December 06, 2016

E-commerce Security Needs Your Attention Now

E-commerce security is getting a run for its money.  

According to the 2015 Nilson Report, it was the fourth time in a row that fraud growth exceeded e-commerce growth. Out of every $100 in turnover, fraudsters got 5.65 cents.

Furthermore, the Federal Trade Commission reported credit card fraud complaints were at their highest in 10 years with a 41% increase in 2015 compared to 2014.

With the global e-commerce market forecast to grow to U.S. $2.4 trillion by 2019, it’s important to be aware of trends and security measures that protect e-commerce data.  

The top types of online fraud are identity theft (ordering items online under a false name and credit card information), phishing (using fraudulent websites, emails or text messages to trick someone into allowing access to personal data) and account theft (using someone else’s account to buy or sell something). There’s also been an increase in malware being used to take over online banking logins via phones, tablets and computers, and using those stolen banking details to make fraudulent payments.

The ongoing shift to EMV chip cards is well underway. While the new technology makes it harder to counterfeit credit cards, it hasn’t solved card fraud completely. Experts say criminals are now focusing on card-not-present fraud, and that’s why e-commerce fraud attack rates are 15% higher than last year.

Shopping habits are important to track. Some reports show that consumers like to shop online on their mobile devices. But those shoppers prefer to use their desktop computers to make actual purchases more often.

Small businesses are being targeted. A Trustwave report showed that 71% of cyber attacks target small businesses. Fraudsters know that smaller retailers are often not as well protected as major retailers.

What are important e-commerce security measures?

  • LAYERED SECURITY: Last year more than 178 million consumer records were lost or stolen according to a report. Experts suggest that as a result consumers are becoming more accepting – and even expectant – of extra security steps during checkout. Safeguards should include firewalls, multi-factor authentication, and strong passwords. Software should have continued patchwork and upgrades to remain compliant with industry security standards and to protect against hackers.
  • RED FLAGS: Set up alert notices on network systems for fraudulent activity (such as suspicious transactions). Employees should also receive on-going training so they understand security policies and are alert to fraudulent activity (for example, phishing schemes).  
  • CLEAN HOUSE: “There is no reason to store thousands of records on your customers, especially credit card numbers, expiration data, and card verification value codes," said a Trustwave executive in a post. Purge old records from databases, and keep only the data that is necessary for charge-backs and refunds. “If you have nothing to steal, you won’t be robbed.” Legacy hard drives and mobile devices that are no longer needed or used should be securely destroyed. Partner with a reliable company for hard drive destruction.

Find out how a comprehensive Document Management Policy will systematically protect confidential information in your organization from creation to disposal.