E-commerce Security Needs Your Attention Now
With the Christmas season in full swing, E-commerce security is getting a run for its money. Record numbers of consumers now shop online, with the comfort and convenience of shopping from home luring them away from the high street.
The IMRG Capgemini eRetail Sales Index estimates that some 27% of retail sales now take place online. It predicts that this year, e-commerce sales will rise to £126 billion. But the rise in e-commerce has seen a corresponding increase in online fraud, with scammers cashing in on the lucrative market. According to the 2015 Nilson Report, it was the fourth year in a row that fraud growth exceeded e-commerce growth.
Furthermore, Financial Fraud Action UK reports that in 2015, financial fraud losses across payment cards, remote banking and cheques totalled £755 million, an increase of 26% compared to 2014.
The top types of online fraud are identity theft (ordering items online under a false name and credit card information), phishing (using fraudulent websites, emails or text messages to trick someone into allowing access to personal data) and account theft (using someone else’s account to buy or sell something). There’s also been an increase in malware being used to take over online banking logins via phones, tablets and computers, and using those stolen banking details to make fraudulent payments.
Shopping habits are important to track. Some reports show that consumers like to shop online on their mobile devices. But those shoppers prefer to use their desktop computers to make actual purchases more often.
Small businesses are being targeted. A Trustwave report showed that 71% of cyber attacks target small businesses. Fraudsters know that smaller retailers are often not as well protected as major retailers.
What are important e-commerce security measures?
- LAYERED SECURITY: Last year more than 480 million consumer records were lost or stolen worldwide. Experts suggest that as a result consumers are becoming more accepting – and even expectant – of extra security steps during checkout. Safeguards should include firewalls, multi-factor authentication, and strong passwords. Software should have continued patchwork and upgrades to remain compliant with industry security standards and to protect against hackers.
- RED FLAGS: Set up alert notices on network systems for fraudulent activity (such as suspicious transactions). Employees should also receive ongoing training so they understand security policies and are alert to fraudulent activity (for example, phishing schemes).
- CLEAN HOUSE: “There is no reason to store thousands of records on your customers, especially credit card numbers, expiration data, and card security codes," said a Trustwave executive in a CIO.com post. Purge old records from databases, and keep only the data that is necessary. “If you have nothing to steal, you won’t be robbed.” Out of date hard drives and mobile devices that are no longer needed or used should be securely destroyed. Partner with a reliable company for hard drive destruction.
Find out how a comprehensive Document Management Policy will systematically protect confidential information in your organisation from creation to disposal, with this free guide.