Online shopping should be a lot less stressful than going to the store. Concerns like traffic, crowded parking lots, grumpy sales associates and long lines are non-issues for the digital shopper. The internet literally puts a veritable emporium of goods at your fingertips.
And yet, two-thirds of consumers are anxious about online shopping. Why? According to research from Experian, it’s primarily because shoppers are afraid of cybercrime. The good news is that this fear isn’t deterring online shopping – 80 percent of survey respondents actually want to be more connected. However, at what point would a customer take their business elsewhere on the web?
According to CSO Online, a survey conducted by a U.K.-based firm found that the majority of respondents were less likely to do business with a retailer that was involved in a credit card breach. If a sense of obligation to protect customers wasn’t impetus enough for online retailers to improve cybersecurity, then hopefully a threat to the bottom line will be. If you’re an online retailer and you’re ready to step up your cybersecurity game, here are a few key ways to better protect customers’ data.
In late 2014, major online retail website eBay suffered an intrusion of its customer password database. The company never explicitly said how many passwords might have been stolen; however, it urged all of its 145 million customers to change their passwords. On the bright side, the hackers didn’t actually gain access to customer payment data in the breach.
But that hardly matters if the hackers had access to customers’ accounts. As many of us know, online shoppers typically save credit or debit card information so they won’t have to enter it every time they make a purchase. This means that pretty much anyone who gets ahold of the login credentials could enjoy quite the shopping spree.
The good news for eBay is that, as is best practice, the passwords were encrypted. That said, there was some question at the time of the event regarding just how strong this encryption was. Motherboard contributor Thomas Brewster noted that by the time the breach had been announced, hackers had already been given more than two months to brute force the encryption.
This means that many of the passwords may have already been compromised by then. While there are few forms of encryption that are completely unbreakable, the stronger the encryption, the longer it will take to crack.
The moral of the story? If you’re an online retailer, use the strongest form of encryption you can afford to get your hands on.
Better account authentication
One of the most commonly employed tactics to steal credentials for online banking and e-commerce sites is a phishing scam. This entails tricking customers into giving away their login and password information. Unfortunately, there’s little that online retailers can do to directly fight phishing other than keep customers informed about any known scams currently in circulation.
That said, online retailers can do their customers a huge service by offering two-factor authentication. This entails using a second layer of authentication that no person other than the account holder is capable of bypassing.
For example, upon logging in or trying to make a purchase, a customer can receive a verification text message with a one time password, or with a reply request. Even if a hacker did somehow gain access to passwords – via phishing scam or data breach – any customers using two-factor authentication would still have that second layer of security to back them up.
Not only does this help protect customer data, it can also help online retailers catch a potential breach early. If customers start receiving an unusually high number of unauthorized requests, it could be a sign that there’s trouble afoot.
As data is sent back and forth between the web server and the browser, there’s always the risk that it could be intercepted. For online retailers, the data may include credit card numbers, names, addresses, login credentials and other shopper data. To address this, web merchants started using SSL encryption, to create a secure link for this data. Google, for instance, recently announced that up to 77 percent of all requests sent from computers around the world are encrypted, and that the end goal is to bring this number up to 100 percent.
For an online retailer, SSL encryption is especially important to making customers feel secure. Not having the HTTPS protocol is a big red warning sign that says “Stay Away.”
Not all online shoppers are savvy enough to know what to look for, but given that two-thirds of them are concerned about cybercrime, it’s safe to say that many of them are. Whether you’re a tiny online boutique or a fast-growing everything store, SSL encryption is not an expense to spare.
Help make online shopping safe again. Start by protecting your customer’s data with strong encryption and two-factor authentication.