At Payza, security for our members is very important. One of our top priorities is to keep your Payza account safe and completely protected. We have our unique Payza Avatars that protect against so-called “Man-in-the-browser” attacks and to protect against hacking we provide different security levels for our customers to choose from. To ensure the best security against threats such as phishing and hacking we regularly update our security settings.
We are proud to announce that our advanced security options have become even more robust – you now have even more security levels to choose from.
These enhanced security features give you as a Payza member three additional advanced security levels to choose from to help protect your Payza account. If these settings are more protection than you need, you can always stick with Payza’s standard security setting.
Here’s a look at how each of the different security levels work to help protect your account.
Payza Advanced Security Levels Explained
Payza Advanced Security includes a Payza Avatar and three different security levels. When you create your Payza Avatar, you will be asked to choose an Advanced Security level. If you would like to keep the standard security setting, you will not need to create a Payza Avatar.
When setting up your advanced security you must first select your Payza Avatar and then choose one of these three advanced security levels:
- Level 1: Suspicious Login Alerts. You will receive an email alert that informs you when your account was accessed from an unrecognized device. In this email alert, you will find details such as date, time, and place of login. Note that if you already have a Payza Avatar, this will be your default Advanced Security setting.
- Level 2: Receive Authentication Code. Upon logins from unrecognized devices, you will receive a one-time use authentication code sent to your email. This code will be valid for 15 minutes. You will need to enter this code to log in to your Payza account.
- Level 3: 2-Factor Authentication. This security level sends a code to a paired smart device such as a smartphone or connected tablet. To access your Payza account you will need to enter this code along with your username and password. You must have your paired smart device with you whenever you log in to Payza.
Setting Up 2-Factor Authentication
To set up 2-Factor Authentication, the highest security setting Payza provides, you must use the Google Authenticator (GA) app. Access the advanced security settings within your Payza account to get started.
Here are the steps for setting up 2-Factor Authentication:
- In your Payza account, click on your name in the top left portion of the screen then select Advanced Security Settings.
- Select “Level 3: 2-Factor Authentication” and click “Set Up Two-Factor Authentication”. Instructions will appear on screen to help you complete the following steps. After completing this step, you will be presented with the following window:
- Install the Google Authenticator (GA) app on your mobile phone or tablet.
- Scan the QR code you received after completing step 2 to pair your Payza account with the GA app. This QR code can be scanned though your mobile device or you can enter the code manually.
- Upon completing step 4, you will receive a verification code in the GA app. In your Payza account enter the code where it says “Verification Code” in the Two-Factor Authentication Setup window. This step will synchronize your smart device with our system.
From now on whenever you try to log in to your Payza account, you will receive a code from the GA app. Simply enter this code in the login screen along with your username and password to access your account
If you need any further help or if you have any questions concerning Payza’s updated advanced security settings, feel free to contact our customer support from your account or via the Payza Support Page. For more information and to stay up to date with the latest Payza news, be sure to subscribe to the Payza Blog and follow us on Facebook and Twitter.
The internet can be a dangerous place, so we want to make sure you are protected. Payza takes your security very seriously and we take all the necessary precautions to protect your information and your money, but there are things you can do as well.
A new report came out last week detailing how 21 million Gmail accounts and 5 million Yahoo accounts are being sold online, all for less than $500 USD. It’s a scary reminder of how easily and freely sensitive information like this can flow through the internet.
It’s also a reminder about how important it is to use techniques that will help you protect yourself against these data breaches, even if your information is compromised.
How hackers use your data
When hackers get a hold of usernames and passwords they will often try them on lots of different websites. Hackers know that most people use the same password for all, or most, of the websites they log into.
This is why you should always choose a unique password for your Payza account. If one of your username and password combinations has been compromised, don’t put your Payza account at risk. Keep it safe by using a different password for Payza than you use for other online accounts, especially your email account.
Most of the passwords that were discovered for sale were compromised in breaches from 2016 or earlier. If you haven’t updated your passwords in the last three to six months, it’s a good idea to change them as soon as possible.
This type of security breach is unfortunately becoming more and more common. That is why we recommend updating your passwords regularly.
