People Are Still Afraid to Shop Online. Here's What Businesses Can Do to Protect Them.
Ecommerce has been around for nearly two decades now, and while it's given people all kinds of convenience and flexibility in making purchases, it hasn't erased their underlying fears about safety.
A new global study produced by U.K.-based information assurance firm NCC Group reveals that the majority of customers do not feel safe shopping online. Seventy-seven percent of those surveyed said they "no longer feel secure when buying goods on the web," and 23 percent are doing less on the Internet because of security concerns.
And even while physical stores have suffered their share of high-profile breaches in the last year (Target, Neiman Marcus, Home Depot, just to name a few), the threat of an online incident appears to be very much intact; in fact, 64 percent of people surveyed believe they're likely to be the victim of a breach within the next 12 months.
So what can businesses do to protect their customers and put their minds at ease? Christopher Hadnagy, chief human hacker from Social-Engineer, says that while the holiday season is a particularly hectic time of year, your security measures should be a priority. He says it's critical to ensure that your software (security software, current operating system, etc.) is current. "It may take a lot of work and effort, but often hackers find holes into your business through old and unpatched software."
For customers, it's about watching your statements closely. "Know where you spend and what so you can catch fraud quickly," he says.
Satnam Narang, a senior security response manager at security software firm Symantec, says checking your servers on a monthly or quarterly basis is vital to protecting your customers' sensitive information. If you are outsourcing your security or point-of-sale system to a third party, it is imperative to be in constant contact with them. Narang says that FTP credentials -- the login info that allows hosts to transfer files to one another -- can also be vulnerable.
Finally, companies could consider taking out a cybersecurity insurance policy. In the event of a breach, it could help with any fines and pay for forensic investigators to look into what caused it, says Charles Bretz, director of payment risk at Financial Services Information Sharing and Analysis Center (FS-ISAC).
Additionally, Bretz says that having multiple layers of security, like two-step authentication, for both customer and employee accounts can help both sides be protected.
For more on an international look at data security and ecommerce, check out the NCC Group infographic below.