Consider this formula as an example: take the name of a website and replace letters in the name with a memorable word, and then add a sequence of numbers after a fixed set of letters.

So, “Payza” has two vowel “a”s; we can replace these vowels with a favorite color, say red, which makes the word “Predyzred”; then we can insert numbers after three letters, counting up from a favorite number, say 5. This results in a strong, distinct password generated by an easy to remember formula:

Payza password formula

By remembering the formula, you can figure out your password for any account (e.g., the same formula applied to a Twitter account would produce the password “Twr5edt6tre7dr”).

An added plus is that you can make a simple change to the formula, making it easy to change your passwords on a regular basis–e.g., count up from 6 instead of 5.

Indeed, you should change your passwords about once a month. So for this example, next month’s password for this Payza account will be:

password formula 2

Here are more excellent strategies and simple formulas for choosing strong and memorable passwords:

Invent your own password formula today; it’s fun.

 

Common ways hackers steal passwords and how you can protect yourself

Cybercriminals are very clever at finding ways to breach even the most complex online security systems. Even prominent government offices and corporations with extensive security systems, such as LinkedIn and Target, were recently embroiled in highly publicized security hacks.

At first it may appear that we have little control over these unfortunate security breaches; in fact, we all can take simple precautions to minimize the theft of our private information. Once again, changing your password on a regular basis is a great strategy to stop third parties from accessing your online accounts, especially since you may be unaware that a hacker acquired your user names, email addresses and associated passwords. Know that many hackers collect user names and passwords in order to sell them to other cybercriminals over the course of weeks, months, sometimes years; by changing your password frequently, you can render this hacked information useless before it is sold.  

 The second most important strategy is to remain vigilant when any online entity requests your password, especially when a site offers a reward or incentive.

 

password blog--free likes scamsA quick search on the internet will uncover countless sites that claim to have found “magical computer tricks” that enable anyone to acquire followers on social media or supercharge the search ranking of blog posts and online content–all for free.

Tempted by these rewards, unsuspecting internet users are directed to what looks like an official social media or website login page, where they are required to log in and then receive their reward. These login pages are in fact clone sites that record your user name and password.

 

Online payment platforms, including Payza, have identified similar scams that claim to offer simple computer tricks to instantly add free money to your account. Known as “money adders”, “hacks”, and “loot downloads”, we are certain that all of these sites are scams that never provide anyone with any benefit, especially not free money in their accounts. The take home message here is that you should only provide your Payza account information at our login page located at this web address:

log in address

If an unfamiliar avatar greets you, you know you are at the wrong site.

 

Stay vigilant and tell us about suspicious activity online

If you notice suspicious activity online or suspect an unwanted person has accessed your account, please report the problem to us so we can investigate immediately.

Our Fraud Prevention and Security Departments work hard to protect your account and personal information from cybercriminals. We appreciate your help in using great passwords and doing your part to ensure Payza’s payment gateway remains secure.

 

Additional resources

Want to know if unwanted people have access to your emails? Check if it is just you reading them!

See what popular online scams are circulating on the internet. How many do you recognize?

Read detailed descriptions of how hackers steal passwords and how you can prevent this from happening to you, here and here.

Check out these practical tips for online security written by our peers.

Here are previous posts on our blog and help desk about passwords.

Beware Payza Money Adder Hacks: This Is A Scam

Payza money adder scam

Has any Payza member ever received free money from a hack money adder?

No, definitely not.

Conduct an internet search with terms “payza hack” or “payza money adder” and you will find a plethora of listings; we are not alone: similar “hacks” exist for all major online money transfer businesses. All these sites advertise ways to get free money in your Payza account. It almost seems too good to be true.

Well, it is. Let us explain.

What is a “Money Adder” and “Payza Hack”

They go by a few names, mostly along the lines of Payza Money Adder, or Payza Money Generator, or simply, Payza hack.

Some look primitive in terms of design and promotion; others are very sophisticated with stylish design and branding. Some purported money adders are available as a mobile app, some only work on desktop. Many are associated with promotional videos on Youtube and social media, providing slick demonstrations on how simple and effective this hack is.

