Online sales are on fire, totaling $115.3 billion in the United States in third-quarter 2017 and increasing 3.6% over the second quarter. But there’s one obstacle that can stop a merchant’s success in its tracks: failing to implement the cybersecurity measures needed to protect customer data.
Recent headlines have put a spotlight on the problems that happen when security is lax. Take, for example, the 143 million Americans who had their sensitive data exposed during the Equifax breach in 2017. Security lapses like these are enough to make consumers wonder which merchants they can trust with financial and personal information.
To keep their businesses reputable and profitable, merchants must use every cybersecurity tool in their arsenal to ensure each step of a customer’s transaction is secure.
When customers see high-profile online retailers like eBay and Target succumb to major data breaches, trust in e-commerce is lost. And it doesn’t matter to consumers how quickly or effectively a company addresses and resolves the breach — or even whether customers’ data is really at risk. What matters is the resulting belief that the merchant didn’t do enough to secure sensitive information in the first place — and the decreased faith in e-commerce as a whole. Lost trust and confidence might carry more serious repercussions than any financial loss a merchant experiences, with the effects spilling over to e-commerce businesses of every size.
What’s important for merchants to remember is that it’s far harder for them to recover from a security breach than it is to prevent it in the first place. And it can be even harder for smaller, online-only retailers.
Because all e-commerce merchants assume some level of risk when doing business online, it’s critical they take the necessary steps to ensure that sensitive information is protected during every stage of a customer transaction.
To make that happen, online merchants should implement these suggestions to strengthen their site’s security, safeguard the customer’s online shopping experience and earn trust:
Payment Card Industry Data Security Standard (PCI DSS) regulations were established in 2006 to ensure all merchants that accept, process, store and transmit credit card information do so in a way that reduces the risk of fraud, data breaches and data theft. Merchants can adopt PCI-compliant service providers and platforms to facilitate compliance.
Compliance also means that merchants can’t store sensitive customer data — especially credit card information — after a transaction. If merchants don’t keep data that’s valuable to a fraudster, that merchant is less likely to be hacked.
Online merchants should select a third-party payment vendor that customers can trust (PayPal is one that many customers know and feel comfortable with). Promote a website’s security by displaying SSL certificates and the padlock symbol, which lets customers know any data sent and received will be encrypted.
Customers want to keep their private data secure, and they expect any retailer they do business will do the same. Retailers should consider adding a privacy statement to websites that outlines how they protect sensitive customer data.
Merchants who require the three- or four-digit card verification value found on a credit card improve the likelihood of preventing fraudulent transactions. Because this number is found only on physical credit cards, cybercriminals who purchase credit card numbers on the dark web are generally unable to provide this critical piece of data.
Although consumers might think their passwords are failsafe, hackers are increasingly creative (and successful) when it comes to hacking simple passwords and four-digit PINs. Require customers to create longer passwords with a combination of upper- and lowercase letters, numbers, and special characters. And if a customer fails to enter the correct password after a predetermined number of attempts, lock their account and ask them to reset the password.
Keeping customer data safe is a vital component to e-commerce security. But breaches aren’t the only security threat to retailers and their customers: Card-not-present fraud, phishing attacks and hacks are also very real threats to a retailer’s livelihood. Nearly 20% of small business retailers experience some form of cybercrime each year, and 60% close within six months of the attack.
Though it’s a tall order to protect an e-commerce retailer’s website from every threat, merchants can adopt a proactive strategy that significantly decreases their risk exposure and protects their customers. ClearSale’s cutting-edge fraud protection solution does just this by using cutting-edge technologies and expert human analysis to stay one step ahead of fraudsters.
When it’s time for you to pick a fraud prevention strategy that will bolster online shopping security, improve customer trust and increase revenue, download ClearSale’s new “Fraud Protection Buyers Guide.” We’ll help you ask the questions and make the comparisons that result in you selecting the right fraud protection solution for your online business.