Dangers associated with online card payments

Payment cards are slowly becoming an integral part of our daily life, thus replacing cash. As reported by the National Bank of Poland, at the end of June 2022, Poles used 43.9 million payment cards, which represents an increase of about 0.7% compared to the same period in the previous year. Non-cash payments made through services such as BLIK or Przelew24 are particularly popular among customers. And although each transaction is properly secured by the bank, it is still burdened with the risk associated with cybercrime. What threats do we have to face and how can we protect ourselves against them?

Online payments – what methods can we use?

There is no doubt today that consumers prefer primarily non-cash payments. This is confirmed by both social research and data developed by the NBP. According to the report on payment cards for the second quarter of 2022, Poles made 53.7 million online transactions with payment cards, with a total value of PLN 8.3 billion. Interestingly, compared to the previous quarter, this is an increase in both the number of payments (by 9%) and the value of transactions conducted (by 9%).

What methods do we use most often when making payments online?

Depending on where and what we want to pay for, we can choose from options such as:

• Traditional bank transfer – a basic solution that requires manual entry of transfer data and is associated with an extended waiting time for the payment to be credited. Although this method is gradually being replaced by fast online payments, many customers still choose it because of the sense of security and control over the payment process;
• Online transfer – a simple and relatively safe option. After making purchases, the system takes us to a page with a list of banks, where after choosing one of them we are redirected to the banking system. To make a payment, all you need to do is log in to your account and confirm the completed transfer. The main advantage of this solution is convenience and short booking time;
• BLIK – this is a payment using a one-time, six-digit code generated by the banking system. During payment, we do not have to provide personal data, just rewrite the code on the payment page and confirm the transaction;
• Credit or debit card – this solution works not only during payments in online stores, but also when buying a subscription. To be able to pay by card, we must provide its 16-digit number, name and surname visible on the card, expiry date, as well as an individual CVV or CVC code. Thanks to the chargeback service, this form of payment is safe, because in case of problems with theft of money, the bank immediately helps us recover the money;
• Virtual card – used exclusively for online payments and is particularly useful during international payments. With such a card, we cannot pay at the terminal or use it at an ATM, which is why it stands out for its high security during use;
• Prepaid card – consists of 16 characters, which we enter during the transaction. Thanks to it, we can safely pay for purchases on the Internet, without the need to have a credit card or a bank account.

Dangers of online card payments

It’s no secret that online card payments, like using online transfers and BLIK, are extremely fast and simple payment methods. Unfortunately, for people operating their financial resources in the virtual world, there are many traps set by internet fraudsters. What threats do we most often face?

• Attacks on payment cards – the number of hacker attacks on payment cards is constantly growing, and cybercriminals are constantly looking for new ways to obtain credit or debit card data in order to steal our money. One of the tools they use are so-called banking trojans, which are primarily exposed to those users who do not care about updating systems and banking applications. The virus infects our device, then collects all data related to payments or even conducts financial transactions on our behalf;
• Theft of electronic banking data – criminals try to steal our name and surname, address, credit card number and PESEL. Thanks to this data, they can, for example, take out a credit obligation or pay for online shopping instead of us;
• Phishing – a common action of cybercriminals is sending links leading to websites deceptively similar to banking ones, but in reality not being banks. After logging in by the user, the criminal gains access to our account and can carry out any operations on it.

How to make safe payments on the Internet?

Despite many threats that we struggle with on the Internet, we must remember that banks and payment systems actively protect us against hacker attacks. For this purpose, they provide us with, among others, multi-stage payment authentication solutions (e.g. confirmation in the mobile application using a PIN or verification data), additional tools increasing transaction security (e.g. tokens) and notifications informing about potential frauds. Despite this, cybercriminals are still creating new ways to bypass these safeguards. Therefore, we should implement the following rules for making safe card payments on the Internet:

• Make purchases only in trusted online stores;
• Check the SSL certificate of the site before logging in to the system to make sure that the connection is encrypted (the site address should start with https://);
• Check the login data for the electronic banking system and pay attention to whether there are any suspicious activities on our account;
• Do not disclose the PIN number of the payment card on the Internet;
• Store transaction data, including emails with purchase data;
• Beware of emails asking for data entry or verification – remember that the bank never asks for such information;
• Do not use the function of remembering browser sessions and auto-filling forms;
• Regularly update the system, antivirus software and mobile banking applications;
• Log out of the electronic banking system;
• Set amount limits for card transactions on the Internet

A new solution responsible for increasing the security of online payments is an innovation developed by Digital Fingerprints and implemented by the first card services provider, IT CARD S.A. Thanks to the implementation of PureSecure based on behavioural verification mechanisms in the process of card payments on the Internet, the customer no longer has to enter a one-time SMS code. From now on, his task is only to rewrite automatically generated words in the internet gateway. In the background, without affecting the UX of the client, he will be verified for the compatibility of the device he uses and the way of writing the indicated words. Customers of mBank, among others, can already use this solution.

Online payments are fast and convenient, but let’s not forget that they are also a tempting morsel for hackers who see in them the possibility of extorting data. A common, but as it turns out not the only type of attack, is phishing. Cybercriminals often open fake online stores for the needs of the crime being prepared, including sending emails with a linked product image, offering a quick purchase at a promotional price. Protect your company and employee data – take advantage of effective solutions based on Digital Fingerprints behavioural verification.