Payza’s tips on good password practices
At Payza, we’re always looking for ways to keep your data secure. We have procedures in place to protect your information and your money, and we are constantly reviewing and improving our security practices. We do our part, but the most effective way to protect your account is in your hands: using a strong, unique password and updating it regularly.
Here are some tips on how to make sure your account is as secure as possible:
Use a unique password for your most important accounts: Ideally, you should use a unique password for every website you use. We understand that can sometimes be difficult, so we’ve already written about a good password formula that will help you accomplish this.
If you do end up deciding to use the same password for multiple websites, you should still pick a new password for highly sensitive accounts, like your email accounts and e-wallets. This will help protect your accounts if one of the sites you used is ever compromised.
Update your passwords regularly: Hackers can’t use your old passwords against you if you’ve already changed them. Even when a big security breach occurs, it usually takes time for attackers to use the information they’ve collected. By changing your passwords regularly, and always picking new passwords that you’ve never used before, you will make it very hard for attackers to do anything with your information even if they do get their hands on it.
Check if your accounts have been compromised: There are online databases that keep track of security breaches and that can help you discover whether or not your accounts have been hacked. You can use sites like https://hacked-emails.com/, https://www.hacked-db.com/ and https://haveibeenpwned.com/ to check if your account has ever been compromised. If it has, be sure to update your passwords right away!
For more security news and tips from Payza, visit the Online Security section of the Payza Blog.
Are you one of the increasing numbers of shoppers who embraces the convenience of making holiday purchases online? If you said yes, you’re part of a rapidly growing sector of consumers. Analysts predict that online retail sales this holiday season will surpass $94 billion this year, a new record.
If you’re like the majority of today’s consumers, making online purchases has become second nature and e-commerce is the new normal. Our collective acceptance of digital retail outlets, however, should not make us so complacent that we overlook the emerging risk of fraud.
A recent article in Forbes surveying 125 retailers found that online fraud attempts are estimated to increase by 43% this year. That’s a big jump. Rather than feeling anxious, these stats should motivate us to look for simple strategies to help minimize risks when shopping online.
With the right advice, it’s easy to shop online safely and benefit from great deals on holiday purchases. Here are 5 safety tips you can start using right away.
Review your transaction history often
Rather than waiting for your monthly statement to arrive, we recommend occasionally reviewing your transaction histories for your credit card, bank account, and Payza account. Make a quick review each week in December and January when your transactions are at their highest. If you wait for your statement to arrive, this high volume makes it more difficult to identify unauthorized purchases.
If you spot a transaction that you don’t remember making, report it immediately to your bank, credit card company, or Payza.
Watch out for phishing emails
Fraudsters know you are shopping online more than usual during the holidays, which makes keeping track of all the online stores you visit and purchases you make more difficult. Expect more phishing email scams to show up in your inbox as cyber criminals try to take advantage of the holiday rush. Beware of fraudulent emails claiming there is a problem with a recent purchase made at a popular online retailer, or that claims there is a problem with your bank or credit card. Be very suspicious of any email requesting your personal financial information, passwords, and/or usernames for any issue related to payments and online shopping.
For even more information about phishing emails, check out our blog article on how to identify these fraud emails.
Shop on sites you know and trust, read reviews for sites you don’t know
If a deal seems too good to be true, it probably is. There are countless websites claiming to have high-end merchandise for sale at bargain prices. Most online retailers are legitimate businesses, but some aren’t. Play it safe and limit your purchases to retailers you know. If there’s a deal you simply can’t pass up from a site you’ve never heard of, be sure to research the reputation of the retailer before making a purchase. This is especially important for online auction sites where the seller may not be associated with the website – read the reviews and feedback for sellers.
Beware of fake reviews as well. A high number of positive reviews posted over a period of months to years offer the best estimate of trustworthiness for a seller.
Update your anti-virus software and operating system today
Be certain that you have downloaded all recent updates to your anti-virus and operating system. This ensures your computer is protected from known malware, spyware, and spamware bots that lurk behind the scenes at some online retailers and infect online shopping cart payment gateways. Make sure you are using the latest version of your preferred internet browser as well. Browsers are updated regularly to remove software vulnerabilities known to have been exploited by cyber criminals.
