Phishing, hacking, spamming, hijacking—the vocabulary of cyber fraud is expanding by the minute. For customers slammed with online scams of every hue and stripe, the outcome is a loss of trust in Internet commerce, says a thought-provoking new report from Forrester Research Inc. And the distrust affects even people who have shopped on the Internet for years: “A person with a five- to six-year online tenure today has a lower level of confidence in the Internet as a trusted channel than a person with three to four years’ tenure had in 2001,” writes Forrester analyst Jonathan Penn.
Retailers have a lot to do to restore consumers’ trust, beginning with understanding what shoppers expect in terms of security. (By the way, security itself is a big marketing opportunity—you stand to gain a competitive advantage by marketing your site’s security the same way that cars, for example, are marketed for safety features like anti-lock brakes and side airbags, according to the report.) Penn notes that consumers don’t call specifically for security but for assurances regarding their identity, use of their personal information, service, and privacy. Lack of proper authentication is a serious weakness that hackers pounce on gleefully. Most merchants approve key events such as a change of address or the opening of a new account without stringent authentication. Passwords are no longer sufficient protection against cyber crime. The preferred authentication methods that Forrester suggests include validation services supplied by credit reporting firms, one-time password tokens, and “smart” cards.
Another hot button, theft of personal information, is best addressed through rigorous management of users’ rights and privileges. “Employees or contractors are often granted inappropriate levels of access as a result of provisioning processes that are neither well-structured nor standardized,” says Penn. “Furthermore, users retain unneeded data access privileges after they change departments or shift projects, and that poses a security threat.” The solution to this is a good provisioning system that controls the assignment of rights to users; it also makes sense to invest in software that helps you monitor authorized users to ensure that they don’t perform inappropriate activities.
Of course, if the customer suspects that your site isn’t even legitimate, you’re really in trouble. Act swiftly to protect your brand from impostors, advises Penn. Try installing phishing detection and response solutions, now available from a variety of vendors, as well as spyware to protect the Internet session from eavesdroppers. For information, visit http://www.forrester.com.