Tag Archives: ecommerce security

12.23.15
by

The Risky Business of Mobile Security and Holiday Shopping

Secure credit card processing

E-Commerce has seen continuous growth for over a decade now and 2013 worldwide business to customer sales amounted to more than $1 trillion. Same as regular shopping, e-commerce sales record a huge increase during holiday season. Other than holidays that boost brick and mortar retail stores’ sales, like Christmas, Valentine’s Day and Black Friday, bigger e-commerce stores also create special offers for a few unique online shopping holidays. These include:

  • Cyber Monday– this is the first Monday after Black Friday and it’s coming with the same shopping fuss all around the internet. Some retail chains continue offering discounts, even after this day and extend their offers to the whole week (Cyber Week).
  • Single’s Day – last year we witnessed new shopping phenomenon when one of the biggest Chinese online stores decided to turn minor Chinese holiday into the biggest shopping day in the world.

E-commerce entrepreneurs have a lot of work during these holidays, mainly due to increased traffic on their websites. Since smartphones are becoming more popular than ever, holiday sales growth is the most visible in mobile shopping statistics. Comparing to last year, number of mobile purchases doubled, while purchases from tablet devices quadrupled during this year. Some predictions even say that in the end of 2015, number of mobile and tablet purchases will reach 18 million. High holiday traffic means more security risks. In this article we presented several effective ways for e-commerce website administrators to protect their and their customer’s sensitive data from cyber criminals.

Identify Fraudulent Visitors

E-commerce administrators should take precaution measures before the holiday season starts. They should:

  • Spoofers – They should search for visitors who are trying to spoof mobile devices. These are more likely to have malicious intent
  • Jail broken iOS devices – these phones are either stolen or hacked so they can download paid AppStore apps. Users with jail-broken iOS, are also much more likely to commit acts of cyber crime
  • Android users with mini browser alternative – these are often used by the hackers to show a US based IP address, while communicating from elsewhere
  • Track consumers – Use advanced tracking and keep all data, in order to recognize and block users who try to apply malware software, like: man-in-the-browser and man-in-the-mobile Trojans

Apply Security Measures

Security should be tightened while waiting for the holiday season. These are some of the measures e-commerce administrators should apply:

  • Mobile app security testing – security should be the highest priority during all app building cycles. Apps should be customized to come with security strategies that are able to answer the latest mobile security challenges, rather than having generic and outdated solutions
  • SSL and PCI compliancy– admins should use strong Secure Socket Layer authentication and run frequent PCI scans
  • Don’t store sensitive data – customers’ credit card and personal data shouldn’t be stored on company servers. Data breach doesn’t happen when there’s no data
  • Address and Card verification systems – these systems should be applied in order to reduce fraudulent attempts
  • Set up alerts– alerts should turn on in case several suspicious transactions or data breach attempts are coming from the same IP address. These alerts should be connected with admin’s smartphone
  • Introduce remote software systems– when cyber-attack occurs, website and app administrators need to react fast, which is why remote server monitoring systems are very useful
  • Patch regularly– security systems should be patched, the moment new versions are released

Educate Customers and Employees

Both customers and employees should be educated about safety measures and precaution. This education should include:

  • Employee’s security training – all company employees should be introduced to cyber security, especially if the company is working on BYOD bases. They should know about safe use of e mail, text messengers and social media accounts
  • Require strong passwords from customers – strong passwords, especially passphrases are harder to break
  • Customer education– add mobile shopping security articles to company’s blog, send them over newsletter and provide links to them on product pages.

With e-commerce being such a competitive niche, only companies that enable customers to shop freely and without fear can stay competitive, especially during those shop-till-you-drop holidays.

 

Guest Author: Nate M. Vickery

Nate M. Vickery is a business consultant from Sydney, Australia. He is mostly engaged in providing entrepreneurs and small business owners with management and marketing advice. He is also the editor in chief on Bizzmarkblog.com.

We’d love to hear your thoughts and experiences on this post. Please do leave a comment.