Use secure payment methods and check security certificates
Credit cards and online payment options, like your Payza e-wallet, are more secure methods to make purchases online because they have built-in fraud prevention screening tools to help protect your information. These protections may be absent when you make purchases using direct money transfers or personal checks.
Be sure to only make purchases from websites that have encryption technologies that protect your personal information, such as SSL (Secure Sockets Layer) and HTTPS protocols (the “S” means “Secure”). You should see a “lock” icon next to the web address; when you click it, a security certificate should appear for that website; if no security certificate appears, you are likely at a fraudulent website and should navigate away immediately.
Here are even more tips and resources to help you stay safe this holiday season.
- More helpful tips for safe online shopping from the Royal Canadian Mounted Police.
- Overview of risks for online shopping and online auction websites published by the Government of Canada.
Back-to-School season is behind us and that means consumers can take a well-deserved break from their shopping duties. Businesses, on the other hand, get no such break. The gap between Labour Day and Thanksgiving is a very important one: it’s the time when online retailers need to take a good hard look at their security practices and make sure they’re up to snuff in time for the demanding holiday shopping season.
Last year, e-commerce sales on Cyber Monday topped $3 billion in the US, marking the busiest online shopping day in American history. Consumers swarm to online stores and marketplaces on the first Monday after Thanksgiving, and if you’re not ready for them you could find yourself being left behind. Whether you run out of stock, your website crashes from too much traffic or, worst of all, you find your business (and your customer base) infiltrated by cybercriminals, if you don’t prepare your web store for the holiday rush this year, you may not be around next year to try again.
In 2016, Cyber Monday falls on November 28th, but every year consumers begin their holiday shopping sooner and sooner. With the amount of money that will be flowing through the e-commerce industry on Cyber Monday, there will be no small amount of hackers trying to take some of it for themselves. The promise of deals and the charm of holiday greetings are often used to disguise malware; many of your visitors could already be infected, so you need to make sure your website is fully prepared to sustain any potential attacks. The quicker you can prepare, the richer you’ll be New Year’s Day, and here’s how you get started:
- Firewalls: Security experts are always trying to find new vulnerabilities before the hackers do, and each time they get more sophisticated so do the hackers. Regardless of the size of your business, firewalls are only strong if they are up-to-date, so make sure to have the latest rules and updates installed.
- Patches: To circumvent firewalls, many attacks can happen through legitimate applications installed by your business. Firewalls view these programs as trustworthy, but if the program itself is vulnerable, hackers and malware can get into your network using that hole in your security chain. Before the highly vulnerable shopping season begins, make sure all of your applications are updated with the latest patches from their manufacturers.
- Traffic: Monitoring the traffic on your website is most important during the busy holiday season. Cybercriminals attempting to make fraudulent transactions are counting on going unnoticed due to the heavy traffic. Make sure you address any red flags in your system right away.
- Communication: Social media is not just for marketing. Monitor and engage in social media channels and respond through your customer service channels so that you can be the first to know if any shoppers are experiencing any suspicious activity or bugs in your system.
- Maintenance: Being able to handle a high volume of traffic is not just important to your sales figures – the heavy load can cause some features to malfunction and open up vulnerabilities that hackers can use to launch an attack. It’s vital to have more than enough bandwidth capacity, so go with a web host you trust and opt for enough headroom to run smoothly even if your most extreme sales predictions come true.
Let’s not forget that sales are everything. High-bandwidth capacity isn’t just a security feature; if your website crashes, or even if it takes just a little too long to load, you’re going to lose customers. Running out of stock also means lost sales, so again, it’s better to have too much than too little. The busiest shopping day of the year, Cyber Monday, is your biggest opportunity to gain new customers that will keep coming back for the rest of the year, but only if you can handle the traffic.
And finally, if you skimp out on any our recommendations above and as a result, you experience a security breach, even a minor one, it’s going to do lasting damage to the level of consumer confidence you’ve worked so hard to build. The worst thing you can do before the holiday shopping season is to take security for granted.
