E-commerce today makes up a significant portion of total retail activity. In the United States alone, more than $586 billion was spent in 2019 online, representing a 14% increase over the year before. With COVID-19 currently wreaking havoc on the world, there is increased dependency on the internet. Globally, e-commerce business is expected to reach $4.5 trillion by 2021.
While e-commerce certainly fills gaps in the market, companies are susceptible to cyberattacks that may be made against them in order. These attacks sometimes result in large scale data breaches, which may include stealing information from customers or their identities. Here is what you need to know about this latest cyberthreat and how you can protect yourself.
Cybersecurity in E-commerce: Threats and Facts
Cybercriminals launch millions of attacks on e-commerce websites each year. These attacks target e-commerce sites in order to get customer personal and financial information in order to steal identities or make unauthorized transactions with their payment information. Some of the most common attacks perpetrated on e-commerce sites include:
Phishing attacks – Phishing attacks are usually committed by sending a corrupted email to a worker or customer, asking them to provide confidential information.
Credit card fraud – Credit card fraud occurs when a criminal uses another person’s credit information without their authorization, such as making purchases for their own benefit or taking out cash advances.
Botnets – Bots are automated programs that perform specific tasks online. Botnets can be used to behave like real customers and cause damage to a company by committing credit card fraud, account takeover, or price scraping, which is an attack committed by competitors to monitor pricing.
Malware – Malware is software that may be installed on a business or personal computer and infect it with a virus that may collect personal information, take control of the network, or gain access to data on the computer system.
E-skimming – E-skimming involves the theft of personal data and credit card information from payment card process pages on e-commerce sites.
Notable E-commerce Data Breaches
Some of the most high-profile data breaches of e-commerce sites include:
Shopify Data Breach
Two disgruntled employees led to the compromise of data from more than 10 retailers on the Shopify platform.
Barnes & Noble
The notable bookstore company Barnes & Noble sent an email to customers in October 2020 to warn them about a data breach that exposed their personal information to hackers.
eBay Data Breach
E-commerce site eBay had to ask 145 million users to change their passwords after hackers stole the passwords and other personal data from customers during a data breach.
Target Data Breach
A cyberattack on retailer Target resulted in the loss of credit card and personal information from 110 million of its customers in 2013. The CEO resigned the next year.
How to Protect Yourself During Online Shopping
Some tips to help you protect yourself during online shopping include:
-Only do business with reputable companies that have TLS protocol
-Make sure that there is a separate server for payment information
-Enable two-factor authentication for all online accounts
-Do not store your credit card information online
-Disable the autocomplete feature on you browser
How Companies Can Prevent Data Breaches
Companies also have a responsibility to safeguard customers’ data, which they can do by:
-Restricting access to personal information
-Destroying confidential data before disposing of it
-Keeping security software up to date
-Securing all computers
-Training employees on cyberthreats
Responding to Data Breaches
If your business has recently learned of an internal data breach, there are steps that you can take to minimize the fallout, including:
-Investigate the incident and ensure that any security vulnerabilities have been fixed so that no more attacks occur
-Report the crime to law enforcement
-Review your response plan
-Notify your customers and follow the reporting laws for your state
-Work with forensic experts to improve your cybersecurity
-Contact your cybersecurity insurance company
E-commerce sites may be on the tipping point of explosion in the near future. However, it is important that when you take advantage of this opportunity that you also take steps to protect your customers’ information. Following the tips above may help you prevent a data breach and keep your company’s reputation in check.
David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.