 

* Secure credit card image sourced from Perspecsys Photos licensed under Creative Commons Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0) https://creativecommons.org/licenses/by-sa/2.0/

 

 

11.24.14
by

How to Create Your eCommerce Budget for 2015

Creating a budget requires time for planning, looking at your available resources and a thought process that is geared towards avoiding any unforeseen costs and expenses. This rings especially true for those who are looking at starting up a successful eCommerce venture.

Shopping Cart Software

Image Source: ShutterStock.com

Many elements of your line items will appear self evident, but others are less obvious. In addition to initial startup costs of getting your web site built, tested and functional, there are other more long-term, ongoing expenses that need consideration and inclusion.

Here are six key elements to examine when planning your eCommerce budget:

#1 – Design & Development

In addition to the most obvious, number-one line item for your online business, some categories of design and development are often overlooked. For example, one will easily remember a “shopping cart” service, but what about the other elements that should accompany this buying platform? Customer loyalty programs, coupons, gift cards, shipping estimators, returns and exchanges are just a few functions and features that sometimes go MIA.

#2 – Visuals & Artwork

Once you look past the design of a business logo, your site needs other types of visual appeal, photographs and artwork. These are not necessarily “free” and to avoid any possible legal ramifications in the future, ensure that your images are all properly licensed (naturally available at an additional cost) or perhaps you will be using your own photography. Either way, decide which will work best for you and your bottom line.

#3 – Data Entry & Management

Someone will need to enter all your valuable product information into a database. While most developers will perform this service (again, for an additional fee), some startups will opt to do it themselves. Be prepared for a little training and a hefty investment in time, but this is also a valuable way to learn the ropes of your site’s management console. There is also ongoing data management and maintenance of product information, customer and sales information that require attention.

Data entry security

Image Source: ShutterStock.com

#4 – Hosting & Security

There are plenty of web hosting companies that are a real bargain, but you often get what you pay for in terms of speed, security and support. Online shoppers are impatient and fickle, so if your site loads too slowly or doesn’t appear to be secure, they will quickly move along to someplace faster and safer without blinking an eye.

#5 – Maintenance & Updates

What works today, might not work tomorrow — just think of how often Windows is updated. The same is true for you and your website. You’ll need to budget for things like upgrades associated with advancements in web browsers, advancing technology, enhanced security, new features and functions. Even tech startups can be caught off guard by these costs.

#6 – Marketing & Advertising

Traffic to your new eCommerce website will not magically appear out of thin air. You’ll need to promote your new business through effective marketing and advertising. Both of these come at a cost, either with your own time or payment to a third party. There are many different marketing options available but be prepared to pay for targeted advertising, effective SEO marketing and/or social media strategies.

In closing, think about this, remember playing hide-and-go-seek as a child? There were always a few rules and limitations as to where you could conceal yourself.

Budgets don’t play fair.

Guest Author: Megan Ritter

Megan Ritter is an online business writer and guest author based in Southern California. As an online journalist, she often covers social media marketing, ecommerce, finance management, and business communications. Follow Megan Ritter on Twitter to connect with her!

07.31.14
by

Shopping cart security: How small online businesses can build customer confidence

data security Large scale data security breaches are becoming increasingly common. No matter how technically sophisticated we become it seems hackers are always hot on our tails.

Indeed just recently eBay suffered a massive cyber attack on its 145 million users. And of course it is only natural that as data breaches grow so to will consumer concerns over how their personal and payment information is stored and managed online.

It’s not just large corporations like eBay that experience security breaches, an increasing number of SME’s are also vulnerable.

“The total number of data breaches increased 62 percent during the last 12 months, amounting to more than 627 million sensitive records exposed…We all know that large corporations continue to be the targets of these attacks, but what we have seen in the last 12 months is that small and medium-sized businesses are experiencing the largest number of breaches.” Internet Security Threat Snapshot Summary — 2014: Data Breaches Grow Significantly

So in addition to implementing adequate security measures, what can you as  a small online business owner do to build consumer confidence and reassure customers about the  security of your online store?

