Power Up: The Online Retail Entrepreneur’s Guide – Security and Fraud
A successful online retail business can only remain profitable so long as it can maintain a thorough level of protection against cyber security threats.
The internet has been hailed as one of the biggest catalysts of change in modern society since the Industrial Revolution. It is changing the way we live on nearly every level, making information easier to find and services easier to render.
Unfortunately, the nature of the World Wide Web has some inherent downsides and the most obvious of these is the simple fact that people can access any piece of information that exists online, they just have to know how.
As an online retailer, this means that your personal and business information, your customers’ information and your storefront itself are constantly at risk of being digitally compromised. That doesn’t mean the risk of security breaches can’t be minimised, and any good online retail business will work hard to ensure it is as safe as possible.
This instalment of Power Up discusses the threats that an online retail enterprise needs to be aware of, as well as what tools and techniques are available to combat them.
Macquarie Telecom is a company with plenty of experience in analysing, assessing and preventing online security threats. General Manager of Emerging Technologies (Hosting) Art Leyzerovich, spoke to us regarding the primary areas of concern for online retailers.
According to Leyzerovich, these concerns are:
- Compliance – ensuring your website adheres to the minimum security requirements in order to be ‘trusted’
- Identity management and fraud – being accountable for protecting any personal data stored via your site as well as ensuring an individual is authorised to use a given type of payment
- Cyber-attack – having systems in place to protect against intrusion, as well as response plans should an intrusion occur
- Down-time – planning and protecting against a situation where your site goes offline, which can severely impact trade
Leyzerovich says that, should the worst occur, “any of these situations is likely to result in not only lost sales, but lost customers.”
The most important step a business can take is to take online security seriously and have a proactive and integrated plan in place. Leyzerovich recommends online retailers should cover at least the following:
- Use of a payment provider or accredited payment gateway. They should not store credit card data on their web server or in their online store database
- Acquire a valid SSL certificate
- Ensure PCI DSS compliance
- Software should be kept up-to-date via patches and service packs
- Ensure secure firewalls are in place
Phil Morgan, e-Commerce and Omni-channel Retail Consultant for Playhouse Group says that online retailers need to be more aware of all facets of their digital security.
“PCI DSS and DDOS are the items most frequently asked about,” says Morgan. “We find most businesses have a handle on how to prevent DDOS attacks, but knowledge of PCI DSS needs is usually restricted to a company’s finance team, and is less understood by the wider business in a lot of cases.”
Depending on how you set up your site to receive payments, many people will potentially be seeking to use a credit card for their purchases. Even in a bricks-and-mortar store credit card fraud is not uncommon, but in the virtual world, this can be a lot harder to prevent.
Jonathon Green, Co-founder and Director at Eljo.com.au, has developed a wealth of experience in preventing online credit fraud, as his webstore has been a target on numerous occasions.
“Our online security threats all stem from the banks’ limited liability in Australia to cover credit card transactions that are unaccompanied by a signature.”
While it is now mandatory that all credit cards include a CSV number on them, which could theoretically be used in place of a signature online, Australian banks to not accept them as a substitute. As such, if there is no signature recorded as part of an online transaction, your business will be held liable should it turn out to be a case of fraud.
“While we have learnt it is not possible to catch every single person,” Green says, “we certainly aim to stop and report as many as possible.”
“I would encourage all business owner’s to note the names, addresses, IP details and every other piece of information from anyone who tries (or succeeds) to steal from you and pass them on to your local police department.”
One method of preventing fraud is to request all customers fill in a credit card authorisation form, however this can slow the online path-to-purchase and have a negative impact on your conversion rates. Alternatively, it is possible to set up an advanced detection system, which stops and flags any fraudulent attempts made.
These systems can use an enormous number of variables, including IP address analysis, proxy IP detection, fraud database cross-checking and even customer typing analysis.
“Our staff are drilled on how to spot fraud and we take pride in reporting the details of every attempt to the police, whether they are successful or not,” says Green.
In the next instalment of Power Up, we’ll discuss further security risks and preventative measures, as well as the issue of communicating trust to customers.
Seeking more information on how to get an online retail venture off to a flying start? See our complete A-Z guide, Power Up: The Online Retail Entrepreneur’s Guide.