While it may be many years before we comprehend the full impact that the novel coronavirus has had on consumer behavior and the global economy, one thing is abundantly clear—the pandemic has acted as a catalyst for the digitalization of our world.
Unfortunately, there will always be those looking to take advantage of a crisis. The recent and ongoing increase in online purchasing offers cybercriminals a slew of opportunities to exploit existing vulnerabilities. In this article, we discuss what steps you should take now to protect your business and customers from data theft and fraud.
Site Security Checklist
While protecting your customers’ data has always been important, the heightened risk of data theft during this crisis should be answered with swift identification and correction of any security weaknesses in your site. Following is a quick, 5-step security check you can perform to help you identify potential vulnerabilities in your ecommerce site:
- Take stock of who has access to your customers’ information.
- Verify that your site is secured with encryption.
- Make sure you’re not holding onto unnecessary data.
- Revisit and update your password policy.
- Review your disaster plan. Has it been updated recently?
1. Limit Access to Customer Information
Your employees may be trustworthy, but they are human. Phishing and other forms of social engineering exploit human psychology and habits to gain access to sensitive information, with customer financial data as a common target.
Customer information should only be accessible by authorized personnel who have been educated in secure and ethical data management. Consider holding a special training session to brief employees on data defense strategies.
2. Verify Ecommerce Site Encryption
Encrypting your site is one of the best ways to prevent eavesdropping on sensitive data exchanges. Once an option for sites that wanted an extra layer of security, SSL encryption is now mandatory for sites that want to maintain customer trust in the modern ecommerce climate.
To keep customer data safe, make sure your site has a valid SSL certificate. If your certificate has expired, consider renewing it as soon as possible. Shoppers will be less likely to trust a site without encryption and may turn to competitors who offer a more secure shopping experience.
3. Save Only What’s Necessary
It’s easier to protect your customers’ data when you have less of it to worry about. The Payment Card Industry Security Standards Council (PCI SSC) recommends eliminating unneeded cardholder data. Cardholder data, which includes the cardholder’s name, card expiration date, and primary account number, can be stored separately from less sensitive data to minimize the number of storage locations that need significant protection.
4. Get Serious About Password Security
Universal passwords don’t cut it anymore. Every member of your team—even those who don’t have access to sensitive data—should be educated on modern password security. It is everyone’s responsibility to make sure they follow basic password security guidelines:
Complexity: Passwords should be words not found in the dictionary and include a variety of characters—letters, numbers, and symbols.
Secrecy: Emphasize the importance of keeping passwords secret. Make sure your employees know that no one will ever have a legitimate need to ask for their password.
Uniqueness: Passwords used for professional purposes should not overlap with those used on personal accounts. Every password should be completely unique to the account.
5. Disaster Preparedness
You are currently experiencing exactly what a disaster recovery plan is intended to prepare you for. A well-prepared disaster recovery plan takes into account your company’s resources, potential vulnerabilities, and key personnel and outlines the steps for proceeding after a data incident. Revisit your existing disaster plan and use what you have learned from this crisis to inform your plan moving forward.
Targeted Fraud Prevention
Fraud prevention specialists have identified a number of fraud trends that reflect the shifts in online purchases prompted by efforts to limit the spread of coronavirus. While families sheltering and working at home are purchasing more retail goods like home office equipment and wellness products, fraudsters and other bad actors are taking advantage of increased demand with the following:
- Reselling: selling items purchased from a retailer at a higher price and fulfilling orders via that retailer’s supply chain
- Retail Arbitrage: automated (and thus highly scalable) reselling
- Cashing Out: fraudsters using stolen data to purchase retail items
- Friendly Fraud: customers claiming authentic purchases as fraudulent to obtain refunds
Fraudsters hoping to hide in drastic volume increases force online sellers to increase the security measures involved with new accounts and purchases. Unfortunately, these measures often add friction to the purchase process and could potentially drive new business away. Consider how you can flush out would-be fraudsters and identify legitimate accounts without frustrating customers. Partnering with a fraud prevention solution provider can help you minimize your risk and streamline identity verification with minimal friction.
If you are experiencing or expecting a drop in purchases, instances of fraud may not necessarily decrease as legitimate transactions dwindle. Use the lower volume to your advantage by taking this time to take a closer look at transactions, identify patterns, and repair vulnerabilities that bad actors may be exploiting.