30% of consumers are increasingly concerned about the loss of personal data

New research by Software Advice* into the impact data breaches have on consumer confidence found that nearly one-third of consumers are increasing concerned about their personal information being stolen. The study found that:

  • 30% of consumers are increasingly concerned about data loss
  • 35% of consumers would stop shopping at a company where their personal data had been stolen
  • 53% of consumers would be somewhat more or much more likely to shop at a store where they were confident their personal data was secure.

In summary, the Software Advice research highlights that consumers are increasingly concerned about data security, would avoid shopping in stores from which their personal data was stolen and would look to shop somewhere where they felt confident their personal data was secure.

How to build customer confidence online

In all likelihood the majority of us are probably unfamiliar and uninterested in the highly technical aspects of data security.  Although implementing solid security measures is an absolute essential, in isolation it is not enough. You also need to work on building brand trust so that your customers feel secure and confident imparting personal and payment information when they shop at your store. We look at some best practice tips for a safe and secure online presence that will help foster trust amongst your customers.

1. Secure, PCI compliant e-commerce

The first thing is to make sure is that the e-commerce software solution that you choose offers secure data storage and is PCI / DSS compliant ( this is the payment card industry’s security standard).  Your shopping cart solution should be protected by  a PCI approved scanning vendor such as McAfee , VeriSign or PayPal and it should protect you against credit and debit card fraud and other threats such as identity theft and spyware.  So it is really important you spend time doing your research to make sure the e-commerce software you choose helps protects you and your customers against data security breaches.

2. Implement appropriate data-protection legislation

When you are storing and managing a customer’s database make sure you are familiar with and keep to relevant data-protection legislation. In the UK this would be the Data Protection Act 1998 and the Privacy and Electronic Communications Regulation Act. Following best practice and appropriate  legislation will ensure  less risks to the data you are managing and build customer confidence.

3. Build trust signposts

There are other ways to help build trust amongst your customers. Research indicates that simply announcing all your great security credentials is not enough. You also need to implement  ‘trust signposts’ to help build customers confidence in the safety of your online store. Large and established brands like John Lewis have ingrained such a sense of brand trust over the years that customers are rarely concerned about parting with their money or personal information. However, small businesses and start-ups don’t have this luxury so you have to work harder to build trust.

Website. Ensure your website is professional looking, up-to-date and easy to navigate. Customers won’t feel comfortable parting with payment or personal details on a site that is confusing to navigate around, has errors or is full of out of date content.

Customer service. Good customer service can only reflect positively on your brand image. Customers will be reassured with helpful, flexible and polite customer service. Make sure that all your contact and company details are clearly visible and easy for a customer to find.

Trustmarks.  Trustmark security logos can help reassure customers that the website they are on has the appropriate security protection. So whoever your security vendor is make sure you display their trustmark somewhere visible.

Customer testimonials. Client and customer testimonials, independent reviews, membership to industry organisations and links to relevant associations can all add kudos and  help reassure customers that your site is trustworthy.

4. Communicate to your customers

It won’t do any harm to remind your customers about how they can protect themselves against online fraud, such as by regularly checking their credit and bank account statements and properly managing their passwords. It can help show that you take the security of their personal information seriously. For example remind them that good password practice includes:

  • Not using the same email password for every site they register on.
  • Mix up letters, cases, numbers and special characters when creating a password.

So in an era of increased data breaches and sophisticated cyber-attacks, don’t assume that as a small online business or start-up you won’t be effected. Don’t underestimate the importance of secure e-commerce and follow good practice to ensure you are keeping you and your customers’ personal and payment information as safe as possible.

