E-commerce business models have many advantages over brick-and-mortar retailers, including lower overhead, more flexibility in product and price testing, and more opportunities to manage inventory at optimal levels based on shopper behavior and current web analytics. However, an e-commerce business can’t escape all the realities of merchants with physical storefronts—including shoplifters.
Here are six tips for preventing virtual shoplifters:
Safeguard your platform. An open-source e-commerce platform could make you more vulnerable to hackers. Ensure that you host your site with a platform that uses object-oriented programing language. Ideally, the administrative portions of your site should be completely inaccessible to anyone outside of your organization.
Maximize your SSL strategy. Use of Secure Sockets Layer (SSL) certificates have become commonplace in online transactions that involve sensitive data. As Rick Andrews from Symantec recently advised in a CIO Magazine article, however, their opportunities can be further maximized—and it may even translate into conversion improvements at customer checkout. “Integrate the stronger EV SSL [Extended Validation Secure Sockets Layer], URL green bar and SSL security seal so customers know that your website is safe,” Andrews said.
Additionally, mandate consistent business processes to ensure someone in your company is tasked with staying abreast of the latest changes in the world of online security, and keeping systems current in light of them. In mid-April, for example, the Payment Card Industry Standards Security Council (PCI SSI) announced it found vulnerabilities in the current SSL and TLC (Transport Layer Security) methodologies, exposed in part by Heartbleed and Poodle. Although merchants have until June 30, 2016 to revise their SSL protocol to remain PCI compliant, a business is vulnerable to hackers who are well aware of the opportunities to take advantage of such security “holes,” until the security updates are in place.
Follow PCI compliance standards. In addition to incorporating PCI-compliant secure payment gateways into your e-commerce site to process transactions, confirm that you aren’t storing sensitive customer data (also prohibited by PCI standards)—even if you do so to streamline return procedures.
While it may extend the length of your checkout and return processes slightly, what your business stands to lose in the form of risk exposure due to stored sensitive data outweighs potential efficiency gains.
Verify card information with addresses. Although e-commerce transactions inherently include “card not present” scenarios, you can still take steps to reduce the risk of fraudulent transactions. Implement address verification systems to detect potential information discrepancies between card information and the customer. Require that the customer input security information shown on the physical card, like the three- or four-digit card verification on the back or front of the card (in the case of American Express).
Set alerts—and pay attention to them.
Security alerts can detect suspicious activity before it spirals into a full-scale cybertheft—but only if you take them seriously. In the case of the Target data breach, Bloomberg reported that the merchant’s security alerts did sense suspicious activity well before the data breach was underway, but that the threats weren’t taken seriously by technology staff. At minimum, every e-commerce business should have alerts to detect unusually high activity originating from a single IP address, and to flag customers who order multiple times using different cards, in a short period of time.
Install “patches” as soon as they are available. Your software and operating systems are only secure if they’re current. When new versions of software are released, install them as soon as possible—and immediately, if the update involves a patch developed because a vulnerability was detected.
If you operated a brick-and-mortar business you wouldn’t leave your cash registers unattended or doors unlocked after business hours—but gaps in online security are akin to doing just that when you have an e-commerce business.
Establish processes and security procedures to ensure that you remain aware of changes in security standards, potential threats and areas of vulnerability. While you may not stop virtual shoplifters and fraudulent transactions entirely, optimizing your site security is your best line of defense.