While the market shifts toward omni-channel commerce and the payments landscape becomes more diverse and less traditional, it has become a challenge for merchants to provide a functional and flexible way to handle transactions. To do so elegantly is key to customer satisfaction, and to do so securely is all the more important. This is where Know Your Customer (KYC) comes in.
The central element of business security is Know Your Customer. This broad concept was first coined within the financial sector, KYC is now standard practice in a wide range of industries. When identifying the security needs of your business, there is no better place to start than by knowing your customer.
In brief, KYC is the practice of collecting data about your customers for a variety of purposes beneficial to your business. For businesses seeking to add payments functionality for their customers, implementing a company-wide KYC policy could be the determining factor in consumers and business partners choosing you over the competition.
Knowing your customer has three distinct advantages:
- Fraudsters lie in wait for a company that doesn’t take KYC seriously. If that turns out to be you, your business could be facilitating fraud, identity theft, money laundering, and terrorist financing without you even knowing it.
- Regulatory bodies keep careful watch on payment providers and financial institutions. A KYC-compliant business will have a smoother and more profitable relationship with their payment provider and other business partners.
- The data you collect by knowing your customers is an invaluable knowledgebase for understanding your consumer base, developing your products, and marketing around their needs and desires.
One cannot understate the importance of KYC in today’s digital marketplace, especially when you conduct your business online rather than face-to-face. KYC is central to operating a secure and sustainable business and it doubles as a tool to offer a personalized, omni-channel customer experience.
Why Implement KYC
In most jurisdictions, there is a basic level of KYC standards enforced by law. This is most stringent in the financial sector, with banks spending up to 500 million USD per year on KYC.
Because of the benefits of a robust KYC policy, most financial institutions choose to go above and beyond the basic requirements. Simply put, KYC is the most effective security measure there is. The costs associated with a sub-par KYC policy, which allows cybercriminals to conduct illegal activities using your product, service or platform, are much higher than the expenses involved in implementing KYC.
Failing to maintain adequate security controls not only puts you at risk but your business partners, banking partners and all of your law-abiding customers as well. This could result in fines, legal expenses, and long-term reputational damage. The only way to create a sustainable online business is to practice top-of-the-line security right from the beginning and to know every one of your customers at least in terms of their name and place of residence.
How to Implement KYC
There are countless KYC practices that fall under four main categories:
- Customer Acceptance – Develop clear and explicit criteria for who you do business with and ensure that all of your customers are who they say they are.
- Customer Identification – Develop procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product.
- Monitoring – Identify unusual and high-risk transactions, such as large or complex transactions that don’t fit the typical behavior of your customers, and subject them to an extra level of scrutiny.
- Risk Management – Internal audits and compliance screenings as well as company-wide training programs should be in place to minimize both the frequency of risky activities and the consequences of security breaches.
Knowing your customer is key to operating a successful business and to providing a good experience for everyone you do business. To find out more about best practices in business security, visit the Payza Security Center.
Payza maintains a strict KYC policy above and beyond the basic requirements of customer due diligence and KYC compliance. For businesses seeking to offer the most secure and flexible payments functionality to their customers, visit Payza.com to learn more.
Congratulations, you’ve made an effort and created a strong password for each of your online accounts. Now you can resume your daily routine, free from the worry that your business may be at risk of a cyber-attack.
Not so fast.
Although a strong password minimizes the likelihood of a security breach, it is not the be-all-and-end-all solution. Today’s cyber criminals are looking for various kinds of weaknesses in your organization. They need data, and will do whatever it takes to get it. Everything from credit card numbers, bank account information, Social Security numbers, email addresses, online passwords, and much more.
Unfortunately, small businesses and freelancers often dismiss the possibility that they could be targets of a cyber-attack. The truth is, cyber criminals consider your accounts to be easy targets. Without an information security officer by your side, they know your business is more vulnerable. The same holds true whether you are freelancing as a social media expert, taking online bookings for your next sight-seeing tour, or selling your ceramic coffee cups through your website. According to Symantec’s 2016 Internet Security Threat, 43% of cyber-attacks target small business because of their lack of knowledge and training on security. Just as the internet opens you up to new opportunities in e-commerce and freelancing, it also opens you up to new ways of being defrauded, scammed and robbed.
