Global ecommerce is expected to increase from $1.3 trillion in 2014, to $2.5 trillion in 2018. This growth is being fueled by a number of factors that include expanding online user base, increased mobile commerce sales, and availability of more secure payment options.
However, the harsh reality is that the growing flow of money through connected cross channel commerce platforms has also attracted an increasing number of fraudsters.
According to the Global Fraud Index, fraud attempt rates have more than quadrupled in 2016 since the end of the last year. The costs of online fraud to ecommerce businesses in the US amount to nearly $3.5 billion a year, cutting dramatically into profits.
In order to counter the threat of online fraud, ecommerce companies need to create the right balance between prevention techniques and converting visits into sales.
So, what exactly are those strategies that can help reduce the risk of online threat without affecting the ability to attract and convert leads?
1. Select a Secure Website Platform
The foremost thing you can do to prevent eCommerce fraud is to select a reliable and secure website platform. When searching for a website platform, it’s important to look beyond the costs and technology and focus on security features of the website platform. It’s important to select a website platform that offers maximum security protection.
You may be surprised to know that the most popular content management system (CMS) platforms, namely WordPress, Drupal, Magento, and Joomla, are the most common target for hackers. In a website hack trend report published by Sucuri Security in 2016, it was revealed that about 78% of the hacked sites were run on WordPress platform. Moreover, it was found that the common CMS platforms contained a large number of outdated plugins (Magento: 96%, Joomla: 84%, Drupal: 81%, and WordPress: 56%) making them open to malware and phasing exploits.
Does that mean you should avoid using these popular CMS platforms?
No, not at all! There are so many benefits of these platforms such as cost, powerful content management features, flexibility provided by open source and other that makes them the ideal platform for eCommerce.
What you should in fact do is to take relevant steps action to secure the CMS site. Avoid installing vulnerable and obsolete plugins. Also, make sure to regularly install patches and updates of the website platforms. You must also use strong password containing both letters and numbers. For additional protection, you must use a two-factor authentication (2FA) to prevent hackers from gaining access to the admin panel.
Other than that, you should make it a habit of regularly backing up the CMS and the underlying database at least once a week. This will allow you to quickly restore the website content in case of being subjected to a hack attack. Lastly, you should consider subscribing to an online forum or site that regularly publishes known vulnerabilities to the CMS platform being used.
2. Make Sure that Online Checkout is PCI Compliant
Ensuring that the online checkout of the site is PCI compliant will greatly help in protecting your customers from being a victim of online fraud. PCI is an acronym of Payment Card Industry that is a forum of global companies including MasterCard, Visa, and Amex. The group has introduced a set of standards and guidelines to ensure that companies that store, process, and transmit credit card information offer a secure environment to the customers.
Complying with the standards is mandatory in the US, and non-compliance may result in a fine of $5,000-$100,000. It’s important that you read the PCI Security Standards guidelines and ensure that you offer a safe and secure payment platform to the consumers.
Platforms that are PCI compliant include PayPal, Shopify, Etsy, Stripe, and Highwire. These platforms will handle almost most of the compliance related steps related to the eCommerce site. PayPal, for instance, offers Payflow Link that is a PCI compliant solution for checkout page of a website. That being said, you may still need to read the PCI guidelines and ensure that site is fully compliant with PCI.
3. Avoid Storing Sensitive Customers Data
The third important piece of advice to protect your business from eCommerce fraud is to avoid storing sensitive customer data such as credit card number, card verification value, and expiration data. This is one the requirements of PCI standards that must be strictly followed. Consider purging old record from the database and store only that information about customers that are needed for refunds and charge backs.
The above are just some of the most important steps you can take to make your website secure and prevent hack attacks. Remember, the more effort you put into in making your eCommerce website secure, the fewer the chances of your site falling prey to an online attack. Hackers look for sites with vulnerabilities – make sure you don’t give them any chance of succeeding in their malicious intentions by taking effective security measures.
- 24 Jun, 2016