Purchasing goods and services via the internet has never been more attractive to consumers. Safety, convenience, and a diverse variety of choices are just some of the features of ecommerce that are making it the choice of an increasing number of consumers. Unfortunately, the criminals and fraudsters who want to prey upon them have taken notice. In this age of online dominance, you need to protect your business (as well as the people you serve) from fraud, data breaches, and other criminal behaviors.
The quality of the ecommerce platform you choose can have a major bearing on your system’s safety and integrity. With the growth of online businesses has also come the exponential expansion of ecommerce providers, each of whom offers its own unique take on website templates, shopping carts, and other features. Whether you build your platform from the ground up, or choose among the various available vendors, be sure to keep fraud protection as a primary goal. While your ultimate choice might cost a bit more due to its advanced protection features, you often really do get what you pay for.
Any merchant who stores, processes, or transmits customer credit card data that contains personally identifiable information is responsible for protecting its safety. To that end, the Payment Card Industry Data Security Standards (PCI DSS) have been developed to give business owners a set of actionable benchmarks to follow. These include ensuring that factory default network settings are changed and that a firewall be set up between your internet connection and the system you store credit card information on.
Failure to comply with these standards can have very real consequences for you and your customers. For one thing, data is more vulnerable to attack when networks are not safeguarded by PCI DSS-compliant systems. Furthermore, you as a merchant may incur major penalties ranging from $5,000 to $100,000 per month and may even have your merchant account canceled. In short, it is crucial that businesses of all sizes protect their customers and themselves by complying with these standards.
Now that you are sure that you have complied with industry standards, your next job is to take stock of the overall security of the financial and personal information for which you are responsible. Start with these basic steps:
In addition, respected credit card and software security companies offer their own programs that provide extra safeguards against fraud and other forms of e-crime. Take the time to do your research for maximum protection.
In many instances, vigilance, ofton in the form of tools included in your ecommerce platform, can prevent you from being the next victim of fraud. Be on the lookout for the following suspicious behaviors:
Even if you identify any of these warning signs, that does not necessarily mean that your customer is attempting to defraud you. However, you can use this information to do some further investigating.
When you accept credit cards online, as opposed to in person, you cannot visually verify that the buyer has the physical credit card in their possession. However, requiring that they include the three- or four-digit security code listed on the back of the card will go a long way toward providing additional security since that number never appears on receipts or anywhere else besides on the actual card.
Compliance with PCI DSS rules mandates that merchants never hold onto customer credit card numbers, expiration dates, or security codes. If you have any of this information in your possession, destroy it immediately. Only keep data that you need for recurring payments or to protect yourself in the event of product returns or chargebacks, making certain that it is encrypted according to PCI requirements.
When you set up the shipping for a customer’s order, get a tracking number. By doing so, you can monitor the progress of the package and learn when it has been delivered, minimizing the likelihood that a buyer will claim that the item never arrived. Requiring a signature upon delivery also helps to protect you from incurring a chargeback.
We all know how tempting it is to come up with a simple string of digits or letters when asked to provide a password on a new account. However, weak passwords leave both your business and the customers you serve vulnerable to hackers. Reduce your risk by requiring customers to create passwords that contain small and capital letters as well as numbers and symbols.
No business owner wants to contemplate the worst-case scenario, but even the best security measures are not infallible. Should you be on the wrong end of fraud or a data breach in spite of your best efforts, your best course of action is to learn all you can from the negative event. To that end, be sure to document the details of all attacks, both successful and thwarted, to fine-tune your approach to cybersecurity in the future.
Take note of patterns among the various breaches, including address and order inconsistencies. The best way to prevent future cyber attacks is to learn from those that have already occurred by modifying your systems and employee protocols accordingly.
Your business is one of your most valuable investments. Being a good steward of the company you have worked so hard to build should be one of your most pressing priorities. By adopting ongoing internal and external protective measures, you, your employees and your customers can keep destructive criminal behavior to a minimum.