Don’t panic, though. There are some measures you can take to keep these criminals at bay and protect you, your business, and your customers from attacks.
Here are 7 additional tips to keep your business safe:
1] Make use of security certifications and encryption technologies that help protect sensitive data, and display any accompanying logos signifying that your website is safe. Immediately notify your clientele of any breaches in security. Protecting your clients’ information should be your top priority.
2] Learn as much as you can about how to avoid security risks and make the effort to participate in free webinars and reading online articles from trusted sources.
4] Always update your operating systems and web browsers.
5] Create and maintain internal and customer-facing risk management policies and procedures so your employees know what’s appropriate and what isn’t when working online. Establish clear Internet and social media usage policies as well as rules for using email safely.
6] Familiarize yourself with the contracts you have with your financial institutions and other business partners. Know your liability in case of losses through fraud and other security breaches.
7] As a freelancer, you must also protect yourself outside your home. For those times when you decide to work from a library or café, remember that most public networks tend to be unsafe and risky to use. Protect yourself using a Virtual Private Network (VPN); it will create an encrypted connection that acts like a tunnel between you and an outside server.
By following these tips, you are preventing yourself, your assets and your customers from falling victim to potential threats lurking online. Some of the most important changes a small business or freelancer can make to safeguard against data breaches are relatively simple and require minimal effort. Taking appropriate measures to ensure the trust of your current clientele is as important as making new ones. After all, your business depends on the trust built between you and your customers.
We want your account to remain safe.
Using the same, or similar, passwords online puts your account at risk—a risk that is easy to avoid.
Preventing security breaches is a top priority at Payza and we need your help to ensure your account remains safe from hackers. Your first line of defense is to use a strong and distinct password for your Payza account.
By distinct, we mean that your password to log in to Payza is different from your passwords for your email, social media, and other online accounts.
A common mistake is to reuse passwords because a security breach at one website can result in many online accounts being accessed by a cybercriminal.
If you reuse a password for your Payza account, please go change it now.
Changing your password is simple; here is how:
- Log in to your account.
- Click on your name next to your avatar in the top left corner.
- Select ‘Password’ and make necessary changes.
Here we provide you with a guide on how to pick a great password and show how you can avoid common security risks by understanding how they occur in the first place. You will find at the end of this post additional resources about online security, scams and fraud.
Memorizing complex passwords for all your online accounts is difficult and often frustrating. You can avoid this frustration and make strong passwords that are memorable if you use a strategy or “password formula”.
Consider this formula as an example: take the name of a website and replace letters in the name with a memorable word, and then add a sequence of numbers after a fixed set of letters.
So, “Payza” has two vowel “a”s; we can replace these vowels with a favorite color, say red, which makes the word “Predyzred”; then we can insert numbers after three letters, counting up from a favorite number, say 5. This results in a strong, distinct password generated by an easy to remember formula:
By remembering the formula, you can figure out your password for any account (e.g., the same formula applied to a Twitter account would produce the password “Twr5edt6tre7dr”).
An added plus is that you can make a simple change to the formula, making it easy to change your passwords on a regular basis–e.g., count up from 6 instead of 5.
Indeed, you should change your passwords about once a month. So for this example, next month’s password for this Payza account will be:
Here are more excellent strategies and simple formulas for choosing strong and memorable passwords:
Invent your own password formula today; it’s fun.
Common ways hackers steal passwords and how you can protect yourself
Cybercriminals are very clever at finding ways to breach even the most complex online security systems. Even prominent government offices and corporations with extensive security systems, such as LinkedIn and Target, were recently embroiled in highly publicized security hacks.
At first it may appear that we have little control over these unfortunate security breaches; in fact, we all can take simple precautions to minimize the theft of our private information. Once again, changing your password on a regular basis is a great strategy to stop third parties from accessing your online accounts, especially since you may be unaware that a hacker acquired your user names, email addresses and associated passwords. Know that many hackers collect user names and passwords in order to sell them to other cybercriminals over the course of weeks, months, sometimes years; by changing your password frequently, you can render this hacked information useless before it is sold.
The second most important strategy is to remain vigilant when any online entity requests your password, especially when a site offers a reward or incentive.
