Data Breaches of Ecommerce: Tips For Retailers And Shoppers To Stay Safe
Data breaches are real.
If you’re thinking of starting an ecommerce business, have you thought of the COST? No, not startup capital or operational cost,
by COST I mean
Online shopping transactions begin and end online but due to avoidable security fails in some cases, what began online can eventually end in court or in the loss of millions of dollars in a retail settlement like Target and the loss of consumer confidence, none of which you want.
Statista released the following report detailing data breaches in the US between 2005 and 2014.
From the chart above we see that data breaches in the US alone increased over 490% between 2005 and 2014.
Online security is just as important if not more important than offline or physical security, especially for businesses entirely run online.
For these, a major attack could have fatal consequences for the business, business owner or employees, dependents of employees etc.
Hence, ensuring adequate online security is paramount when operating or starting an ecommerce business or any other online business for that matter.
As businesses begin to grow and expand they inadvertently become bigger targets for unscrupulous elements inhabiting cyberspace. Staying one or more steps ahead of cyber attackers should be one of your major business goals this year.
In this post, we shall look at data breaches and how to stay safe in the invisible world of ecommerce transactions but first learn about what is online security and why you should take it seriously.
WHAT IS ONLINE SECURITY?
Basically, online security refers to staying safe when using the internet. IGI-Global defines online security as “the secure display, storage and transfer of information online.”
For instance, using public Wi-Fi to shop online is dangerous, your credit card information could be stolen by hackers or other third parties who may have unfettered access to information you transmit online.
WHY TAKE IT SERIOUSLY?
There are many reasons to take online security seriously. More businesses are moving online, including brick n’ mortar stores.
Some of these new entrants have little to no idea about staying safe online; some better-established brands may become negligent of their online security and unwittingly open themselves up to preventable attacks.
Neiman Marcus and Target have been targeted in large-scale credit card information theft. Just recently in September 2017, a massive data breach was reported at Equifax the credit bureau.
As at end of July 2017 there were 791 reported data breaches in the US alone representing a 29% increase year on year according to reports by the Identity Theft Resource Centre and CyberScout. This figure was estimated to reach as much as 1, 500 by end of 2017.
Some of the Largest Data Breaches Recorded
Some of the largest data breaches on record are as follows:
- Yahoo; 3 billion accounts affected by two breaches
- MySpace; 360 million accounts affected
- eBay; 145 million accounts accessed
- Target; 110 million accounts affected
- LinkedIn; more than 100 million accounts affected
According to reports by CreditCards.com 11% of 2014 global data breaches occurred in the retail sector.
Hence, online retailers must as a matter of urgency constantly evaluate their security infrastructure to ensure compliance with industry best practices because attackers are on the prowl and seriously so; and who are their targets?
MAJOR TARGETS OF ECOMMERCE ATTACKS
Attacks on ecommerce businesses mainly target:
- Online Retailers
- Online Shoppers
- Online Platforms
They target these groups mainly to steal valuable information to commit fraud.
WHAT CYBER ATTACKERS ARE AFTER
Information theft is just one step to the bigger grand theft for which they’ll need:
- Credit Card information
- Phone numbers
- Passwords etc.
WHAT IS A DATA BREACH?
Tech Target defines a data breach as “an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.”
This information can then be used for illegal activities including shopping online with stolen credit card information or other card present/non-present fraud.
SOME CYBER CRIME STATISTICS TO TAKE NOTE OF
Below are some eye-opening reports and statistics of reported cyber attacks you need to keep an eye on.
Some of these were
- accidentally published
- inside job
- obtained from lost/stolen computers or other lost/stolen media
- due to a security lapse
- due to unknown causes
- caused by a virus
Whatever the cause, the effect is same; loss of confidence and associated revenue.
DATA BREACHES BY INDUSTRY
Different industries have different levels of average risk exposure, some less, some more.
The following infographic shows data breaches by the industry as of first half of 2017.
Although retail accounted for less than 1% of reported breaches between January and June 2017, it still amounted to 3, 631, 878 breaches, quite a lot if you ask me.
WHAT ARE SOME RISK FACTORS
Doing or not doing the following may increase the chances of your ecommerce store or business being attacked.
- Non-PCI compliance by retailers
- Non-use of https
- Shoppers using public Wi-Fi
- Shoppers using insecure browsers etc
STAY SAFE ONLINE: 7 THINGS RETAILERS MUST DO
Using the 7 dimensions of ecommerce security below, retailers can take the following steps for enhanced online security
Dimensions of Ecommerce Security
|1||Confidentiality||Confidential information should be accessible only to authorized persons, and should not be intercepted during transmission.|
|2||Integrity||Non-alteration of information during transmission over a network.|
|3||Availability||Information should be made available on a “need know” basis wherever and whenever required within a specified time frame.|
|4||Authenticity||User authentication required before granting access to requested information|
|5||Non-Repudiability||Protection against denial of creating order or receipt of payment|
|6||Encryption||Encryption and decryption of information to be carried out only by authorized persons|
|7||Auditability||Data should be recorded/stored in line with audit best practices|
WHAT RETAILERS SHOULD DO
Having familiarized with the 7 dimensions of ecommerce security above, retailers should implement the following safety measures
- Be PCI compliant
- Perform regular/quarterly PCI scans
- Use SSL
- Use EV-SSL (Extended Validation SSL)
- Implement https protocol
- Encourage shoppers to use stronger password combinations
- Implement two-step authentication
- Send sign-in alerts
- Suggest safe browsers shoppers can use
- Avoid storing customer card data online
- Stay updated with latest online security news/trends
- Ensure ecommerce platform is secure
- Host store on Virtual Private Server if you can afford to
- If using WordPress for instance, ensure site, themes and plugins are regularly updated
- Perform regular backups
- Send regular security updates to their email lists
- Create and distribute regular blog content including articles about online shopper security
- Educate staff on how to identify cyber fraud/attacks
- Perform regular risk/threat assessment
- Create online security policy
- Implement emergency preparedness exercises
- Assemble technically competent response teams in place
- Implement SET protocol (jointly developed by MasterCard and Visa), has at least 4 advantages over SSL
- Adopt geo-location anti-fraud software
WHAT SHOPPERS SHOULD DO
As an online shopper, your online security should be your primary concern. Take the following steps to stay safe when shopping online:
- Avoid using open public Wi-Fi
- Be vigilant if/when entering credit card info in public internet cafes
- Use different passwords for different online accounts
- Use safer browsers
- Only enter credit card info on https sites
- Never disclose credit card information over live chat
- Don’t tell browsers to remember card details/disable autofill for payment forms
- Learn to identify spam/phishing emails
- Visit stores by typing URL themselves into address bar
- Keep antivirus updated
- Set up firewalls
- Use disposable credit numbers for one-time payments (private payment number)
Both online retailers and shoppers have roles to play in ensuring safer online shopping experiences. Implementing these tips will greatly mitigate the increasing trend of hacks and data breaches targeting ecommerce operators.