I am encouraging all my clients to enable two-factor authentication on their Stripe account immediately! Imagine yourself as the business owner in the following story: Recently, a client of mine had his email password compromised, and some evil Internet criminal used this email access and the “forgot password” procedure on Stripe to gain unauthorized access to his Stripe account. Once freely in Stripe, the criminal changed his password and had access to names and email addresses for every single one of his Stripe customers, past and present. Now armed with this information, the criminal emailed professional-looking invoices to all of these contacts. On top of that, the criminal sent him phishing emails requesting copies of voided checks and bank statements to “recover” his Stripe account. They are systematically trying to steal his whole identity!
Enabling two-factor authentication on Stripe would have prevented the unauthorized access in this scenario and all the unfortunate events that followed. I know, getting a code via text and using it to login every time is a small hassle, but a large potential negative alternative—such as this client is experiencing—is a nightmare of the highest proportions for a business owner. Your business will grind to a halt, as Stripe freezes your account while they investigate. You will not be able to process payments at all, and you will be fielding dozens of phone calls from confused customers who received unsolicited invoices. Then, there is the massive headache of recovering your stolen Stripe account. Stripe is great at processing credit card payments, but not so good at customer service interaction.
I recommend the following two basic security practices for online security:
- Never reuse the same password for two different logins
This is how most passwords get compromised. A large or small site where you have an account gets hacked, and the hackers get juicy lists of names, emails addresses and passwords. They then do simple Internet searches for the names and emails and try to find other accounts on which to try the password they have. I recommend you always use strong passwords too. You know what I’m talking about… 16 characters of random gobbledygook.
- Enable two-factor authentication for your financial accounts
In addition to your credit card processor, Stripe, other important account types could include: bank, investment and credit card. If they offer it, two-factor authentication with your phone can give you an extra layer of protection for any account you deem critical. Change any reused passwords at the same time you’re in there enabling two-factor authentication.
In today’s digital world, Internet crime is unfortunately way up because it’s hard to catch, impersonal, and lucrative. Take some simple steps to help protect yourself!
