A message from your account manager

Weak fraud prevention measures can put businesses at significant risk of financial loss, reputational damage and legal consequences. We’ve dedicated this month’s newsletter to highlighting actions you can take to mitigate fraud risk and boost your awareness of this year’s most common cyberattack methods.

Reduce your vulnerability by closing security loopholes

Bad actors often target weak points in security measures. There are four core business practices that reduce your risk of being an easy target.

Payment Card Industry Data Security Standard (PCI DSS) validation.
Doing so annually confirms that foundational security practices for handling sensitive payment card data are current. Changes made to your businesses could have inadvertently created vulnerabilities that did not previously exist. For example:

• Shifts in store setup
• Device additions
• eCommerce expansion
• New payment access points
• Changes to operational procedures

Consider your eCommerce website. 
If you use an outside vendor to develop and maintain your eCommerce website, have them verify that your HTML source code is well hidden. You’d be surprised how often this detail gets overlooked and how much risk it presents.

• Make sure all links within HTML source code are masked and includes a ‘No Index’ tag.
• Check that your shopping cart software has the latest security patches, remove inactive plugins and make sure your SSL certificate is current.
• If you experience a fraud incident connected to a hosted payment page, delete all existing links to the hosted payment page and replace with any provided updated links.

Keep device software up to date at all times.
We send automatic software updates to your devices but there are steps you must take to ensure your device is benefiting from our automation.

• Verify that software auto-download is turned on in your device settings.
• Keep your payment device turned on and connected to the internet at all times, including when you’re closed, so that auto-downloads can take place.
• Settle open batches at the close of every business day. They must be settled in order for a scheduled auto-download to occur.
• If we contacted you to let you know that your device is too old to handle software updates, please act quickly to upgrade to a newer device version.

Monitor payment transactions.
Check your batches before you settle. If you see a transaction (especially a large refund) that you don't recognize or seems out of place for your business, you should check your sales receipts to verify it's legitimate.

Back to top

Emerging trends in payments cybercrime

This month, Visa published a report identifying the most prevalent cyberattack methods currently affecting payments: Countering emerging cyber threats in payments report.^*

Elavon’s Global Client Security Team confirmed there has been a significant increase in ransomware attacks (Trend #3) impacting merchants this year. They suggest employees be trained to identify smishing and email phishing and the importance of responsible data use. One of the last things a business wants is to have their systems disabled by a threat actor and have confidential data made public because ransomware demands were not satisfied.

Back to top

Tools to strengthen your security prevention measures

Cybercriminals only need to be right once. Businesses, however, have to catch every single threat. There are several solutions that can help you stay a step ahead of bad actors. We’ve highlighted a few options.

1. Encryption and tokenizationprotect cardholder data that is at rest or on the move, making sensitive cardholder information inaccessible should a breach occur.
2. Safe-T security solution features a highly effective combination of authentication, encryption and tokenization technologies that protect cardholder data at every point in the face-to-face transaction lifecycle without impacting the way you use customer card information.
3. EMV 3D Secure uses more than 100 data points to instantly evaluate a cardholder’s authenticity and assess the risk level of an online payment transaction — without slowing down the transaction. Authenticated cardholders are directed to the purchase confirmation page without even knowing their transaction was screened. It’s available for an additional fee through Converge.
4. PCI Compliance Manager provides proactive support to help customers complete the PCI DSS Compliance Validation Process. Support includes:
   • Online PCI Validation Tool
   • 365/24/7 PCI portal access tracking progress
   • PCI QSA-supported help desk to answer your questions

Back to top

It takes a village to stay a step ahead of fraudsters

This month, Forbes published a Cybersecurity Primer for Businesses in 2025.^* The article offers interesting insight on the rapidly evolving threat landscape, highlighting the need to be proactive and have a risk management strategy in place — regardless of business size.

Cyber education is good for business
It’s also important to make sure employees are cybersecurity aware and trained to recognize risks. The National Cyber Alliance^* offers insights and tips. They should become familiar with the types of cyber threats that are common in your industry, the potential impact they can have on the organization and the steps required to reduce risk.

We’re watching out for you

• In the event that we identify unusual activity on your account, we may reach out via phone or email. Unusual activity could include a variety of red flag scenarios such as an increase in declines, processing volume, chargebacks, credits, etc.
• Emails from Elavon representatives will always be sent from a familiar trusted contact with an email addressing ending in Elavon.com or Usbank.com. If you receive a communication that you are unsure about, you can verify the legitimacy by contacting Customer Care.
• If you suspect unusual activity on your Converge Hosted Payment Page contact Elavon Converge support at 1-800-377-3962 (option 2, option 2).
• If you suspect a data security event or data breach possibly impacting payment card data for your business or website, contact Elavon Global Client Security at ADCqueries-NA@elavon.com.

Back to top