6 E-Commerce Security Pointers for Marketers and Consumers Alike

In 2008, the total average costs of a data breach grew to $202 per record compromised, an increase of 2.5 percent since 2007 ($197 per record). The average total cost per reporting company also rose, growing to more than $6.6 million per breach (up from $6.3 million in 2007) and ranging from $613,000 to almost $32 million, according to a recent study from Ponemon Institute, an independent research firm that specializes in privacy, data protection and information security policy.

Online businesses must understand the kind of security measures and warning signs consumers increasingly look for on the web today. Here are six tips to help you see things through their eyes and plan your own security strategy accordingly:

1. Visual cues. Consumers need to protect themselves from “phishing sites,” phony websites set up by criminals to steal personal information. Simple visual cues can demonstrate that your site is safe and open for business. Consider, for example, the “http” in the URL address or the green address bar in the web browser.

These cues tell consumers that a website owner has invested in digital certificates verifying that a site is legitimate and that customer information will be encrypted during transactions.

2. Too much information. Phishing sites frequently lure consumers through “urgent” email alerts and then request personal information organizations should already have or information they clearly don't need for account activity.

These messages alert customers to account problems, account status changes, special sales offers or even the need for special security software downloads. These messages also include links to phony websites to get customers to input personal information.

Retailers’ sites generally don't need more than a name, shipping address, billing address, credit card type, card number and expiration date. Consumers should become suspicious whenever social security numbers or bank routing numbers are requested. Retailers don't need to execute customer downloads to upgrade site security. As a business rule, only collect what you need for the purpose of the transaction at hand.