A secure shopping experience doesn’t just happen (credit: Towfiqu barbhuiya on Unsplash)
The pandemic hastened long-developing trends toward digitization and decentralization. As virus concerns, social distancing guidelines and convenience pushed people online, ecommerce sales surged, expected to hit $4.2 billion globally this year, jumping ahead by years in the process.
To be sure, this isn’t a one-time trend. According to one survey, nearly half of shoppers who altered their shopping habits in 2020 plan to make those changes permanent. As a result, a compelling online experience is critical for retailers that want to compete in this new normal.
However, consumers are not just concerned about convenience and compelling deals. They demand a safe, secure shopping experience without compromise. To deliver, retailers will need to secure their online platforms by bolstering their defensive posture against known risks.
Recognizing the risks, most organizations are increasing their cybersecurity budgets. Of course, some threats are more prominent than others, and directing resources toward these risks can help online retailers capitalize on ecommerce opportunities without compromise. For leaders charged with securing the online store, here are 3 threats worthy of investment and attention.
Card Skimming Malware
Closing the sale can be challenging online. It’s estimated that 70% of online shoppers abandon their carts without making a purchase, making it especially frustrating and problematic when retailers entice consumers to buy an item, only to compromise their personal data in the process.
Card skimming malware is a significant threat for online retailers, negatively affecting the secure shopping experience they want to create. Malware collects and transfers customers’ payment information when it’s entered at checkout and can be difficult to detect, and the consequences can be devastating.
To be sure, card skimming malware isn’t new. It infiltrated prominent brands, including Macy’s British Airways, and Ticketmaster, while also targeting small and mid-sized retailers. RiskIQ estimated that Magecart, the most popular card skimming malware, impacts more than 18,000 websites, putting customer data and company reputation on the line. In total, millions of credit cards have been reported stolen to the FBI, a low number that underscores the scope of this problem for online retailers.
In response, companies managing significant credit card transactions should double-down on their cybersecurity initiatives, including applying system updates and monitoring servers for suspicious activity.
Insider Threats
Customer experience and support is often a differentiating factor for retailers that struggle to meaningfully distinguish themselves on convenience, product, price, or aesthetics. However, as companies collect customer data and interact with customer service inquiries, they put data privacy at risk.
Insider threats or trusted employees or contractors with access to customer information are a leading cause of data privacy violations. Whether accidentally exposing customer data or maliciously pilfering their employers, retail employees, especially those in a customer service position, are often a serious cybersecurity and data privacy risk.
For example, in 2019, a Trend Micro employee stole information from a customer support database, causing a data breach that impacted 70,000 customers.
These concerns are amplified in an increasingly decentralized environment where many care agents work remotely. Retailers can deploy employee monitoring to deliver comprehensive behavior analytics and activity monitoring that can keep customer data secure.
Fraud and Scams
Never wanting to miss an opportunity, threat actors are enhancing their efforts to meet the surging demand for online platforms and services. Consequently, the number of fraud attempts has surged. According to the FBI, the number of reported phishing scams increased by 126,000 in 2020, targeting employees and customers with malicious messages that can capture and steal personal and financial data.
While phishing scams typically target employees, many threat actors are directing their efforts towards consumers, hoping to capitalize on their inexperience or exuberance with novel online shopping experiences.
Therefore, online retailers will need to expand their training efforts to include both employees and customers. Since phishing scams and other fraud attempts are rendered useless when effectively identified and deleted, these upfront educational investments can pay significant dividends for retailers willing to train all stakeholders.
Why It Matters
The transition to an online-first retail environment represents retail’s present and future, presenting unparalleled opportunities for retailers ready to pivot online. This transition also poses serious cybersecurity challenges that companies will need to navigate to be successful. For retailers that can’t keep up by creating a secure shopping experience, the consequences can be severe.
Data privacy regulation and consumer sentiment firmly favor cybersecurity, allowing little latitude for organizations that can’t protect customer information. For instance, 25% of Americans won’t do business with a company that experienced a data breach.
That’s why cybersecurity is a bottom-line for online retailers. It can be the one factor that positions them to succeed or fall behind as customers bring their business online.
Isaac Kohen is VP of R&D for Teramind