As more and more consumers stay home and shop on the web, it’s more important than ever for ecommerce businesses to tighten up their online security.
The COVID-19 pandemic has been devastating for a lot of businesses, but the ecommerce industry is experiencing an unexpected boom. Consider that 2020 online sales in the UK are expected to grow by more than twice their original projections—19% instead of 11%. For the months of November and December, the year-over-year difference could be as high as 63%. Sales could reach £78.9 billion once the holidays are said and done.
How Cyber Threats Are Exploiting the Ecommerce Boom
As ecommerce sales reach an all-time high, hackers are also working overtime to collect their piece of the pie. A staggering 4.1 billion online records were exposed in the first half of 2019, according to research by Forter, and thieves are gaining access to this information in a number of ways. For instance:
- By exploiting vulnerabilities in payment gateways
- By hacking into ecommerce websites to obtain customer information
- By using stolen credit card numbers
- By initiating fraudulent chargebacks
Some of the world’s biggest enterprises are being targeted. Earlier this year, for example, Barnes & Noble sent a notice to customers indicating that sensitive data had been compromised in a cyber-attack. Although no financial data was leaked, customers’ addresses and phone numbers were stolen.
How to Keep Your Online Store Secure
In this thriving ecommerce market, your business is more likely than ever to be the target of fraud. The most important thing you can do is to ensure that your business website is 100% PCI-compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a collection of 12 requirements that ecommerce businesses must follow in the interest of protecting customer data.
There are 12 requirements for PCI compliance:
- All credit card data must be protected by a secure firewall.
- All passwords must be unique and secure.
- All customer data must be secured.
- All transmitted payment data must be encrypted.
- Your website must have up-to-date antivirus software
- Your systems and applications must be secure.
- Customer data must only be accessible to users who require it.
- Each user with access to your website must have a unique ID.
- Physical access to customer data must be restricted.
- Access to customer data needs to be tracked and monitored.
- Your online security must be tested on a regular basis.
- You must adopt an official information security policy for your business.
If you ensure that all of these compliance points are satisfied and regularly fine-tuned, you’ll go a long way toward preventing fraud. The most important thing is to work with a Level 1 PCI-compliant payment processor like QPay Europe. That alone will transfer much of the burden and ensure that your security is overseen by experts.
When looking for the right gateway, though, you must be vigilant about ecommerce and merchant account scams, which are rampant. Always research the provider, ensure that they’re a trusted name, and be wary of any provider that isn’t transparent about its fees or its encryption standards.
Finally, make sure to work with a payment processor that offers fraud-scrubbing tools. It’s not enough to simply protect your website. The most common ecommerce scams come in the form of friendly fraud, whereby a customer pays for and receives an item and then demands a refund from the bank (usually claiming that the item was damaged, not received, or not as advertised).
This kind of fraud costs businesses billions of pounds every year, and it can jeopardize your merchant services account. Many payment processors offer chargeback mitigation tools that flag potentially problematic transactions before they occur. Chargeback protection is well worth the investment.
As long as you’re diligent about cybersecurity, this ecommerce boom can be enormously beneficial for your business. Just don’t expect your store to protect itself.