eCommerceSecurity

Data Breaches of Ecommerce: Tips For Retailers And Shoppers To Stay Safe

Data breaches are real.

If you’re thinking of starting an ecommerce business, have you thought of the COST? No, not startup capital or operational cost,

by COST I mean

Customer’s
Online
Security and
Trust

You need to take that into consideration with your own online security as an online retailer whether you’re growing or thinking of starting an ecommerce business.

Online shopping transactions begin and end online but due to avoidable security fails in some cases, what began online can eventually end in court or in the loss of millions of dollars in a retail settlement like Target and the loss of consumer confidence, none of which you want.

Statista released the following report detailing data breaches in the US between 2005 and 2014.

Data Breaches of Ecommerce - Annual number of data breaches

From the chart above we see that data breaches in the US alone increased over 490% between 2005 and 2014.

Online security is just as important if not more important than offline or physical security, especially for businesses entirely run online.

For these, a major attack could have fatal consequences for the business, business owner or employees, dependents of employees etc.

Hence, ensuring adequate online security is paramount when operating or starting an ecommerce business or any other online business for that matter.

As businesses begin to grow and expand they inadvertently become bigger targets for unscrupulous elements inhabiting cyberspace. Staying one or more steps ahead of cyber attackers should be one of your major business goals this year.

In this post, we shall look at data breaches and how to stay safe in the invisible world of ecommerce transactions but first learn about what is online security and why you should take it seriously.

Read Also: How To Protect Your Business Against Spear Phishing

WHAT IS ONLINE SECURITY?

Basically, online security refers to staying safe when using the internet. IGI-Global defines online security as “the secure display, storage and transfer of information online.”

For instance, using public Wi-Fi to shop online is dangerous, your credit card information could be stolen by hackers or other third parties who may have unfettered access to information you transmit online.

WHY TAKE IT SERIOUSLY?

There are many reasons to take online security seriously. More businesses are moving online, including brick n’ mortar stores.

Some of these new entrants have little to no idea about staying safe online; some better-established brands may become negligent of their online security and unwittingly open themselves up to preventable attacks.

Neiman Marcus and Target have been targeted in large-scale credit card information theft. Just recently in September 2017, a massive data breach was reported at Equifax the credit bureau.

As at end of July 2017 there were 791 reported data breaches in the US alone representing a 29% increase year on year according to reports by the Identity Theft Resource Centre and CyberScout. This figure was estimated to reach as much as 1, 500 by end of 2017.

Read Also: Types Of Cyber Attacks | How To Prevent Cyber Attack

Some of the Largest Data Breaches Recorded

Some of the largest data breaches on record are as follows:

According to reports by CreditCards.com 11% of 2014 global data breaches occurred in the retail sector.

Hence, online retailers must as a matter of urgency constantly evaluate their security infrastructure to ensure compliance with industry best practices because attackers are on the prowl and seriously so; and who are their targets?

MAJOR TARGETS OF ECOMMERCE ATTACKS

Attacks on ecommerce businesses mainly target:

  • Online Retailers
  • Online Shoppers
  • Online Platforms

They target these groups mainly to steal valuable information to commit fraud.

WHAT CYBER ATTACKERS ARE AFTER

Information theft is just one step to the bigger grand theft for which they’ll need:

  • Credit Card information
  • SSN
  • Names
  • Phone numbers
  • Addresses
  • Emails
  • Passwords etc.

WHAT IS A DATA BREACH?

Tech Target defines a data breach as “an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.”

This information can then be used for illegal activities including shopping online with stolen credit card information or other card present/non-present fraud.

Read Also: 4 Data Protection Tips To Keep Your Data Secure On-The-Go

SOME CYBER CRIME STATISTICS TO TAKE NOTE OF

Below are some eye-opening reports and statistics of reported cyber attacks you need to keep an eye on.

Data Breaches of Ecommerce - Worlds biggest Data Breaches

Some of these were

  • accidentally published
  • hacked
  • inside job
  • obtained from lost/stolen computers or other lost/stolen media
  • due to a security lapse
  • due to unknown causes
  • caused by a virus

Whatever the cause, the effect is same; loss of confidence and associated revenue.

