The world of shopping has undeniably evolved in recent years. In the US alone, nearly $600 billion was spent online in 2019, a 14% increase from the previous year. Quicker deliveries and reliable internet access for virtually everyone means that it is incredibly easy to shop online. This will continue to grow. Unfortunately, wherever there is this kind of money, there is inevitably some form of fraud, and online shopping scams can easily catch people out if you don’t know what to look for.
CYBERSECURITY IN E-COMMERCE, THREATS & FACTS
Did you know that there have been over 150 million attacks on e-commerce platforms by cybercriminals?
E-commerce is one of the top targets for fraudsters. It makes perfect sense when you consider the sort of data that is stored by these companies. There are still plenty of scammers who will target people based on their credit card details, attempting to make a quick buck. Some scammers also play the long game and steal data, which can be sold on the black market and used to apply for credit falsely, or for other forms of fraud.
Methods including phishing, botnets, and fake websites posing as legitimate e-commerce platforms can be used to steal people’s data.
EXAMPLES OF PREVIOUS DATA BREACHES
Data breaches have caused chaos at some of the biggest companies imaginable. This is not just something for the smallest e-commerce platforms to worry about. Even household names such as eBay have been subjected to these attacks. In 2014, eBay had to ask 145 million customers to reset their passwords after their data was stolen.
Hackers can use breached information, regardless of whether they can access card details or not. Just a name and address can be enough to apply for credit fraudulently. As well as using the data themselves, hackers will sell packages of peoples’ personal information, making it harder to trace them, and allowing dark web buyers to take advantage of online shopping scams and using the personal information of customers.
The eBay data breach is just one example. It goes to show that even massive companies can potentially be at risk, especially if they do not take the necessary precautions.
HOW TO HAVE A SAFE ONLINE SHOPPING EXPERIENCE
How can shoppers make sure they stay safe online and don’t have to worry about losing their data? Well, unfortunately, there is no way to be 100% secure as a customer. Every time you share your information there is a level of risk attached.
There are certain things that websites and e-commerce platforms should always have in place. These are the things to look out for as a customer, too.
- TLS protocol ensures a secure server with encrypted connections. You may have heard of SSL, but TLS has taken over as the leading method for securing your site.
- Different servers for payment information. This should be segregated from the rest of the data on the site, ensuring that one breach isn’t enough for data to be lost.
- Information should not be saved, wherever possible, by the site itself. Data that is encrypted or not saved is far more secure, and hackers cannot access it as easily.
- Monitor the attacks. Servers can be constantly monitored for hacking and data attacks.
- Encourage safe use. Encourage users to create strong passwords and use extra banking security levels to try and remain safe online.
A couple of extra steps for the customer include:
- Don’t click on links directly from emails. This is a common phishing scam and you might get sent to fake websites.
- Always check for the secure server by looking for the padlock sign in your browser. Also, check the domain name is the website you are expecting. Some scams and fake websites will be clones of a site that you think is legitimate, but actually, it has a character incorrectly placed in the domain, for example.
- Check independent review websites to check if the site in question has a good record of keeping customer data secure. A simple Google search may show you if there have been previous breaches, or even if people have had poor experiences with deliveries or customer service.
WHAT COMPANIES SHOULD DO TO PREVENT SUCH BREACHES
There are some clear methods for companies to prevent data breaches:
- Ensure that access to servers is limited and not all employees can get to sensitive data.
- Encourage a company policy of cybersecurity, including good email habits. Phishing or “whaling” can be used to take over the accounts of executives and steal customer data.
- Keep updated security software. This is one of the simplest ways to prevent breaches from occurring and prevent malware on the machines used to access sensitive information.
IF A BREACH HAPPENED, HOW ARE CLIENTS COMPENSATED?
In the US, the Consumer Financial Protection Bureau (CFPB) will take matters into their hands if the case is high-profile enough. Usually, a company is fined for losing the data of their customers, and a percentage of this fine is put into a fund that can compensate customers. Sometimes, if the money doesn’t stretch enough, the CFPB may take more money from the company. When Equifax lost customer data in 2017, this is the process that was taken. 150 million people were impacted due to an unpatched Apache Struts framework, and clients then had a claim for compensation.
The extra security steps that need to be taken in the modern age are simply to protect customers. They also serve to protect companies that could face big fines if they don’t act correctly and keep people’s data safe and secure. This is the responsibility of e-commerce companies in the modern age.
A few simple security steps, and a culture of cybersecurity, can help you to provide your customers with peace of mind. Ensure that you have adequate protections for your servers and that your website is a secure platform for everyone who uses it.