Although a new study by ThreatMatrix had found that 85% of retailers are calling cyber security a high priority within their organizations, 40% of the respondents said they have no online prevention measures in place.
According to the ThreatMatrix 2012 State of Cybercrime study, which was conducted through U.S.-based financial and retail business managers and IT executives, online fraud results in about $3.5 billion in lost revenue in North America alone last year.
The report found that Trojan and phishing attacks were the most common cyber threats for retailers with 45% experiencing “at least one malware attack in the past year” and 45% experiencing one Trojan attack.
Although retailers said in the survey that they are experiencing cyber-attacks, very few are spending quality time researching security threats in order to stay one step ahead of cyber criminals. The report found that 47% of those surveyed “spend less than five hours researching security threats each month, while 14% spend no time on preventative research.”
It’s imperative now more than ever for retailers to improve online fraud and cybercrime prevention practices because if they go unchecked it will mean lost revenue and lost customers, according to comments made by Andreas Baumhof, chief technology officer for ThreatMatrix in the report.
“When consumers are hacked on ecommerce sites, they often avoid those merchants in the future. By implementing integrated cybercrime prevention solutions, [merchants] can provide a more secure experience for customers,” Baumhof said in the report.
So what can retailers do to improve their security? The report recommends the following steps to improve online security for their ecommerce site:
- Track transactions that originate from a different country or from an IP address other than where the account was created.
- Screen for customer identification verification at both account login and prior to transaction completion.
- Compare current transactions to previous transaction of a shopper in order to make better decisions about account attacks. Also, if you track devices and accounts used, it will give you a history of fraudulent users which you can later block.