Can Your Platform Deflect A Data Breach? Check For These 5 Security Must-Haves

February 22, 2018
 

Even as shoppers’ expectations rise for sophisticated omnichannel shopping experiences, they remain concerned about the security of their personal and financial data. As merchants continue to enhance their offerings, they should upgrade their security capabilities to match, lest a breach undo years of efforts to build brand reputation and trust.

High-profile cases such as last year’s Experian breach mean that concerns about identity theft and fraud remain top of mind for consumers. Fully 60% of shoppers say that current security is inadequate to protect their information on eCommerce Web sites, according to technology researcher Forrester.

Even otherwise-trusted brands aren’t immune to the perception of vulnerability: 30% of consumers say they’re not comfortable storing payment information even with retailers they frequent regularly, Forrester found. And security concerns can have a dampening effect when it comes to trying new outlets: during the 2017 holiday season, close to two-thirds of shoppers said they would only purchase from brands they already know, or at least recognize as reputable, in an effort to keep their information safe, according to Accenture.

This discomfort is even more pronounced when it comes to new commerce touchpoints. Even as the popularity of mobile shopping soars, one in five shoppers say security concerns and a reluctance to share private information prevent them from using devices to make purchases, the Internet Advertising Bureau found.

Similarly, use of mobile wallets — whereby shoppers pay in-store or online via phone apps instead of plastic credit cards — is hampered by security concerns for 24% of consumers surveyed by PYMNTS magazine. And when it comes to “smart” appliances or digital assistants like Apple’s Siri, 76% of consumers say they worry about data privacy, and 71% cite data security fears.

As it turns out, shoppers’ concerns are well-founded. The number of identity fraud victims grew 8% year over year in 2017, affecting a total of 6.64% of U.S. consumers, according to Javelin Research. Moreover, fraudsters are increasingly infiltrating and taking over online shopping accounts and payment tools, such as Paypal, in addition to stealing credit card numbers directly. A whopping 49% of merchants admit some form of sensitive data breach occurred within their organizations in the past 12 months, Forrester found.

As merchants increasingly implement personalization features, more and more personally-identifiable information is on the line for consumers — making the stakes even higher for merchants. Given that 30% of consumers say they avoid brands that have experienced a breach, sellers must do their utmost to prevent attacks.

The first line of defense is the eCommerce platform itself. While merchants often entrust the technical details of security to their chosen vendors, it’s essential to understand and evaluate platform offerings so that potential risks can be identified and eliminated. And with an increasing number of interactions and data transfers occurring between the eCommerce platform and integrated systems such as inventory and order management, merchants must track an increasing number of potential vulnerabilities. Among the points of inspection:

Maintain stability with monitoring and contingency planning. Merchants should ensure their vendor and hosting solution can adapt to short-term spikes as well as long-term growth. Multiple physical instances of servers in different regions provide insurance against outages and attacks. Performance and security should be monitored 24/7/365 to ensure proactive response to threats, and disaster recovery plans should reflect the latest potential scenarios.

Keep up to date with payment security certifications. Merchants should seek Level 1 PCI DSS compliance and ask vendors to furnish verification of compliance from their Qualified Security Assessor (QSA). Furthermore, technology vendors should be listed in registries of compliant companies maintained by the major card issuers, who require that eCommerce platform providers subject their operations to quarterly network scans and re-validate their PCI compliance annually in order to be listed. Compliance with SOC 2 and 3 standards for data privacy and security are another means of ensuring the eCommerce platform offers adequate safeguards.

Analyze threats with each upgrade, app, and third-party integration. In an environment of rapid innovation, the ability to rapidly deploy new modules, upgrades, and third-party integrations is important. At the same time, merchants should ensure that any new code they add to their organization’s ecosystem is thoroughly vetted prior to implementation. The application firewall should be tested anew with each modification, in addition to routine round-the-clock monitoring.

Develop a data encryption protocol that goes beyond payment information. With personalization engines processing ever-deeper troves of consumer data, from social media profiles to location readings, merchants must ensure personally-identifiable information stays secure. That means classifying data so that sensitive information can be flagged, and using encryption both in transit and at rest.

Maintain strict access control down to the store level. If they haven’t already, merchants should institute role-based access management, and review settings frequently to reflect any staffing changes. With store associates increasingly accessing online assets for clienteling, to “save the sale” by placing orders for home delivery, and to transact purchases, security measures must extend into store locations. Access to the administration console and servers should be available using tightly-controlled secure http and VPN connections — not the store’s public wifi — and associates should have access only to the assets they need, not to merchandiser- or administrator-level controls.

Considering an upgrade? Read more about Kibo’s secure, comprehensive eCommerce solution. Meantime, what new security protocols are you employing to keep up with omnichannel initiatives?