Security can be one of those things we don’t really think about until something bad happens. Recently in the retail industry, there have been several data breaches with major retailers (both online and via point-of-sale devices) which has resulted in news headlines along with U.S. government attention and intervention.
So how can online retailers protect themselves and keep customer account and payment information secure? Here are a few methods…
Evaluate and strengthen password security – A recent study by security firm Dashlane shows that many leading online retailers still accept weak and highly guessed passwords such as “password” and “123456” on their eCommerce site. Another security concern is that some eCommerce sites still send password information to consumers in plain-text e-mails. If unaware, eCommerce professionals should consider evaluating their current password policies to understand the restrictions in place and revise those policies if necessary.
Understand the importance of PCI-DSS compliance – PCI-DSS, or the Payment Card Industry – Data Security Standard, was created by the credit card industry to combat online fraud and transfer some of the risk around online credit purchases from the credit card company to the retailer and consumer. There are levels of PCI-DSS compliance retailers must meet to capture and store payment information – breaches of such compliance can result in a $250,000 fine and possibly the removal of card acceptance capabilities. Because of the serious nature of PCI-DSS, some retailers choose to partner with a PCI-DSS compliant financial services solution to meet compliance standards. Retailers utilizing a partner solution can also gain additional benefits from the solution’s security expertise such as allowing payments in different geographies and currencies.
The impact of fraud goes far beyond the actual costs – Outside of monetary fines, the reach and impact of fraud can span far and into many areas of a retail business. “Cleaning up” fraudulent charges can cost retail businesses millions of dollars and may take several years. Consumers can also lose trust in a retailer who has had extensive fraud concerns, either taking their business to a competitor or leaving the product vertical altogether. Alerting consumers of fraud in real-time can show transparency between a retailer and consumers to soften the decrease in consumer trust, although this may not always be possible due to ongoing fraud concerns and investigations.
Fraud has become a global issue – As leading online retailers expand their international footprint, so do perpetrators of fraud. With the increase in international orders it has become more important to keep up with security trends on a global scale as several new fraudulent methods emerge each year. Especially with large international orders, it is becoming a best practice to fully authorize and re-authorize payment details as there are fewer consequences to being cautious than authorizing a fraudulent transaction. Although these large orders may boost the bottom line, it can be important to not let the temptation of the order sway a retailer’s judgment and instinct.
In conclusion, the impact of payment and account security in online retail has become too important to ignore. Even though there is no “universal code” for dealing with security concerns and each instance is unique, many retailers have come to fully understand the risk of not taking these concerns seriously. With emerging e-payment systems such as bitcoin and “point reward” currencies (i.e. My Coke Rewards) on the forefront, retailers should consider investing the time and resources to properly address existing security concerns in order to be ready for new avenues of online shopping fraud prevention moving forward.