Over the past year the number of attacks and the occurrence of frauds over the internet have greatly increased. Individuals and organizations need to make sure that their data is secure by establishing practices that minimize risk. This is especially important for eCommerce sites where highly sensitive customer data like email, credit card details and physical address is collected. For both B2B eCommerce users and sites, this is a critical issue as payment and bank details of large organizations are involved, making it imperative that they don’t fall into the wrong hands.
There are many actions that an eCommerce store can take to increase safety for customers, as well as protect the store from frauds. The key ones include:
- Choose a safe eCommerce platform: An eCommerce solution, like our CIMM2, tends to be safer on two counts – the solution vendor sends regular updates/security patches that protect the site.
- Setup alerts: Setup an alert system that detects suspicious activity originating from a single IP address or from a single account, like multiple transactions that are disparate and use different credit cards or are destined for varied shipping locations.
- Use IP proxy and geo-location identification services: If you suspect that an IP address may be a proxy server or from an area outside that which you provide your services to, you can usually use proxy identification and geo-location services to confirm your suspicions. You can also employ an Address Verification System (AVS) to aid in this.
- Take being PCI DSS compliant seriously: By being Payment Card Industry Data Security Standard (PCI DSS) compliant you are making sure that your store is proactively protecting customer data.
- Get the security certifications: You’re sure to have seen sites with SSL certification, which shows ‘https’ in the URL instead of ‘http’. Make sure your site is similarly certified, and if you can, try to get the greater level of certification EV SSL, which shows the green bar beside the URL in addition to using ‘https’.
- Get rid of useless but sensitive data: All websites tend to store information about their users, and with eCommerce sites this usually includes the customers’ financial information like bank and credit card verification details. Storing these details for longer than is required creates an information bank that is tempting to attackers. A reasonable amount of time to store such information is the period in which they can return their purchase, or if they participate in a competition, until the results are declared.
- Track every order: By tracking every order you can identify and fight chargeback frauds.
In addition, eCommerce stores need to constantly keep educating both their employees as well as customers. On the employee front, the eCommerce store can train them on security best practices and invest in a fraud management service.
On the customer education front, the following are possible:
- Using strong passwords: By forcing customers to meet password setting criteria and informing them of its necessity, eCommerce stores can ensure that it is harder for hackers to guess passwords in brute force attacks.
- URL checking: By instructing customers that they should always check for the SSL/EV SSL certification of the site when they visit, the eCommerce site can make sure that the customer never lands on a fake duplicate site.
- Using verification systems: By teaching the customer to make use of CAPTCHA, two-step verification and other similar security verification methods when making a transaction.
The most important thing an eCommerce store, or any website for that matter, can do is to make sure that it is up to date on the nature of security threats on the internet, both to itself and its users.