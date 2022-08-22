As more people go online to buy items, cybercriminals are working on new ways to steal and launch attacks. Visa has launched a new Security Roadmap to improve NZ's digital defences.

E-commerce has been increasingly popular for years, but global events since 2020 have markedly accelerated the trend, with more New Zealanders than ever now opting to buy online.

New Zealanders spent $7.6 billion online in 2021, according to NZ Post's annual e-commerce report, a 52% increase from 2019. The average Kiwi spent more than $3500 online last year, and more than half (58%) of retail businesses in New Zealand are now selling online, according to a Better for Business report.

Anthony Watson, country manager for New Zealand and the South Pacific at Visa, says: "A lot of the foundations and enablers for e-commerce were already in place before the pandemic, but things have accelerated dramatically since then.

"Consumers weren't left with many alternatives during lockdown, so we began to see much more digital engagement with commerce activities," he says. "The shift was significant, but with enormous growth comes vulnerabilities. Some people and businesses are new to e-commerce, and certain parts of the infrastructure need to be regularly updated and refreshed to suit the current environment with an 'always on' approach to cybersecurity."

UNSPLASH New Zealanders spent $7.6 billion online in 2021.

Modern cyber threats

As more people go online to buy items, cybercriminals are working on new ways to steal and launch attacks. In our digital-first world, attacks are becoming more sophisticated, requiring new and improved defences for businesses and customers.

Enumeration attacks are increasingly common. Fraudsters use automation to test and guess payment credentials in online payment forms, such as Primary Account Numbers (PANs), card verification values (CVV2), and card expiration dates. Criminals use botnets to take over people's computers, using the devices to launch attacks on a huge scale.

Watson says: "These attacks have been happening for a while, but because of the digital shift in recent years, fraudsters are becoming more focused. Criminals are using various techniques to guess credentials, using hijacked devices. They repeatedly use different combinations until they are successful."

"This can be overwhelming for businesses at the receiving end, and the impact can be quite large," he adds.

Amid the spate of enumeration attacks across the globe, Visa is working on new ways to detect and stop them before they occur, Watson says.

SUPPLIED Visa has launched a new Security Roadmap to improve New Zealand’s digital defences.

A security roadmap

Global payments leader Visa has launched a new Security Roadmap to improve New Zealand's digital defences.

As part of the roadmap, Visa is taking action across six key areas to safeguard businesses and consumers.

1. Preventing enumeration attacks

Visa has introduced a requirement for New Zealand eCommerce payment providers to invest in capabilities that identify and prevent enumeration attacks. By October next year, providers must ensure they have advanced controls in place.

Visa continually scans the payments network to look for anomalies in spending patterns or behaviour. The payments provider can use data to make decisions and send information to banks, warning them about suspicious transactions.

Other scanning tools are also available to businesses, such as CAPTCHA codes to thwart attacks. CAPTCHA codes are a "simple but effective" measure in the fight against enumeration attacks, Watson adds.

2. Driving adoption of secure technologies

Visa is enhancing and rolling out its token service to make online transactions more secure. The Visa Token Service replaces personal account information on credit and debit cards with a unique digital identifier called a token. The token allows consumers to make transactions without exposing their actual account details, keeping them more secure.

Visa is working with the industry to migrate to the new and improved "2.0" version of the EMV 3-D Secure (3DS) technology, which adds a layer of authentication to online transactions. The latest iteration of the tech is better suited to mobile devices than previous versions, and easier for shoppers to use.

3. Securing digital-first payment experiences

Research commissioned by Visa in May 2022 and conducted by YouGov (details on Visa's newsroom website) found that more than half (56%) of Kiwis have abandoned an online purchase, with security concerns cited as the main reason, indicating room for businesses to bolster their security measures.

Aside from improving 3DS technology, Visa will ensure that Payment Card Industry Data Security Standard (PCI DSS) standards are kept up across the payment ecosystem.

"The standards have recently been updated, and we'll be working with businesses to make sure that when they store credentials out on the network, whether they're tokens or not, they follow a set criteria of best practice," Watson says.

4. Ensuring ecosystem resilience

Visa has requirements and access controls in place for any entity connected to its network. When a bank that issues Visa cards can't respond to authorisation requests, for example if there's a technology outage, Visa can stand in to respond on their behalf – ensuring customers can walk away with their goods and businesses get paid.

Visa is improving its artificial intelligence processing systems for monitoring transactions and its criteria for scanning payments. Across the world, Visa is using the latest deep learning technology to help financial institutions manage transaction authorisations when service disruption occurs. Already in a 12-month period, Visa's AI technology prevented over $88 million in fraud from impacting New Zealand businesses.

UNSPLASH Visa continually scans the payments network to look for anomalies in spending patterns or behaviour.

5. Enhancing the cybersecurity posture of ecosystem participants

As a key player in the world of digital payments, Visa is looking to improve New Zealand's resilience to cyberattacks, as major incidents continue to impact supply chains, infrastructure, government, and large and small businesses across the globe.

Visa routinely identifies cyber threats to the ecosystem and updates its banking and business clients and the public through security alerts, intelligence alerts, and its biannual threats report.

6. Preventing New Zealand businesses and customers from becoming victims of scams

Anyone with a mobile phone or email account will know that scams are all too prevalent in New Zealand.

Visa views education and awareness as a key weapon in the fight against scam artists. Visa works with law enforcement agencies and across industry groups to improve messaging on what to look out for, and identifies common scams through its Payment Intelligence alerts. Visa's website has a wealth of information on the latest scams.

UNSPLASH Visa has introduced a requirement for New Zealand eCommerce payment providers to invest in capabilities that identify and prevent enumeration attacks.

The future of business

As e-commerce continues to grow, new fraud threats will continue to emerge. Fraudsters will be looking for vulnerabilities, so businesses and shoppers alike need to be vigilant.

Visa will be there to make sure New Zealand continues to be as secure as possible in the future. The payments network believes improving technology and widening education will help Aotearoa get ahead of cyber criminals and make a seamless transition to the digital economy.

"Our job is to anticipate and identify vulnerabilities in systems and make sure we have the right practices, security platforms and tools in place to address them," Watson says. "I'd love for New Zealand to get to a point where we have replaced all valuable information in the network with tokens that criminals can't use. That will be a major deterrent for fraudsters."

"I'd also like to see more authentication such as biometrics, used in e-commerce transactions. Finally, we want to keep every Kiwi customer and business informed about this type of criminal activity."

To learn more about Visa's 2022 Future of Security Roadmap visit https://www.visa.co.nz/pay-with-visa/security/future-of-security-roadmap.html.