The COVID-19 pandemic has forced many businesses to quickly adopt e-commerce alternatives to brick-and-mortar sales in order to survive (and in some cases find a lucrative new way to do business).

With spikes in online sales, merchants and their customers are also facing mounting fraud risks, from criminals who try to blend in with legitimate online consumers, leading to reported increases in in card testing attacks, buy online/pick up in-store fraud and other scams.

Increased Risks of Online Banking

The online shift has also been accompanied by increased use of mobile banking services, to avoid paying hard cash in face-to-face transactions. A report from J.D. Power points out that 49% of Canadians “rely heavily on online and mobile banking,” and 33% are “digital-only customers who predominantly use mobile or the internet for their banking needs.”

The security risks of this situation are pointed out in a June public service announcement released by the FBI. With the surge in online banking, the law enforcement agency “expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.”

For added security, business owners and consumers should:

  1. Beware of clicking on links in emails and texts supposedly connecting to their banking services. Many fraudsters use legitimate-looking emails and messages to get people to reveal their login details. Financial Institutions do not contact customers via text, phone or email to advise. Should you receive an email, text or call do not provide sensitive information. Contact the institution directly in cases of unsolicited contact.
  2. Use strong passwords (including uppercase and lowercase letters, numbers and symbols where appropriate).
  3. Enable two-factor or multi-factor authentication on devices and accounts.
  4. Use, when possible, biometrics, hardware tokens, or authentication apps for strong two-factor authentication.
  5. Set up multiple types of authentication for accounts, if allowed.
  6. Review Monthly statements for unknown transactions.
  7. Monitor where personal identifiable information is stored and only share essential information with financial institutions.

Other Types of COVID-19 Fraud (Cardholder level Scams)

Some of the other types of coronavirus scams, often preying upon people’s fears connected to the pandemic, include:

Phishing scams

With phishing, online criminals send emails to potential victims, purporting to be from a hospital or government organization. These scams are usually trying to get you to reveal personal information, give the sender money, or download a virus-infected attachment.

Fake Government Websites

Spoofed or faked government websites offering COVID-19 information are designed to look legitimate, including their URLs, to get visitors to give up information, give money or download malware.

Data Scams

With more people doing work-from-home arrangements, hackers are looking to get into company networks through home set-ups that may lack the security precautions of the at-work ones.

Business Email and IT Scams

The economic upheaval caused by the pandemic may make workers more vulnerable to email scams, where a fraudster could spoof a boss’s email address or phone number to get a worker to wire money, transfer funds, send gift card codes, and so on. Or the con artist might pose as a member of IT staff, requesting a password or providing a link to software (malware) to be downloaded.

Supply Scams

With many businesses scrambling to get certain supplies (such as ones for cleaning and disinfecting), con artists are taking advantage by setting up fake sites that mimic the look of well-known online retailers. They’ll take your order, nab your credit card information and then head for the hills.

How does this affect your Merchant Account?

With the increase in above Cardholder fraud activity, Fraudsters will try to use the newly stolen card data to make purchases on your site. Fraudsters target products which may have some resale value.