Has a Payza hack ever provided money to an account? No, never

Despite these differences, all money adders have one thing in common: they do not actually give you free money.

These money adders share another common trait: They are designed to trick you into providing your Payza Account details so that a fraudster can compromise your account.

We can say with absolute certainty that no one has ever received money in their account from a money adder or similarly purported hack. Our fraud prevention and customer support departments, however, are familiar with the need to freeze accounts that have been accessed by unwanted third parties. Our investigations indicate that third parties gained access to an account after the owner provided their login information to one of these money adder sites.

“FrEE INSTaNT MONEY! SIMPLY GIvE US YOuR PERSoNAL InFO! >:-)”

Embrace the advice from this popular expression: If it sounds too good to be true, it probably is.

We recently discussed Payza Money Adders and Payza Hacks on Quora. For a more detailed explanation of how this scam works, read our answer below.

Please stay vigilant so that, together, we can minimize the risks of online fraud.

Read Payza (official Company Account)'s answer to What is a Payza hack and money adder? Is it safe or a scam? on Quora

Top Security for Your Online Store: Upgrade to Payza’s Tokenized Online Checkout System Today

When it comes to e-Commerce, security is of the utmost importance. Providing a secure website will give your customers confidence to browse products and, most importantly, share their financial details with you to complete a payment. At the same time, you need to feel confident that your site is protected from fraudsters, people who may try to shop on your site using an unauthorized credit card, or who may try to trick your site into creating an order that hasn’t been paid for.

One way to help protect your site from online criminals is to secure your payment button through tokenization. This means adding an extra layer of security to your website’s specific payment button so that payment information can be encrypted before an order is processed. Payza introduced in February 2016 a Tokenized Payment Button for Advanced Integration Payment Buttons available to all of our merchants. Standard Integration Payment Buttons are already tokenized.

We encourage our merchants to upgrade their existing Payza Advanced Integration Payment Buttons to the Tokenized Payment Button option today. Here we provide more information that explains the benefits you will receive by making the upgrade.

What is Payza’s tokenized payment feature and why should your online store have it?

Tokenization is a common security feature in e-commerce used to safeguard private payment information. At its basis, a tokenized payment button converts your existing Advanced Integration Payment Button into an encrypted “token”.

Payza’s tokenization feature provides an extra layer of security for your online store by keeping payment details private and protected from unwanted changes. The token is sent to you through the Payza platform in full security so that third parties cannot alter the HTML code of your website’s payment button.

With this feature, you will still receive your Instant Payment Notification (IPN) so you can review payment details for each sale made on your online store. Instant Payment Notifications let you verify that:

  • the amount paid for a given item was the expected amount;
  • the amount paid was for the correct item;
  • the currency for the payment is correct.

An added benefit is that the tokenized payment system enables online merchants like yourself to use another new feature known as split payments.

How to upgrade to a Tokenized Payment Button

Upgrading your current Payza payment button to our tokenized checkout system requires adding simple lines of code to your website; you can find the code here and here.

The following article on Payza’s web developer site provides a detailed explanation and HTML code for the IPN merchants will receive when using tokenized payment buttons. Setting up your IPN system requires some coding, but is relatively straightforward.

With a small investment in time and effort, we are confident that your online store will benefit significantly from upgrading to our new tokenized checkout and new IPN system. Consider making the change today; you and your customers will be happy you did.

Payza’s Process for Making Sure Crime Doesn’t Get Paid

by John Adams

APR 18, 2014 4:10am ET

The merchant’s website made it seem like an ordinary seller of car washing equipment. But a closer look revealed it was a portal to crime, according to Melissa Andrews.

“After digging deeper and deeper, we found the site was connected to illegal drugs,” says Andrews, a Web security specialist for Payza, an online payments and electronic wallet provider.

Put simply, Andrews surfs the Web for a living, using a wide range of tools to spot well-hidden criminal activity. Her team deploys a mix of analytics, Web tracking technology, keyword detection and behavioral monitoring to vet the company’s users and their Web content. Payza also uses internally developed software and fraud analysis to flag suspicious content.

Despite the technology, the work still requires manual checks of websites, Andrews says.