 

*New research on how data breaches can hurt retailers courtesy of Software Advice:

Software Advice helps buyers choose the right software. As a trusted resource, our website offers detailed reviews, comparisons and research to assist organizations in finding products that best fit their current and future needs. We have a team of software experts who conduct free telephone consultations with each buyer to shortlist systems best suited to their company’s specific requirements. Having a real conversation with our buyers allows us to fully understand their needs so we can match them with the right software vendors—eliminating weeks from the research process. Our software experts have advised more than 160,000 software buyers to date across various and niche software markets. Headquartered in Austin, Texas, Software Advice employs a team of 100, as well as an engineering team in Cordoba, Argentina.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

We’d love to hear you thoughts and experiences on this topic, so please do leave a comment

 

04.10.14
by

Shopping cart security: why Trustmarks still matter for small online businesses

trustmarks, online trust marksAs a growing nation of online shoppers I’m sure most of you are familiar with some of the Trustmark security logos placed on websites, such as VeriSign, McAfee and PayPal.  These Trust logos help reassure customers that it is safe for them to shop on a particular website. It means he website will have passed a number of security tests that protects customers from threats like  credit card fraud and identity theft.

So how effective are Trustmark’s in reassuring customers that a website is a safe place to carry out financial transactions or impart personal information?According to The European Consumer Centres’ Network Trust Mark Report 2013, Trustmarks can be defined as:

  Electronic labels or visual representations indicating that an e-merchant has demonstrated its conformity to standards regarding, e.g.,security, privacy, and business practice.”

Consumers have become far more confident shopping online and certainly where a brand is well-known and long established, I suspect  Trustmarks probably make little difference. For example so full of trust  am I in John Lewis’s brand, I don’t think that I have ever looked at or checked their security credentials. However on a site I am new to or unfamiliar with, security reassurance is one of the first things I would check.  Online security is still high up on people’s list on concerns and for smaller online businesses with less established brands reassuring customers with your security credentials is essentails. Indeed research shows:

  • 84% of online shoppers are “concerned to very concerned” about shopping at websites they have never heard of before (McAfee)
  • 69% are concerned about buying at websites where they have not shopped in the past (McAfee)
  • 76% of survey respondents had not purchased something because they hadn’t recognised the logo  (Actual Insights)
  • 61% of participants said that they have at one time not completed a purchase because there were no trust logos present. (Actual Insights)

 How can trust marks help?

For most small businesses it is important to reassure your customers as much as you can about the security and trustworthiness of your site. As we mentioned earlier small businesses and start-ups can’t rely on having an established and recognisable brand to convey trust and therefore need to work harder to convey the credibility of their online business.

Alongside other trust building activities (which we’ll come onto in a moment), Trustmarks can be used to help give  customers confidence that undertaking online payments and transactions involving  personal data is safe and secure.

This can help reduce shopping cart abandonment and increase conversions. Indeed, according to research:

  • 58% of consumers have abandoned their shopping carts over concerns about payment security (Econsultancy)
  • Research by McAfee shoes that showing a McAfee Secure Trustmark can significantly increase sales conversion by an average of 12%

Use Trustmarks as part of a ‘trust package’

Using Trustmarks in isolation won’t work when it comes to getting customers to part with personal information or complete a financial transaction. Rather, Trustmarks should be looked at as one part of a number of wider activities that you need to undertake to give your site credibility. For example:

  • Your website needs to be well designed. It needs to look professional, be easy to navigate and have up-to-date, relevant content. Make sure you contact details and registered address are present and easy to find.
  • Client testimonials, independent reviews and links to official associations can all help convey trust.
  • Your shopping cart and checkout process should be easy to use, linking to a number of PCI DSS compliant payment gateways. And it’s security partner will guard against credit card fraud, identity theft, spyware, and other threats
  • Customer services should be helpful and professional at all times – dealing with queries quickly and efficiently

Trustmarks in combination with the factors listed above will help convey trust and reassure visitors to your site.

 Make sure your Trustmark is recognisable

Choose an online shopping cart solution that is  affiliated with a recognisable Trustmark . A Trustmark should be one that people recognise. Otherwise,  in terms of recognition and it won’t immediately establish as much trust with the consumer as an instantly recognisable one can. Indeed, 64% of people surveyed said an unknown (unrecognisable) Trust logo would affect their sense of trust for a specific website.

In a Trustmark Survey by Actual Insights, the top three most recognised Trust logos were:

  • McAfee 79%
  • VeriSign 76%
  • Paypal 72%

So in summary….

