This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters.

“It’s encouraging to see that small business owners are taking steps to protect their business, but fraud protection should be a high priority and it pays to be vigilant. Given the influx of new digital technologies and operational tools available for small business owners, it’s increasingly important to learn about the latest trends and techniques used by criminals, and to be more diligent in defending against fraud.”

Graziano, along with TD bank’s director of corporate security and investigations, Robert Dunlop, offered some advice to small businesses about protecting their systems and customers from evolving fraud attacks, including:

Manage finances with secure online banking:

Closely monitoring all account activity payments and financial transfers in real time with automated fraud preventative tools helps businesses quickly identify any discrepancies and provides audit trails for all online transactions.

Protect computer systems and practice online awareness:

In Dunlop’s terms, “Being complacent about cyber protection can lead to the compromise of critical information and detrimental consequences for a business.” That about says it all.

Safely handle highly sensitive documents:

Properly storing and disposing sensitive hardcopy documents such as financial statements, credit card information and social security numbers is critical to reducing the risks of confidential data landing in the wrong hands.

Incorporate appropriate checks and balances:

A strong internal review and assessment process shows customers how serious you are about fraud and preventing criminals from perpetrating deceptive acts against your business and customers.

As small and medium-sized businesses (SMBs) struggle to make progress in stopping payments fraud, organizations of all sizes should evaluate their fraud prevention needs and prioritize accordingly. Businesses operating without proactive fraud preventative tools that effectively detect and stop new forms of financial fraud will continue to fall victim to scams that costs them thousands to millions in profits and cause irreversible damage to their corporate brands.

In the article, “Independent Study Reveals Corporate Account Takeover Fraud Continues to Plague SMBs and Banks,” the 2011 Business Banking Trust Study found that SMBs have struggled to make progress in stopping payments fraud as 56% of businesses said they had experienced fraud within the last 12 months. While 61% said they were victimized more than once over that period, 75% of businesses participating in the study said they experienced online account takeover and/or online fraud.

With mobile banking growth rates on the rise, these findings are alarming to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which commissioned the study. With 38% of respondents saying they access their company’s banking accounts from mobile devices such as smartphones and tablet PCs compared to 23% in 2010, Ponemon doesn’t anticipate things turning around for SMBs anytime soon..

“As online and mobile banking adoption continues to grow, the possibility for more fraud and more lost customers escalates. Endpoint security will be challenged to keep up with the growing number of devices and threats, and banks are in the best position to take the lead on proactively protecting all account holders from the wide variety of threats.”

It’s these types of findings that underscore the need for businesses to be proactive and implement fraud preventative strategies that stop new forms of financial fraud that costs businesses millions in profits each year. To protect systems from new and emerging online threats that continue to torment SMBs and the financial services industry, iovation’s ReputationManager 360 uses a combination of device identification, device reputation and risk scoring that effectively stops fraud rings that are committing account takeover, phishing schemes and other types of online fraud, regardless of whether they are using PCs, smartphones or tablets to access a financial institution’s website or mobile application.

The Merchant Risk Council (MRC) represents the largest and most influential constituency focused exclusively on making eCommerce more safe and secure. iovation is a proud sponsor of the Merchant Risk Council and brings you this interview and podcast with Executive Director, Tom Donlea.

Listen to the Podcast >

iovation: This is Scott Olson on behalf of iovation. I am here with Tom Donlea, the Executive Director of the Merchant Risk Council. Hi Tom.

Tom Donlea: Hi Scott.

iovation: Tom, as the Executive Director of the Merchant Risk Council, you lead this trade association made up of merchants, vendors, e-commerce management professionals, and law enforcement. I imagine this role gives you a great deal of insight into the key issues facing online merchants. After having just completed the Merchant Risk Council semi-annual platinum meeting and now preparing for the upcoming conference in March, is there one topic you would say is getting more attention than others?

Tom Donlea: Yes, Scott. I think for the MRC it has clearly been the economy. A lot of our merchants are increasingly focused on managing their costs and minimizing losses. They are getting a lot of pressure, so they are coming to the MRC with some very specific requests; three in fact. The first thing is they are looking for benchmarking data. They want to look at their costs, the resources they are using, and investments that they should put toward managing fraud risk.

Another piece of this, another part of the membership value, is utilizing the newest and most proven technologies available. They want to make sure that they have the right things in place, whether it is the device recognition, IP geolocation, or some of the other new technologies that are really key for the merchants.

The third thing that merchants are looking for is figuring out how to squeeze every dollar possible out of their program and their operational expenses. We are helping them connect with other members and learn about industry best practices to make sure that they are as efficient as they can be.

iovation: In recent e-commerce fraud surveys, Merchant Risk Council members show consistently lower fraud rates than the industry average. So from your experience, what are these businesses doing right?

Tom Donlea: Belonging to an organization like the MRC allows our member merchants to collaborate and then determine and discover best practices. Through our organization, the merchants have access to industry leaders. And through those presentations and forums, they are staying on top of the latest services from solution providers.

We introduce those topics and issues through webinars that we hold. We do about 20 a year right now. We hold two big conferences each year and we also have a wide enough member base from the merchant community that allows deep collaboration. Merchants from travel, gaming, the apparel industry, electronics—they are all able to gain a greater understanding of the solutions that are most widely adopted and are benefiting the bottom line, and that are, of course, appropriate for the business model.

