Understanding E-Commerce Security


We are awash in data. Never before have people so willingly shared personal information, private details, and key identifying data so willingly. This, of course, is due to how the Internet has evolved to be a space for business and social connection.
Merchants and consumers are the primary beneficiaries of this evolution to an e-commerce network. Merchants who previously sold their goods in brick-and-mortar retail spaces, or relied on the fading world of catalog sales, now have quick and easy access to a global customer base. This global customer base is keen to browse and shop from previously inaccessible merchants.
The snag to this model of “always open for business” is that of security. Merchants are reluctant to talk about e-commerce security for fear over the questions and concerns it can stir up in their consumers. Consumers know that online transactions may involve risk, but darn it, they want that pair of shiny red shoes by tomorrow morning so they’ll risk sharing their banking information online!
These attitudes should not absolve merchants from spending as much time on e-commerce security as they do on their social media marketing. Instead, the prevailing attitudes of complacency should force merchants to act: know the e-commerce threats, know how to prevent them, and know what to do should a breach occur.
Real E-Commerce Threats
Merchants are on the frontlines of e-commerce security – it is up to merchants to know what the threats are and how to defend against them.

  • Cross-site scripting. A JavaScript snippet is embedded in a vulnerable web page and used to access cookie data, impersonate website visitors, and steal private data such as credit card information.
  • SQL injections. An SQL injection can be used to create fake administrator accounts that allow access to secure data.
  • Phishing. Valid customers are tricked by fake emails into updating their account information or changing their password; this data is then stolen and used by fraudsters.
  • Distributed Denial of Service. A DDoS attack strategically overburdens the website’s servers with requests, causing the website to crash. The websites are attacked and then held for ransom by the hackers.
  • Bad bots. These bots infiltrate websites and commit a range of malicious attacks: price scraping, login fraud, fake shopping carts, and site analytic manipulation. In its 2017 Bad Bot Report, Distil Networks revealed that 97% of websites are attacked by a bad bot and that these bots represent on average 15.6% of the website traffic.
  • Man-in-the-middle attacks. Can occur when an insecure WiFi network is used or the website data is not encrypted. Fraudsters can listen in on consumer movements and collect personal data.
  • Malware. Often inserted into the merchant website as a result of phishing or an SQL injection. This malware is used to control the merchant’s website, giving the fraudster complete control and access to the site and data.

Knowing how e-commerce security is threatened gives merchants the power to prevent such attacks. The more merchants know about e-commerce strengths and vulnerabilities, the better.
Real E-Commerce Security
Merchants cannot use the wait-and-see or trial-and-error approach to their e-commerce security. There is little room for error and there is even less chance of recovery from such error. Merchants must be proactive in the face of e-commerce security threats and take preventive action.

  • Multi-layered security. Learn which technologies make sense for your business and how to strategically apply them. Read Fraud Protection Lessons from Goldilocks to learn the advantages of not just relying on an off-the-shelf solution.
  • Be data savvy. Do not store customer data. Regardless of how secure you believe your database may be, stored customer data is a key target for fraudsters. Keep only the information you need to track purchases, refunds, and to use in chargeback representment cases. Use a proven payment gateway that relies on tokenization and complies with PCI standards.
  • Enforce strong passwords. Customers must be instructed to enter a password that uses a combination of uppercase and lowercase alphanumeric characters. Educate your customers on why a strong password is a must.
  • Educate customer service staff. Ensure customer service team members know the facts on e-commerce threats and security. Make sure they understand phishing and know not to provide private customer details over the phone, email, or in chat.
  • Site analytics. Prepare to notice unexpected website traffic by knowing who is visiting your website, how they’re accessing the site, the pages they frequently visit, and other site interactions.
  • Always be up-to-date. Be vigilant about applying software patches and perform recommended software updates.

Along with knowing how e-commerce threats happen and how to prevent them, merchants must also have a plan in place in the event a security breach occurs. This disaster recovery plan should include details such as how customers will be contacted, the media plan, site back-up details, and key contact information for the IT team managing the e-commerce website.
Real E-Commerce Expertise
While all this information may seem overwhelming, we understand that you simply want to sell your products online and minimize your concern about e-commerce threats and complicated security measures. The good news is that Verifi has a proven team of e-commerce security experts who can help you.
Please contact us to find out how you can best protect your business and website from malicious hacks and threats. We will work with you to devise and implement a customized e-commerce solution that keeps your business and customers protected.