How Online Retailers Can Avoid ‘Virtual Violence’
A thug committing a robbery in a video game is an obvious example of virtual violence. An act of e-commerce fraud, with money silently stolen by stealth hackers, is another example. Massive and relentless cyber attacks against merchants have been unfortunately prevalent in the world of e-commerce.
The “massive” part is indubitably true: The cost of fraud hit $32 billion in 2014, and large e-commerce merchants lost nearly a full 1 percent of their revenue (.85 percent) to fraud, according to an annual report.
Thieves evolved from stealing credit cards out of purses and wallets to stealing solely the information contained on the cards. Banks and tech companies have countered with new security software and now “chip” cards, among other measures, but thieves are using more sophisticated techniques as well. For example, as EMV chip technology made data theft more difficult, criminals recognized the increasing popularity of mobile payments, and now find that hacking into phones is a rewarding and viable option.
As the escalation continues, e-commerce merchants must take a proactive approach to defending their businesses. Here are some measures you can take to protect sensitive data, your customers and your business from “virtual violence."
Be Selective When Choosing a Provider
If your e-commerce site must rely on a host provider, be demanding. The provider must use at least 128-bit AES encryption, monitor the network regularly, explain policies and procedures regarding potential breaches, and keep comprehensive logs — for starters.
Update, Update, Update
Cyber security is big business, so companies in the industry have plenty of incentive to address breaches and develop new products to try to get a step ahead of fraudsters. Updating your system regularly to get the latest in antivirus, anti-malware and other protection will ensure that your business is less vulnerable.
Ditch Extraneous Data
Customer contact information is vital for your business, but storing other sensitive personal information, such as credit card numbers, isn't worth the risk. With your checkout process incorporating encryption capabilities, your servers don’t even need to “see” the customer’s credit card data. If you don’t keep that data, it can’t be stolen from you. Remember, even if transactions are secure as they're occurring, that doesn’t mean data you keep before and after is safe. You're responsible for information stored on your server; the less you have, the better off you'll be.
Use an AVS, and Require CVV Numbers
When customers pay for their purchases, require them to enter the CVV (card verification value) number on their credit card, which all but assures that the buyer at least has possession of the card. Another layer of protection, an address verification system (AVS), might stump a would-be fraudster whom somehow came into possession of the card.
Test Your Site
Your card payment processor will require testing of your e-commerce site to make sure it meets certain security standards, but you can go further. Check every link on your site regularly. Make sure site visitors aren’t being redirected or “hijacked” to a similar-looking fake page designed to get them to input sensitive information. Make sure hackers haven't introduced malware into ads or other third-party content.
Address ‘Shadow IT’
Individual employees sometimes download their own solutions or third-party applications onto their computers, unaware they could be opening a back door through which hackers can enter. Ban this practice, explain why and allow only pre-approved exceptions. Insist that security updates occasionally issued for these third-party apps get installed.
Consider Encrypted Email
Including sensitive information in an email using plain text is never a good idea. If you opt for email encryption, know that the sender and recipient must share their digital ID or public key certificate. Therefore, only do this with trusted partners.
Hire Professional Help
A cyber security consultant or firm can identify site vulnerabilities. There are also scanning services available, as well as other investigative software on the web that will test factors that affect your site security.
A few self-explanatory tips:
- Increase team security training and awareness.
- Monitor current events/new developments.
- Use strong passwords.
- Ensure that your shopping cart software integrates with the payment gateway.
- Share successful tips or tricks with other businesses.
With the prevalence of fraud these days, earning your customers’ confidence is critical to the survival of your business. Keep your e-commerce site as secure as possible.
Nori De Jesus is the global director of marketing at Column Information Security, a consulting and solutions provider for information security.