  • Ensure you choose an ecommerce solution that supports and utilises a Trustmark logo
  • Use an online store with one of the most recognisable Trustmarks- For example McAfee
  • Don’t use Trustmarks in isolation but alongside other ‘social proof’ to build trust package 

 

We’d love to hear your thoughts and experiences on this topic. So please do take a moment to leave a comment.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

07.31.13
by

The ongoing battle against fraud: How to protect your business

Guest Author: Amy Monro

Sage Pay payment processor

Amy Monro is the PR and Social Media Manager at Sage Pay.

Sage Pay is the UK’s most recommended payment gateway provider, helping over 45,000 customers process payments in the UK and Ireland.

The ongoing battle against fraud: How to protect your business

Big brands and those selling luxury goods might seem the most obvious targets for online fraud, but almost all Internet businesses are faced with a degree of risk that simple tools and processes can help to mitigate. Below we’ve put together a guide to the most popular fraud screening tools available to help you protect your business and clear up any confusion about what they are and how they work:

AVS/CV2

secure online paymentsThe address verification system (AVS) and the card security code (CV2) protocols were introduced by the banking industry to help combat growing issues around verifying the cardholder’s identity.

These tools check the address entered at the time of purchase, along with the CV2 code (the three digits on the back of the card) to verify that the cardholder has the card with them when they are authorising the transaction and that it is registered to their delivery address.

The Benefits

  • These checks help to combat unauthorised card use due to cloning or theft. -These tools are checked in real time so you receive the results at the same time as the authorisation result.
  • Most payment service providers enable these tools on your account for free and with some, for example Sage Pay, you can create rulebases to automatically accept or reject transactions based on the results so you don’t have to keep a manual check on them.

The Limitations

  • AVS is a UK scheme only, which means that it’s currently not possible to check these results for overseas orders.
  • Only the numerics of an address are checked. The non-numerical characters in the first line of an address are not verified which means that is possible to receive a false negative result if the shopper does not enter a house number but a house name.
  • The protocol is unable to check either AVS or CV2 results on company cards
  • The AVS checks are not separated out between address and postcode so if either part is not matched, the entire check will fail.

3D Secure

3D Secure is a fraud prevention initiative launched by Visa and MasterCard to provide a more secure method for authenticating that the shopper is the rightful cardholder at the time of the transaction. When submitting their card details, depending on the type of card they have entered, customers will be asked to enter their previously created 3D Secure password or have the option to create one if they haven’t already.

The Benefits

  • 3D Secure can induce a liability shift of card fraud back to the card-issuing bank. In other words if you as the vendor process a transaction that has been fully validated by 3D Secure, it cannot be charged back to you if it is found to be fraudulent. This won’t happen in every case as that is at the discretion of your merchant bank.

The Limitations

  • It is worth noting that the current system is perceived to be unfriendly to buyers, as it involves an extra step in the payment process, which can result in delays and increased dropout so the payment pages. This however, is just a matter of customer education and we advise companies selling products and services online to clearly signpost in the e-payment process what customers need to do and why.
  • Not all cards are part of the scheme

Beyond the usual tools

Of course, it’s always a good idea to keep a manual eye on things as best you can and below we offer some basic tips on other things to look out for:

  • Check the telephone number and delivery address against the billing address. Call the number to check that it’s genuine and for landline, check the area code matches.
  • Always be wary of a low-cost transaction followed by several high-value ones. Fraudsters use this method with stolen cards to check there are funds available and whether the card has been blocked.
  • Be cautious of ‘high-risk’ countries
  • Check the email address to make sure it’s valid and be suspicious of free or anonymous email addresses
  • If you’re still suspicious, consider sending goods by registered post to ensure you get a signature and avoid non-delivery claims.

There is, of course, no magic wand to eliminate fraud, so e-tailers need to be on their guard for the signs and the above tools used correctly should provide a good level of cover. It’s advisable to use all these tools in conjunction rather than be solely dependent upon any one and your payment service provider can help configure your settings to get optimum results and should be happy to discuss suspicious transactions with you.