DATA BREACHES BY INDUSTRY

Different industries have different levels of average risk exposure, some less, some more.

The following infographic shows data breaches by the industry as of first half of 2017.

Data Breaches of Ecommerce - Data Breaches by industry

Although retail accounted for less than 1% of reported breaches between January and June 2017, it still amounted to 3, 631, 878 breaches, quite a lot if you ask me.

WHAT ARE SOME RISK FACTORS

Doing or not doing the following may increase the chances of your ecommerce store or business being attacked.

  • Non-PCI compliance by retailers
  • Non-use of https
  • Shoppers using public Wi-Fi
  • Shoppers using insecure browsers etc

STAY SAFE ONLINE: 7 THINGS RETAILERS MUST DO

Using the 7 dimensions of ecommerce security below, retailers can take the following steps for enhanced online security

Dimensions of Ecommerce Security

S/N Dimension

Detail

1 Confidentiality Confidential information should be accessible only to authorized persons, and should not be intercepted during transmission.
2 Integrity Non-alteration of information during transmission over a network.
3 Availability Information should be made available on a “need know” basis wherever and whenever required within a specified time frame.
4 Authenticity User authentication required before granting access to requested information
5 Non-Repudiability Protection against denial of creating order or receipt of payment
6 Encryption Encryption and decryption of information to be carried out only by authorized persons
7 Auditability Data should be recorded/stored in line with audit best practices

WHAT RETAILERS SHOULD DO

Having familiarized with the 7 dimensions of ecommerce security above, retailers should implement the following safety measures

  • Be PCI compliant
  • Perform regular/quarterly PCI scans
  • Use SSL
  • Use EV-SSL (Extended Validation SSL)
  • Implement https protocol
  • Encourage shoppers to use stronger password combinations
  • Implement two-step authentication
  • Send sign-in alerts
  • Suggest safe browsers shoppers can use
  • Avoid storing customer card data online
  • Stay updated with latest online security news/trends
  • Ensure ecommerce platform is secure
  • Host store on Virtual Private Server if you can afford to
  • If using WordPress for instance, ensure site, themes and plugins are regularly updated
  • Perform regular backups
  • Send regular security updates to their email lists
  • Create and distribute regular blog content including articles about online shopper security
  • Educate staff on how to identify cyber fraud/attacks
  • Perform regular risk/threat assessment
  • Create online security policy
  • Implement emergency preparedness exercises
  • Assemble technically competent response teams in place
  • Implement SET protocol (jointly developed by MasterCard and Visa), has at least 4 advantages over SSL
  • Adopt geo-location anti-fraud software

Read Also: 4 ECommerce Tips To Keep Your Customers Happy

WHAT SHOPPERS SHOULD DO

As an online shopper, your online security should be your primary concern. Take the following steps to stay safe when shopping online:

  • Avoid using open public Wi-Fi
  • Be vigilant if/when entering credit card info in public internet cafes
  • Use different passwords for different online accounts
  • Use safer browsers
  • Only enter credit card info on https sites
  • Never disclose credit card information over live chat
  • Don’t tell browsers to remember card details/disable autofill for payment forms
  • Learn to identify spam/phishing emails
  • Visit stores by typing URL themselves into address bar
  • Keep antivirus updated
  • Set up firewalls
  • Use disposable credit numbers for one-time payments (private payment number)

CONCLUSION

Both online retailers and shoppers have roles to play in ensuring safer online shopping experiences. Implementing these tips will greatly mitigate the increasing trend of hacks and data breaches targeting ecommerce operators.

Tags
Show More

Amos Onwukwe

Amos Onwukwe is an AWAI trained eCommerce B2B/B2C Copywriter featured in eCommerce Nation, eCommerce Insights, Understanding Ecommerce, Result First, Floship, SABtrends, Huffington Post, Dumb Little Man, Successful Startup 101, among others. He is available for hire and on Twitter @amos_onwukwe

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Optimization WordPress Plugins & Solutions by W3 EDGE
Close