A quick search on the internet will uncover countless sites that claim to have found “magical computer tricks” that enable anyone to acquire followers on social media or supercharge the search ranking of blog posts and online content–all for free.
Tempted by these rewards, unsuspecting internet users are directed to what looks like an official social media or website login page, where they are required to log in and then receive their reward. These login pages are in fact clone sites that record your user name and password.
Online payment platforms, including Payza, have identified similar scams that claim to offer simple computer tricks to instantly add free money to your account. Known as “money adders”, “hacks”, and “loot downloads”, we are certain that all of these sites are scams that never provide anyone with any benefit, especially not free money in their accounts. The take home message here is that you should only provide your Payza account information at our login page located at this web address:
If an unfamiliar avatar greets you, you know you are at the wrong site.
Stay vigilant and tell us about suspicious activity online
If you notice suspicious activity online or suspect an unwanted person has accessed your account, please report the problem to us so we can investigate immediately.
Our Fraud Prevention and Security Departments work hard to protect your account and personal information from cybercriminals. We appreciate your help in using great passwords and doing your part to ensure Payza’s payment gateway remains secure.
Want to know if unwanted people have access to your emails? Check if it is just you reading them!
See what popular online scams are circulating on the internet. How many do you recognize?
Check out these practical tips for online security written by our peers.
Has any Payza member ever received free money from a hack money adder?
No, definitely not.
Conduct an internet search with terms “payza hack” or “payza money adder” and you will find a plethora of listings; we are not alone: similar “hacks” exist for all major online money transfer businesses. All these sites advertise ways to get free money in your Payza account. It almost seems too good to be true.
Well, it is. Let us explain.
What is a “Money Adder” and “Payza Hack”
They go by a few names, mostly along the lines of Payza Money Adder, or Payza Money Generator, or simply, Payza hack.
Some look primitive in terms of design and promotion; others are very sophisticated with stylish design and branding. Some purported money adders are available as a mobile app, some only work on desktop. Many are associated with promotional videos on Youtube and social media, providing slick demonstrations on how simple and effective this hack is.
Has a Payza hack ever provided money to an account? No, never
Despite these differences, all money adders have one thing in common: they do not actually give you free money.
These money adders share another common trait: They are designed to trick you into providing your Payza Account details so that a fraudster can compromise your account.
We can say with absolute certainty that no one has ever received money in their account from a money adder or similarly purported hack. Our fraud prevention and customer support departments, however, are familiar with the need to freeze accounts that have been accessed by unwanted third parties. Our investigations indicate that third parties gained access to an account after the owner provided their login information to one of these money adder sites.
“FrEE INSTaNT MONEY! SIMPLY GIvE US YOuR PERSoNAL InFO! >:-)”
Embrace the advice from this popular expression: If it sounds too good to be true, it probably is.
We recently discussed Payza Money Adders and Payza Hacks on Quora. For a more detailed explanation of how this scam works, read our answer below.
Please stay vigilant so that, together, we can minimize the risks of online fraud.
When it comes to e-Commerce, security is of the utmost importance. Providing a secure website will give your customers confidence to browse products and, most importantly, share their financial details with you to complete a payment. At the same time, you need to feel confident that your site is protected from fraudsters, people who may try to shop on your site using an unauthorized credit card, or who may try to trick your site into creating an order that hasn’t been paid for.
One way to help protect your site from online criminals is to secure your payment button through tokenization. This means adding an extra layer of security to your website’s specific payment button so that payment information can be encrypted before an order is processed. Payza introduced in February 2016 a Tokenized Payment Button for Advanced Integration Payment Buttons available to all of our merchants. Standard Integration Payment Buttons are already tokenized.
We encourage our merchants to upgrade their existing Payza Advanced Integration Payment Buttons to the Tokenized Payment Button option today. Here we provide more information that explains the benefits you will receive by making the upgrade.
What is Payza’s tokenized payment feature and why should your online store have it?
Tokenization is a common security feature in e-commerce used to safeguard private payment information. At its basis, a tokenized payment button converts your existing Advanced Integration Payment Button into an encrypted “token”.
