E-commerce Fraud is Booming – Part 2
Cybersecurity Awareness Month
The Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) work together every October to spread the word about how important cybersecurity is to everyone, especially retail store owners. This year’s theme is “Do Your Part. #Be CyberSmart.” This is the second part of our series on identifying e-commerce fraud and cybercrime and protecting your store against it.
Protect your store from e-commerce fraud, cybercrime
When stores were forced to close because of pandemic restrictions, it forced merchants of all sizes into e-commerce offerings just to keep their businesses alive. Even though many flourished thanks to programs like buy online, pick up in-store (BOPIS) and the increasing availability of home delivery, their vulnerability to e-commerce fraud increased just as quickly.
A report from Sift shows the value of an average fraudulent order jumped 69% to $2,049 in 2020.
Here are some suggestions on how to limit your store’s exposure to e-commerce fraud and cybercrime.
Procedures and protocols
Whether it’s accepting cash or a digital payment, a store’s point of sale is a merchant’s first line of defense. Just like employees are trained on how to operate the point-of-sale system, work with customers, and stock shelves, they also need to be trained in basic fraud prevention.
Basic security practices and policies need to be established. Employees should be cognizant of how to spot potentially fraudulent transactions – especially card-not-present purchases. Any anomalies or discrepancies in a transaction should be stopped and referred to supervisors.
Internet and email guidelines, along with strong user passwords, are vital to protecting a business’s digital security. Computers – including desktops, laptops, mobile devices and point-of-sale systems –should regularly be updated. As mentioned earlier, it’s a good idea to consider outsourcing network management to professionals whose business it is to maintain the security of your systems.
Protect your point-of-sale data against disaster. After you close for the day, back up your files. Managed service providers do this automatically, including accounts receivable, inventory, sales tax information, customer data, etc.
Limit access to your system. According to the Ponemon Institute, human error is responsible for 80% of business data breaches. Many of the leaks are caused by employees browsing the web or opening unsecured emails. One errant click can be fatal to a business network.
Get to know your customers
It sounds like a simple concept, but small, independent businesses using any e-commerce tools, many for the first time, must know their customers intimately in order to protect them and their personal information. While it’s not necessary to dive deep into the concepts of customer identity access management (CIAM) and all that entails, it’s just good business to know your customers and their preferences.
A lot of this information can be gleaned from sales histories and payment preferences which are available at any point of sale or retail management system. Rewards programs add another layer of intimacy with customers, much of which was stripped away when the pandemic closed so many brick-and-mortar stores.
This information provides a way to not only protect customer information, but also offer frequent-purchase discounts, birthday rewards, and other ways to create better relationships.
Playing a card game
Card companies are making major investments to fight online fraud, too. The credit card kingpins – Mastercard, Visa and America Express – have all acquired electronic data security companies to secure their online technology.
The card companies also offer online toolkits to merchants that help them fight cyberfraud.
For example, Visa introduced its kit in 2015 to help merchants transition to more secure EMV chip-enabled credit cards. In 2020, the company included information for merchants on card-absent transactions, policies and requirements for digital wallets, and more.
Likewise, Mastercard provides merchants information on ID theft protection, authentication services and cybersecurity.
Seek professional help
How do you combat crime you can’t see? It’s often recommended to have some form of help. A dedicated and experienced IT person, department, or contractor is one solution. Often, retail technology providers offer services that take care of IT worries.
“There are certain programs and protections you have to have, just like you have to have oil for your car. You have to update your programs and keep them protected from viruses,” explains CJ June, director of Managed Services at Paladin Data Corporation, a leading retail solution provider. “It’s always a good idea to have an extra set of eyes that are watching for issues stores may not see or know to look for.
“Stores shouldn’t have to worry about checking their computers or network to see if they are up to date or backed up. They need to concentrate on doing what they got into business for and that’s working with their customers and let experts monitor their networks.”
The Price Waterhouse Cooper (PwC) Global Digital Trust Insights Survey 2021 shows that corporate retail executives are increasing their cybersecurity budgets more (59.3%) than the global average of other industries (55%). They also say they’re working cybersecurity into all their planning decisions.
What does that mean for Main Street shops and stores? Well, it’s probably a good idea for them to increase their investment in awareness and online safeguards as much they do in their e-commerce growth. Remember, merchants aren’t just protecting themselves, they’re protecting their customers, too. Loss of consumer trust and confidence can be just as damaging as a tornado, hurricane, or wildfire.
Whether you do it yourself or hire professional help, as retail evolves toward more online buying and selling, protecting your business from e-commerce fraud is more important than ever.
The following organizations offer advice on protecting your business from online threats.
Information Technology Laboratory
National Cyber Security Alliance
Federal Communications Commission