“A website that isn't completely up to date with its security patches is vulnerable to attack,” says Armstrong. “For this reason, it's imperative that ecommerce retailers ensure that all available patches have been applied to their online platforms. Stay on top of release cycles to ensure that those are always up to date,” he says. “Also [use a] firewall in front of the ecommerce store to help protect against vulnerabilities that might be discovered. This is an additional measure of protection that provides some time before patches are applied.”
6. Require strong passwords
“One way hackers can gain entrance into your site is to use a brute force hack, which basically starts putting combinations of letters into your site login, hoping to get lucky and crack your password,” explains Wiggins. “Using randomized and long passwords makes this a lot less likely.” So have employees use strong passwords, a combination of upper- and lowercase letters, numbers and symbols, or use an “online complex password generator to protect yourself.” Also have people change their passwords every 6 months, if not more often.
7. Know the signs of fraud
“[Though] fraud prevention specialists understand that none of [these] elements on their own indicate a fraudulent order, looking at the types of email user names, types of email domain names, customer order history… and understanding geographic fraud trends [can] all help identify a fraudulent order,” says Alyse Serritella, team leader, fraud prevention, Cleverbridge. “Through training, experience and pattern recognition, [you can] see how all these elements interact with each other and identify a pattern that indicates a fraudulent order.”
“Fraudsters tend to target high value items, as they can make the most money on these,” adds James Kingsbury, owner, Vivid 3D. “Also, they tend to have items shipped to an obscure overseas address, often so far out of the way to stop you ever having a chance at getting your stock back.”
[ Related: Guarding against fraud in the age of social sharing ]
“The easiest way to protect yourself against credit card fraud for online orders, and the resulting charge backs, is to ship only to the verified credit card billing address,” says Ron Yates, owner, Titanium Jewelry. “If the buyer wishes to have a different shipping address, the merchant could require that the buyer give the alternate address to the credit card company. Then the merchant can verify this. And have signature required for the delivery, to ensure the package was in fact received by the buyer.”
You can also use an AVS (address verification system), says Kingsbury. “An AVS will confirm the billing address entered by the client, with the address on the credit card company’s data file. This should pre-warn you of any possible fraudulent orders. You can then do some manual due diligence on the order to confirm its authenticity.”
And because “fraud spikes during the holidays,” says Juan Benitez, General Manager, Braintree, “integrate the latest fraud protection tools, like Kount, to identify and prevent fraudulent activity before a transaction or verification ever reaches a customer’s bank.”
What to do if your ecommerce business is hacked
Make sure your site is being regularly backed up – to a safe, offsite server or service. That way in case your site is disabled or hacked, you can more easily restore it.
Invest in small business cyber insurance. “It’s important to minimize your risk of being hacked by patching software regularly, using strong passwords and installing antivirus software, but you can’t prevent every breach,” says Ted Devine, CEO, Insureon. “In the event that a hacker gets into your data, a Cyber Liability policy can be a lifesaver. It covers the cost of notifying affected customers, investigating the breach and buying credit monitoring services for affected customers. That’s important because a lot of states require businesses to provide those services,” he says. “Some policies also offer funds for doing good-faith PR efforts to help restore your reputation.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.