“It takes a bit of time, and patience, to review content that may not always be the nicest, for lack of a better word,” she says, “but it does help to know that I’m helping to weed out bad players. That’s very rewarding.”

Payza’s risk and fraud group comprises 19 people, though all of the company’s 140 employees are trained to detect and flag fraud or suspicious activities. Payza’s menu of merchant services includes payments technology, processing, currency exchange, dispute resolution and risk management. It integrates with shopping cart programs such as ZenCart, OSCommerce, WHMC and OpenCart.

Web crime has become more complex as more commerce moves online, and a broader range of companies and entrepreneurs take advantage of open development techniques to offer payments directly on their websites, Andrews says.

“The threats are constantly changing,” she says. “There are more people online now using the Web to sell their wares, and with the good comes the bad. You have people who are going to try to circumvent security requirements and sell illegal goods or put unethical content online.”

The fraud risk is also increasing as Payza moves into more markets.  Payza, which is headquartered in London, earlier this spring began offering European Union merchants its gateway and business payment module. These allow businesses to accept MasterCard, Visa and JCB card payments directly into a bank account.

This year, the company began offering U.S. merchants a service that allows them to accept e-commerce card payments into their business bank accounts. Payza is also expanding into Canada, Australia and Brazil, and currently operates in a total of 196 countries.

“The internet is a vast environment, so we see all types of things,” Andrews says. “That’s not to say that it’s all bad, or even a vast majority is. Most of what we review is very legitimate merchants.”

The company’s Web security team also takes part in vetting potential clients. All merchants must submit their website to Payza, which inspects the site for content security and compliance with the local e-commerce laws that Payza’s clients must follow. Once the company is onboarded, Payza can continue to monitor the client’s website and online activity.

“This allows us to mitigate the risks moving ahead,” Andrews says. “There are always going to be ways that crooks try to circumvent protections that are put in place.”

There’s no pattern or universal clue for what makes a “bad” e-commerce merchant, but there are some signs, Andrews says.

“Most of the bad sites will hide the true nature of what they are doing, they may offer a simple product like a way to pay for coffee or shoes or something very normal, but behind the scenes they are selling illegal content or promoting hate or racism,” Andrews says.

Other e-commerce companies are using social networking as part of their merchant vetting. WePay’s Veda, for example, uses information from Facebook, Twitter and Yelp, as well as pattern recognition and cross referencing to vet identity and expedite onboarding.

Andrews says social media can provide clues as to an e-commerce site’s intention.

“The more you know through social media, the more useful information you have, it’s all useful,” Andrews says.

How a cyber cop patrols the underworld of e-commerce

Payza ‘cyber cop’ Melissa Andrews tracks good, bad and ugly websites with the mission of shutting down criminal operations

Melissa Andrews, a resident of Canada, is a cyber security “cop” for Payza, an international e-commerce payment platform operating in [197] countries. Her job, described by the company’s public relations firm as “the worst security job on the Internet,” is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

What drew you to this type of work?

It was a natural progression in my roles within the organization. I’ve always had an interest in the online world, and how websites truly function. After seeing the amount of fraud that happens online, I was intrigued in the number of ways to mitigate it.

What is your background and training?

I have a background in customer service, account management and fraud prevention, and have been working with the Merchant Risk team for about three years. I was lucky to work for a company that saw my potential and was willing to provide the necessary guidance and training.

Did you need special training before you took this job? If so, describe it. Did it prepare you for the reality of the work?

When I initially joined Payza, I received in-depth training on how the company functions, and started in customer service. The Merchant Risk department is cross-trained in CS, Fraud, and Risk, which are vital to understanding how someone might try and take advantage of our system. However, as industries and trends are always evolving it’s important to keep up to date. Having good analytical skills, and a general curious nature is key to mitigating. That said, while it has prepared me for the reality of the job, I am still sometimes surprised at what you can find online. Some other skill sets that prove vital for this role are a good understanding of web technologies and a strong investigative drive.

How long do you think you can continue doing it, and why?

While, the job entails reviewing websites and content online that some many find disturbing, graphic or unethical, it remains rewarding, knowing that we can do our part to investigate, catch and help shut down the illegal ones.

