How Ignoring Security Can Ruin Your eCommerce Business

We are in something of a golden age for eCommerce retailers. Survey after survey has found that revenues in the sector are booming and that consumers are increasingly relying on online and mobile technologies to make purchases.

Unfortunately, there is also a looming threat to the sector. Many eCommerce retailers have still not implemented the best security practices for eCommerce retailers, and as a result, the customer data they hold is vulnerable to hacking and theft. The consequences of a data breach can be severe, of course, but so can the perception that a company is not taking security seriously enough.

The Good News and the Bad News

A huge survey conducted in 2017, the American Express Digital Payments Survey, provides some numbers to back up these concerns. It found that 81% of US merchants think that online channels will be the primary driver of business growth in the next decade. It also found that more than 70% of online shoppers have used digital payment methods, including online wallets and one-click checkouts.

On the other hand, the same survey also found that nearly 40% of consumers had abandoned online payments because they didn’t feel that their data would be secure. In some cases, this was because retailers had simply not taken steps to make their store more secure, but in others, this abandonment was simply due to a perception that sites were not taking data security seriously.

This problem of perception is likely to be a big challenge for eCommerce retailers in the coming years. Consumers are more and more conscious about their online security, and usage of secure email and privacy software like VPNs are spiking. Even if you’ve taken technical steps to secure your website, this may not be enough: today, you also need to explain to your customers how you are looking after their data, and respecting their privacy.

Increasing Fraud

Another problem for online retailers is the explosion in fraud rates that has been seen over the past few years. Security Magazine publishes an annual Fraud Index, and it makes for alarming reading for eCommerce retailers. 

This index shows a steady increase in fraud rates over the past few decades, with fraud increasing 5% year-on-year. However, that headline rate hides significant differences between sectors when it comes to fraudulent transactions. The cosmetics and perfumes industry, for example, saw a 172% increase in fraud rates in 2018.

In addition, retailers who carry expensive goods are more likely to be affected by fraud. The rate of fraudulent transactions above $500, for instance, is some 22 times higher than for purchases below that limit.

This is because criminals specifically target accounts with access to high-value purchases. Account takeover fraud can devastate a business. Fraudulent charges lead to financial losses, but the damage goes beyond that. If a customer has their account compromised and used for fraud, they may lose trust in the retailer, leading to reputational harm and lost sales. Early detection of account takeover attempts through strong account takeover fraud detection systems is critical. Businesses that implement strong security protocols and fraud detection systems can prevent fraudulent transactions and protect their customers’ accounts.

These increased fraud rates also pose a significant challenge to eCommerce retailers, albeit one of a slightly different character to that posed by the risk of data breaches. In fact, eCommerce retailers can sometimes feel like they are caught in a double-bind: they need to be open about their security measures in order to attract security-conscious shoppers, but being too honest about these potentially reveals vulnerabilities that fraudsters can take advantage of.

For those who go the content management system route (which typically means WordPress), don’t allow yourself to become derailed by frequent claims that the software is riddled with hacks. Take that opinion with a grain of salt.

As long as you choose a WordPress host that takes security seriously, you are at no more risk by a percentage of having your site penetrated by bad guys than anyone else. The numbers are skewed because so many website owners use WordPress as opposed to any other brand that of course it will be hacked more if you’re just counting numerical incidents. The trick is to take basic security precautions.

Breaking the Cycle

Ecommerce retailers are also guilty of another oversight when it comes to cybersecurity. Around the time of Black Friday and the Christmas period, high-profile security breaches and fraud cases always make the headlines. In response, eCommerce retailers tend to hire professionals to increase their security protections.

Unfortunately, this is often too little too late. There remains a perception that data security is a seasonal problem for eCommerce, with fraud and hacking rates spiking around these holidays. That is not true. The dollar value of fraud might increase during these periods, but only because the value of purchases is so much higher at this time.

In order to protect themselves, and the customer data they hold, eCommerce retailers need to stay vigilant year-round. They need to be able, for instance, to spot the signs of malware infection, even if this malware is programmed not to execute until the holiday period.

There are also some other simple steps that eCommerce retailers can take to secure their sites against attack and fraud:

• 1. Don’t collect, save, or archive any information on your customers that you do not absolutely need. If you don’t have this data, it is possible that you can accidentally leak it!
• 2. Encryption should be used wherever possible. This goes for the connection that your customers have to your site (which should use SSL), but also internal communications between the components on your own system.
• 3. Do the basics right. Despite everyone knowing that they should regularly update their system and security software, too many eCommerce retailers are still running out-of-date systems. If you don’t update your software, hacking your systems is as easy as looking up a list of known vulnerabilities.

Finally, if you share any customer data with third-party companies, it is your responsibility to perform due diligence on them.

The Bottom Line

Poor security practices can ruin eCommerce businesses in two key ways. 

One is the obvious way: that the consequences of a data breach can be catastrophic for an eCommerce business. If you fall victim to a hack, you are likely to have to pay a fine, on top of the reputational damage you will incur.

The second risk is that customers are increasingly making purchasing decisions based on how secure sites are. If you don’t take the time to implement security measures and are not honest about these with your customers, your potential buyers will simply go elsewhere. Pay attention to your customer churn rate. A certain percentage is unavoidable but if it spikes without an obvious reason why check that you’re not accidentally giving off “this website is dangerous” vibes.

In the near future, there might also be a third risk factor: government legislation. There are plans to convene a government department of cybersecurity being actively discussed, and this body is likely to mandate security measures for eCommerce firms. The best way to prepare for that is to put security measures in place now.

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.