The rise of e-commerce offers consumers better access to goods, lower prices and an improved shopping experience—these are just some of the many benefits driving growth in the $1 trillion global e-commerce industry.
From a business perspective, e-commerce gives exposure to a larger audience than could be reached with traditional retailing. However, it can also expose businesses and their customers to serious data risks.
Businesses have the responsibility of collecting and transmitting private information from consumers; therefore, these retailers must be aware of the risks. Mishandling or mistakenly verifying this data can have serious consequences for the business and for the consumers.
Related Article: Identifying Online Fraud & How to Stop It
Most online retailers have fallen prey to fraud at some point or another, according to a December 2014 research report conducted by J. Gold Associates. One study, "Mobile E-Commerce: Friend or Foe?" showed only eight percent of surveyed companies reported no losses due to fraud in the past year. And those losses incurred by e-commerce fraud added up to huge numbers: annual fraud costs reached $32 billion in 2014.
Transmitting transactional data opens businesses up to e-commerce criminals skilled in various methods of fraud. Purchases made using a stolen credit card, customers claiming they did not receive purchased goods and the unauthorized use of a credit card are common methods of fraud. Unfortunately for e-commerce businesses, it is the merchant that often bears the cost of fraud through costly chargebacks.
Data Breaches and Loss of Trust
When a data breach does occur, businesses have a moral obligation to disclose the incident to the affected customers, even though the disclosure of a data breach can do serious harm to a company’s reputation. The announcement of a data breach often causes a sharp drop in online—such as the 5.5 percent drop in transactions at retailer Target during the holiday season after its massive 2013 data breach—as well as consumer confidence in the brand.
AYTM Market Research asked 400 online shoppers in January 2015 if they would stop using a website or app if it experienced a privacy breach—and 79 percent said they would. This loss of confidence shows that data breaches, large or small, can cause lasting damage to a brand.
Related Article: What Target Should Have Done to Prevent Their Security Breach
A heavy reliance on e-commerce without proper system redundancy exposes a company to significant business disruption risks—these businesses are expected to be open 24/7. Without redundancy in place, events including hacker attacks, natural disasters, data corruption or other issues can cause serious problems.
For example, shopping carts could crash, transactions could fail to complete or a website could be rendered completely inaccessible. Even short periods of downtime can cause major financial hardship for an e-commerce business.
Protecting Your Ecommerce Business
To protect your business data—and your customers—against these threats, owners need to ensure they are following data management best practices. All e-commerce businesses that handle credit card transactions must be PCI compliant. PCI compliance includes 12 requirements in its guidelines, such as maintaining a firewall, protecting any stored cardholder data, restricting access to data and more.
Companies can, however, take further steps to promote the security and quality of transactional data to avoid fraud, reduce the chance of downtime and improve customer trust.
Consumer Data Validation
Tools are available to add additional layers of data authentication to current payment processing. Data validation for e-commerce helps in two ways: it helps catch fraudulent activity and reduces the chance of errors in the transaction at any stage, whether it is during the order or at delivery.
E-commerce data validation tools—including those for simple name and address verification and those for more in-depth credit card—add security without requiring any additional effort on the part of the consumer.
These tools often compare name, address and IP addresses to confirm a customer’s location, allowing the business to identify fraud quickly. In addition, these tools often complete or correct data.
Related Article: 5 Questions to Ask When a Security Breach Has Occurred
Layers of Network Security
A number of elements work together to create a secure environment: Physical network segregation, firewalls and intrusion monitoring are key elements of secure infrastructure.
Implementing network security involves identifying and securing potential network vulnerabilities and being vigilant with user authentication and authorization. It is sometimes advisable to use third-party service providers for transactional processes, data storage or security.
E-commerce business should not rely alone on firewalls and TLS/SSL certificates: use your consumers, too. Require strong passwords and enable two-step verification for further protection against fraud.
Redundancy and Continuity Planning
E-commerce businesses need system redundancy to minimize disruption to their operations. With technologies and site hosting services, full redundancy of key systems is available at affordable prices. Considering the costs of downtime, the costs of implementing redundancy are minimal.
From the Consumer Perspective
Consumers face their own data risks when shopping online, as each transaction requires the consumer to provide sensitive information. Online merchants store a large amount of customer data, including names, ages, addresses, purchase histories and sometimes payment information.
Because of the breadth of this data, a breach in a merchant’s network can expose thousands of customer records. Though the companies targeted suffer great consequences of data breaches, there are thousands more victims: the consumers.
Businesses play a huge role in protecting sensitive online data, and a strict adherence to consumer data security protocols and fraud detection can increase trust. Not only will these efforts protect data and revenue, they will ease customers’ fear of mishandled or misappropriated data.