December 22, 2015

E-Commerce Security: Why Password Policies are Key

Long gone are the days when e-commerce security concerns drove buyers to shop in-store rather than online. In fact, for many customers in the UK online shopping for Christmas presents is increasingly the preferred option to visiting the high street, according to a new study by Approved Index.

The research showed that of the 2,000 people surveyed, 90% said they did at least some of their shopping online, with 47% doing most or all their shopping at home. Only 10% did all of their Christmas shopping instore.

Comfort and convenience were the key drivers to shopping online. Respondents cited that benefits such as avoiding crowded shops, not having to carry heavy bags and being able to make use of exclusive discounts attracted them away from shopping on the high street. In fact, 60% were so opposed to shopping on the high street that if their preferred item wasn’t available they would rather compromise for a similar item online than visit an actual shop.

However snapping up Christmas presents online can come with some downsides. There’s a common assumption that credit card numbers and other personal data given to e-retailers are safe and secure. In fact, lax e-commerce website security can often lead to a data breach, with one study finding that almost 70% of UK retailers have lost important customer data, and 22% had been hacked.

One of the biggest e-commerce security issues these days seems to be the password policy on websites.

When Dashlane, a top rated password manager, assessed the top 100 e-commerce sites on 24 different password criteria important to online security, the findings were alarming.   

For example, over half of the e-commerce sites still accepted “notoriously weak” passwords such as ‘123456’ and ‘password’. Almost as many allowed users to enter – even after 10 incorrect password tries (which can indicate criminal activity). Also, many failed to help users create stronger and better passwords. 

When making a transaction, online customers are typically prompted to create a password-protected account and provide personal data including addresses and credit card information. A weak password means this data is more vulnerable to a password hacker. In fact, the weaker the password, the easier it is for information thieves to break in.  

To tighten information security, Dashlane recommends these password policies:

  • Passwords must be at least 8 characters long and contain a combination of upper/lower case letters, numbers and symbols
  • Block account access after 4 failed login attempts
  • During the signup process, provide users with guidelines on how to choose a strong password
  • Provide password strength assessment as passwords are being created.

Learn more about the current trends in the information security industry and stay up-to-date on tactics to ensure your company remains secure.