Why electronic payments get attacked?

While fast and convenient, electronic payments are a risky matter if not secured properly.

As we’ve written earlier, a large – and ever-increasing – portion of payments are conducted electronically these days. It’s hard to imagine a legit business paying in cash, with film noire-style briefcases fully laden with money packs changing hands. It’s all about electronic payments now, conducted via the Web.

While fast and convenient, such payments are a risky matter if not secured properly. And in this regard, smaller businesses appear to be the target of choice for criminals.

To see, why this is happening, some explanations are necessary.

 “Criminal” first, “cyber-” second

Cybercriminals today are “criminals” first, “cyber-” second: they are mostly interested in a fast and easy profit, not the thoughtful, thorough operations of Arsene Lupin’s style and brilliance. Hi-tech crime became less “hi” and less intellectual with the multitude of tools to steal money and data available on underground forums and markets for unremarkable prices. Their effort-to-profit rates are very lucrative.

An “offline” pickpocket needs to have at least a good level of stealth and agility for his “job”, a safe-cracker needs a lot of skill as well. Both of them need to be able to run fast. A “cybercriminal” needs neither – just some knowledge of where to get a “tool” and how to use it and get away without a fuss.

Easier to get away

It doesn’t mean, however, that these thieves and robbers should be disregarded as posing no threat. Electronic payments often become targets because stealing them is easy to do and get away with, leaving no trace. It’s easier than robbing a person in a back alley and making off with the loot. Otherwise, there’s little difference.

The “digital lockpicks” they use are programmed to be very effective, and if your business isn’t protected from attacks directed at your bank account, the amount of damage is only limited to the robbers’ mercy, which they are unlikely to appear.

Too expensive to protect yourselves?

It’s also unlikely that they’ll be interested in whether your business is large or small. The belief that “we are too small to be of interest to criminals” doesn’t work since cybercriminals are well aware that small businesses are “softer” targets. They sometimes prefer saving on extra protection for their payments either because they expect banks to provide “absolute” protection (which isn’t the case), or they consider payment protection systems surplus or too expensive for them. This is wrong, too.

How to protect the payment transaction? First, it’s necessary to make sure your PC is connected to your bank or payment service’s site, not some imitation, and that there’s no one “eavesdropping” – i.e. there’s no way to intercept your login, password, and one-time password sent from the bank to your mobile device. These are the standard threats that need warding off.

That’s exactly what Kaspersky Lab’s Safe Money (shipped along with Kaspersky Small Office Security suite or as a separate product) does: it checks authenticity of the financial organization’s website, and establishes a secure communication, preventing any kind of attack.

That’s it: your money is safe. And thieves draw a blank.