3 Security Threats for E-Commerce Site Owners During the Festive Season
E-commerce has revolutionised the world of retail, and provides a level of convenience that previously seemed impossible. Customers can enjoy the luxury of shopping from their own home and have goods delivered right to their front door.
However, e-commerce can pose major risks for both merchants and customers. In 2016, identity theft and fraud cost consumers more than $16 billion, affecting over 15.4 million people. The risk of a security threat increases during the busy festive season, where merchants processing a high volume of orders are more likely to fall for a scam from a cunning attacker.
It’s the responsibility of every e-commerce site owner to ensure that their customers’ personal information is secure and protected. Christmas won’t be very merry if you have to deal with the fallout from a scam, so stay ahead of it by familiarising yourself with these security threats.
Credit card fraud
The most common risk associated with e-commerce is the potential for credit card fraud. It’s important to know who you’re dealing with online, and how to protect your customers’ card details from getting into the wrong hands.
Some things that you should watch out for when processing online payments include:
+ Large, unusual transactions from unknown buyers
+ Payment with a variety of credit cards with similar numbers to each other
+ Expedited orders that request overnight or express shipping — often, this is the choice of shipping for a fraudster
+ High volume of transactions on a card over short periods of time
+ Transfer of funds to a transaction account or money transfer agency
Tip: Use a security program to authenticate the cardholder at point of purchase with a password. An example of this is Mastercard SecureCode.
Malicious payment gateways
Even if your e-commerce site makes use of a trusted payment gateway like PayPal, hackers can still infect your site and change where the payment is going. It’s possible for sophisticated attackers to either redirect the payment gateway or clone the checkout in an attempt at phishing.
As a result, the buyer is unable to tell the difference between the authentic payment gateway and the fake one. Once they input their personal information, attackers can intercept it and easily attain a customer’s credit card details.
Not only does your customer lose money to a hacker and have their sensitive personal information compromised, your business loses a sale.
Tip: A website application firewall (WAF) can prevent attackers from being able to intercept the payment gateway.
A shipping address can indicate several things about the reliability of an order. It’s often suspicious when “Bill To” and “Ship To” addresses don’t match, particularly when customers ask for expedited shipping.
Make sure to also check that the billing and/or shipping address matches the credit card provided. While honest customers may just be ordering a gift to an address other than their own, it’s still always better to be safe than sorry.
Tip: Call the customer to confirm details if an order looks suspicious to you.
An unfortunate aspect of running a business will always involve a degree of risk management. Stay one step ahead of cyber attackers and fraudsters this Christmas by remaining vigilant and aware of the threats out there.