Increasingly, merchants are looking to the MRC for advocacy. When we gather folks from the travel industry, for example, and we are hearing common issues that they have that are industry-wide issues, the MRC is positioning itself to go to battle, to cause positive change in the industry on behalf of those merchants. And we are excited to play that role.

iovation: You have followed iovation as one of the vendors and the growing interest in device-based fraud solutions for several years now. Would you say the use of this technology is now being considered a best practice for your members?

Tom Donlea: Yes, absolutely. On an annual basis, we do a fraud survey. Every year that we conduct this survey we ask our members, “What sort of third-party solutions or technology solutions are you adding to your arsenal of fraud detection tools?” Device reputation technology is one of the latest advances, and we see our merchants increasingly utilizing that type of technology to develop and enhance their fraud screening tools.

Of course, our merchants know that there is no single silver bullet that is going to eliminate fraud risk when it comes to accepting payments online. But they do know that they have got to have a diverse portfolio of tools. Not only do our members have lower fraud rates than the general industry standards for companies at the same level of revenue, but they also employ more tools than your typical e-commerce company. Through the MRC, and through meeting companies like iovation, they have learned that they must have a broad array of tools in order to meet the challenges of taking diverse payments online.

iovation: Speaking of tools and the different fraud types that your members address, most people think the Merchant Risk Council members deal primarily with financial fraud such as fraudulent chargebacks and payment fraud. What are the other risks that your Merchants are addressing?

Tom Donlea: It’s interesting that both security and authentication are becoming important issues. We’ve seen in recent headlines that data security is more and more of an issue with retailers and with consumers. The challenge for many of our e-commerce and multi-channel retailers is that they not only want to offer an inviting and convenient shopping environment for the consumer, they also want to provide the safety and security for that customer’s personal data. It’s a huge motivator for us to boost that consumer confidence in e-commerce as a channel; a focus on security is a part of that. We know that it’s important for the customers, as well as our members. The shoppers who are conducting business online, they’ve got to trust those MRC members before, during, and after placing an online transaction.

We’ve been very proactive in providing programs and events to educate retailers on the root causes of the data breaches, the regulatory issues involving the Payment Card Industry—or PCI, as we call it —and then providing them examples of compromised systems. What could have been done in advance to avoid that? Then, certainly, the remediation that happens following mistakes like the TJX breach, for example.

Authentication is another issue that we’re really focused on. Of course, authentication for financial transactions is always paramount for our members. I know iovation has lots of clients in the dating, social networking, gaming area. This has become an increasing percentage of our membership as well. For those companies, the customer experience, again, is paramount, which includes: “if I become a member of a social networking site, I want to avoid any sort of predatory behavior, phishing or any scams that are going on.” That non-financial authentication is a very, very big deal for those companies because they have to make sure that the customer experience is continually excellent.

iovation: Earlier, you mentioned that the economy was one of the major issues, and this past year, certainly, has been very challenging for a great majority of retailers across all categories. Yet the Merchant Risk Council has grown in both membership and participation. Why do you think this is?

Tom Donlea: Well, I like to think that our membership base is savvy enough to understand that it’s more vital to address fraud risk, security risk, and electronic payment issues during these hard times. They’re trying to squeeze cost out of operational systems, maximize the number of transactions they can take online, and the consumers, where they are as far as their level of safety with doing business online. MRC is bridging the gap between the merchant community and the issuer community, which includes financial institutions, who often times provide the primary interactions for that consumer in relationship to making payments online.

We’re developing forums that are allowing these communities to communicate with each other, and break down artificial walls that really do affect the consumer’s experience of placing a transaction online. We want the banks who are issuing credit cards and the retailers who are hoping to accept those legitimate transactions to have open communication and improve the industry through those efforts. We also provide active year-round forums for networking, for education, and then for advocating on behalf of our merchant members. The members that belong to the MRC, they benefit from having a distribution list that allows them to interact with their peers and competitors in a non-competitive way.

We provide benchmarking studies. We provide online learning. We have in-person conferences. We’re also expanding into Europe. I’m not sure that we talked about that but it’s very exciting for us. Then, we also have active year-round committees where folks are, again, focusing on common issues that need to be addressed by an industry group in order to improve the industry for the better. Now, more than ever, the MRC is providing resources that allow our members to address their current fraud and secured payment processes, improve their productivity, and increase profitability. Really, what we’re trying to do is make sure our members are looking out further on the horizon and are prepared for those challenges in our three program areas for fraud, security issues, and related payments on a global basis so that they’re really prepared for the future.

iovation: Certainly, the Merchant Risk Council plays a very important role in addressing online fraud and abuse. I really appreciate you taking the time today, Tom, to share with us some of the insights from the Merchant Risk Council and your members.

Tom Donlea: That’s great, Scott. We appreciate the chance to talk with you and we appreciate iovation’s involvement in the MRC.

To learn more about iovation’s fraud-fighting solutions that enable online retailers to prevent thousands of fraudulent activities each day—including credit card fraud, shipping fraud, identity theft, carding and more—watch this video, titled Preventing Fraud and Abuse in Online Retail.