Cybercrime accounts for a $3 billion loss in e-retailing each year, which could be used to buy a one year supply of Staples copy paper, 3 million iPhone 5s, 600 million Walmart color pencils, 2 million QVC gemstone rings and 5 million Amazon Kindle, according to a report.
Cyber criminals have been gearing their attention towards e-retail stores in recent months, with breaches of Neiman Marcus and Michaels being a few examples. The international business activity is also expanding the scale and scope of eCommerce risks and frauds.
CNN pointed out that cyber crime was a growing threat to eCommerce, citing the ubiquitous nature of these attacks and the coverage of breaches such as the Heartland breach.
Fraudsters also know they can get away in the noise of high volume of legit transactions, and even more worrying is that retailers rarely take out time to review the increase in suspicious transactions, often letting them go. These incidents are only few in what is becoming an alarming trend.
Consumers are also becoming aware of cyber threats surrounding e-retailing sites. Randazzo, an independent business analyst tells Digital Journal that consumers want to know if they can trust the online companies they submit credit card credentials to. It was the biggest concern in 2013, and it’s going to be even bigger in 2014.
Customers won’t be taking chances with online shopping like they used to, so merchants who are not doing enough to ensure privacy and security will see shoppers take their business elsewhere.
And with online shopping spiking every year, e-retailers need to pay more attention towards securing their websites. A sluggish online retail store can be an easy prey for cyber criminals, and may translate into decreased sales, social media backlash and loss of consumer confidence as a result of a security breach.
Some of the cyber threats e-retailers need to be aware of include:
- Botnet – an infection involving a hacker transmitting instructions to the victim’s computers for controlling them, and after successful takeover, using them to deploy spam and malware.
- Netspionage – Hackers exploit individual networks or online systems to acquire confidential information (credit cards, passwords etc.) for selling it to other criminals.
- Email phishing – Email phishing happens when the perpetrator generates fictitious emails with fraudulent links. These links appear as official and thereby have a chance to convince the victim to release personal information to the criminal.
- DOS attacks – these include any attack devised to comprise the availability of networks and systems. DOS is primarily directed at the public, financial and retail sectors.
Beefing up cyber security
There are several steps merchants could take to solidify the defenses of their retail sites. Retailers processing financial transactions are already utilizing encryption to protect customer information, but there is much more e-retailers could do to become complacent with their site’s security. The measures outlined below would help in enjoying a wider coverage of protection.
PCI compliance till checkout
Merchants accepting credit cards as a payment form are required to comply with the PCI DSS. This compliance, however, is usually kept at system level; it should extend to the checkout process so that an online retailer is able to detect infractions and stop anything deployed outside of known infrastructure and software.
Also, roadblocks like anti-malware software and firewall should be in place to maintain PCI compliance. For the validation process in case of an alteration, a full audit of all PCI data and the associated events with attempted alteration is recommended.
Monitoring provides real-time feedback to merchants regardless of the amount of data processing taking place, allowing them to spend more time in managing their eCommerce applications and less in scrutinizing databases for potential vulnerabilities.
Threats can be identified before causing damage, and e-retailers can view traffic patterns for monitoring adversities and hostile activities. System files can be analyzed in real-time and unauthorized changes can be flagged within an instance.
While some eCommerce businesses can be complacent by relying solely on encryption tools, SSL certifications need to be incorporated and updated frequently for increasing security. Expired certifications may demonstrate to customers that their protecting their personal information is not a priority.
So to ensure protection and customer trust, merchants may consider using SSL resources. This is also beneficial than having to activate the encryption protocols at certain times, as a website will protect the user activity around the clock.
As the eCommerce industry grows further, cyber criminals will increasingly focus on e-retailers. That is why it is important to stay updated with latest security protocols to ensure consumer trust and brand/company reputation, which in turn will lead to increased revenue and profit.