Growing cyberattacks blamed for keeping small firms offline

Hooded hacker using mobile phone with icon diagram in a concept of stealing online personal data. [Getty Images]

Small businesses and payment firms are finding it increasingly difficult to survive online due to the growing sophistication of cyber-attacks.

This is according to new data by global payments giant Visa which shows the challenge faced by smallest outfits when moving online even as more consumers adopt digital payments.

"In Q1 2021, the contactless payment rate was 42 per cent. In nine months, it increased up to 60 per cent (+18 per cent) and maintained the growth after that. In a post-pandemic and recovery stage, consumer preferences remained the same."

The research released in a recent media briefing further shows the e-commerce ecosystem is currently grappling with three main types of digital attacks. These include digital skimming which happens when attackers deploy malicious code onto a merchant website that targets the checkout pages of these merchants and harvests the payment account data for their own gains.

"Digital skimming attacks are often the result of misconfigurations or lack of security controls within a merchant's environment, which enables threat actors to exploit such misconfigurations and successfully deploy the malicious skimming code," adds the update.

The firm also noted that enumeration (or also so-called account testing) became a disturbing type of attack for many card issuers over a similar period in the region. "It is aimed to identify the right combination of payment credentials details, which can be reused in a real e-commerce merchant to commit fraud."

Social engineering was also commonly cited where nearly three-fourths of fraud and data breach cases investigated by Visa's global risk team detected e-commerce merchants often defrauded through social engineering to fall for ransomware attacks.

"Threat actors often contact cardholders and claim to be an employee from the cardholder's bank. In these schemes the actors generally call the cardholders, or send an SMS text, alleging that the cardholder's account was involved in fraud and prompting the cardholder to either call back a provided number or provide sensitive information to the threat actors. The result is the compromise of sensitive user account data."

Visa sub-Saharan Africa Senior Director and Head of Risk Irene Auma noted that the increasingly sophisticated attacks shine the light on the need for stringent security controls in the digital commerce ecosystem.

"As merchants move online, so are fraudsters. Merchants will need to update their fraud prevention strategies and if in-house expertise is not available, merchants should turn to proven, reputable partners that can produce outcomes aligned to their business goals and interests."

War against content piracy not about cash only; it's a fight for Africa's soul
Why farmers should focus less on commercial farming
Premium Confusion after State publishes rules to end KPLC monopoly
Premium Dr Susan Koech: The 'Iron Lady' of Kenya's financial sector