Payza’s has a global operation, and we work closely with various law enforcement organizations in different parts of the world, such as RCMP, FBI, Department of Homeland Security, Interpol etc. So, knowing that I am contributing to weeding out the bad players, and having them prosecuted if necessary, makes it worth it.

Do you really spend your days poring over some of the worst sites on the Internet?

For the most part, the websites that people submit to us for review are general e-commerce websites. However, there are times we have to review websites that make you question who comes up with that kind of stuff. Some websites go against our user agreement, whereas there are others that are very illegal.

Initially some of the websites I came across when I first started did pose a shock, however over time, you do get used to it. It’s obvious that there are a variety of unique websites and ways people use them to make money online.

Describe a typical day.

I wouldn’t say that any day is typical, which is one of the reasons I love this job. I’m never really sure what the day will hold. However, generally speaking my day consists of reviewing websites for both new and existing clients, mitigating our risk exposure by using the numerous tools and processes we have in place such as persistent website monitoring and our proprietary fraud matrix.

What does a job like this do to you emotionally and psychologically?

While it takes a certain type of person to be able to do this job, the truth is your can’t un-see what you saw. There are times when you feel like going home to watch a cartoon to reclaim some innocence.

Have you ever sought therapy to cope with it?

Luckily, it hasn’t come to that. We have a great HR department that is always available if I need them. While there are many terrible things out there, and not just online, I take solace in all the good people I have around me both at work and in my personal life.

Is your job to track down and catch predators, shut down bad sites or more than that?

Our primary goal is to review, monitor, investigate and help mitigate the risk associated with e-commerce. Our objective is to allow legitimate merchants to use our systems, while restricting illegitimate ones from getting in. We have numerous procedures and processes in place that allow us to monitor illegal and unethical use of our brand and services. When these are found, and some are found easier than others, we take the appropriate action on our side, along with advising the necessary governmental agencies.

Without getting too graphic, describe some of the worst sites on the Web. What are they trying to do?

Most bad sites will try and hide the true nature of what they’re doing. They’ll offer a simple product like coffee or shoes, but behind the scenes be selling illegal drugs, or promoting hate, racism, etc. But the ones that bother me the most are any that have pre-adult content. Unfortunately content like that exists and I’m happy to be able to help shut it down.

Do you know how successful you and your colleagues are in achieving your goals?

We’ve seen immediately response to our tips and action within days. Helping to shut down illegal websites, phishing websites, reducing credit card fraud and malware is what I strive for.

What are some of the more interesting stories that have come out of your work – humorous, tragic, revolting or horrific?

I’ve seen all kinds of websites, and I am often surprised with the nature of products or content people choose to sell and or promote online, but there is a market for literally everything online.

One of the more recent was a “client” who sent us a website to review and wasn’t trying to hide the graphic content involving gruesome videos and images related to death.

Another sold access to videos or images that were extremely graphic of people being brutally murdered, attacked, tortured, violated, etc., and also linked to other websites that offered underage pornographic content.

Another example is a website that was “selling” what first appeared to be car-washing liquid, but after digging deeper we found that it was actually the date-rape drug.

In all these cases, the accounts were immediately suspended and the information sent to the appropriate law enforcement.

What specific things give you a sense of pride?

As I’ve said before, once you see something you can’t un-see it. However, you have to take it in stride. I know I do my job and we do our best to make the Internet a safer place.

How many people like you would it take to solve, or at least address, the problems you are addressing?

I belong to a team of dedicated staff that help me on a daily basis. While my job is unique and requires that I look at not the nicest things, I am pretty sure the websites we locate and report are only a portion of what is out there, as the internet is a vast environment.

Anything I’m missing that you think is significant?

Fortunately, even after a website has been on boarded to the Payza platform, Payza continues to monitor websites via a variety of methods which include secret shoppers, customer quality assurance calls, key word detections, and persistent website monitoring, etc.

We have seen cases where a website that was approached last month for something very mainstream became something illegal the month after. This is something we have to be vigilant for. We need to make sure we keep up with the ever-evolving methods that the criminals use.