Payza’s tokenization feature provides an extra layer of security for your online store by keeping payment details private and protected from unwanted changes. The token is sent to you through the Payza platform in full security so that third parties cannot alter the HTML code of your website’s payment button.
With this feature, you will still receive your Instant Payment Notification (IPN) so you can review payment details for each sale made on your online store. Instant Payment Notifications let you verify that:
- the amount paid for a given item was the expected amount;
- the amount paid was for the correct item;
- the currency for the payment is correct.
An added benefit is that the tokenized payment system enables online merchants like yourself to use another new feature known as split payments.
How to upgrade to a Tokenized Payment Button
The following article on Payza’s web developer site provides a detailed explanation and HTML code for the IPN merchants will receive when using tokenized payment buttons. Setting up your IPN system requires some coding, but is relatively straightforward.
With a small investment in time and effort, we are confident that your online store will benefit significantly from upgrading to our new tokenized checkout and new IPN system. Consider making the change today; you and your customers will be happy you did.
by John Adams
APR 18, 2014 4:10am ET
The merchant’s website made it seem like an ordinary seller of car washing equipment. But a closer look revealed it was a portal to crime, according to Melissa Andrews.
“After digging deeper and deeper, we found the site was connected to illegal drugs,” says Andrews, a Web security specialist for Payza, an online payments and electronic wallet provider.
Put simply, Andrews surfs the Web for a living, using a wide range of tools to spot well-hidden criminal activity. Her team deploys a mix of analytics, Web tracking technology, keyword detection and behavioral monitoring to vet the company’s users and their Web content. Payza also uses internally developed software and fraud analysis to flag suspicious content.
Despite the technology, the work still requires manual checks of websites, Andrews says.
“It takes a bit of time, and patience, to review content that may not always be the nicest, for lack of a better word,” she says, “but it does help to know that I’m helping to weed out bad players. That’s very rewarding.”
Payza’s risk and fraud group comprises 19 people, though all of the company’s 140 employees are trained to detect and flag fraud or suspicious activities. Payza’s menu of merchant services includes payments technology, processing, currency exchange, dispute resolution and risk management. It integrates with shopping cart programs such as ZenCart, OSCommerce, WHMC and OpenCart.
Web crime has become more complex as more commerce moves online, and a broader range of companies and entrepreneurs take advantage of open development techniques to offer payments directly on their websites, Andrews says.
“The threats are constantly changing,” she says. “There are more people online now using the Web to sell their wares, and with the good comes the bad. You have people who are going to try to circumvent security requirements and sell illegal goods or put unethical content online.”
The fraud risk is also increasing as Payza moves into more markets. Payza, which is headquartered in London, earlier this spring began offering European Union merchants its gateway and business payment module. These allow businesses to accept MasterCard, Visa and JCB card payments directly into a bank account.
This year, the company began offering U.S. merchants a service that allows them to accept e-commerce card payments into their business bank accounts. Payza is also expanding into Canada, Australia and Brazil, and currently operates in a total of 196 countries.
“The internet is a vast environment, so we see all types of things,” Andrews says. “That’s not to say that it’s all bad, or even a vast majority is. Most of what we review is very legitimate merchants.”
The company’s Web security team also takes part in vetting potential clients. All merchants must submit their website to Payza, which inspects the site for content security and compliance with the local e-commerce laws that Payza’s clients must follow. Once the company is onboarded, Payza can continue to monitor the client’s website and online activity.
“This allows us to mitigate the risks moving ahead,” Andrews says. “There are always going to be ways that crooks try to circumvent protections that are put in place.”
There’s no pattern or universal clue for what makes a “bad” e-commerce merchant, but there are some signs, Andrews says.
“Most of the bad sites will hide the true nature of what they are doing, they may offer a simple product like a way to pay for coffee or shoes or something very normal, but behind the scenes they are selling illegal content or promoting hate or racism,” Andrews says.
Other e-commerce companies are using social networking as part of their merchant vetting. WePay’s Veda, for example, uses information from Facebook, Twitter and Yelp, as well as pattern recognition and cross referencing to vet identity and expedite onboarding.
Andrews says social media can provide clues as to an e-commerce site’s intention.
“The more you know through social media, the more useful information you have, it’s all useful,” Andrews says.