Millions of credit card transactions are being processed every single day, whether on the Internet or in person. This opens numerous opportunities for cybercriminals, risks that need to be addressed by business owners.
Retail was the most targeted industry for data breaches, accounting for 23% of all security investigations analyzed by Trustwave last year. In their global security report, 35% of all cyber crimes occurred in North America, making it the most popular geographic location for cyber attacks.
The report also found that in 60% of the investigations, the hackers were after payment card data, split about evenly between magnetic stripe data (31%), which came mostly from POS environments, and card-not-present data (29%), which came mainly from e-commerce transactions.
As online sales continue to grow year after year, cyber criminals are finding more opportunities to steal data. A lack of awareness can prove detrimental to a business. In fact, 59% of the victims did not detect data breaches themselves. Retailers of all sizes must be aware of cybercrime trends to protect their assets, as well as the personal data of their customers.
Not All eCommerce Applications are Secure
The Trustwave report found that 97% of applications tested in 2015 had at least one vulnerability. Of those vulnerabilities discovered, 10% were rated as critical or high risk.
In fact, when it comes to ecommerce breaches, cyber criminals prefer to target open-source platforms. According to the report, 85% of compromised ecommerce systems used the Magento platform. At least five critical Magento vulnerabilities were found in the last year, and most of the affected systems were not fully updated with security patches.
To mitigate the security risks of open-source platforms like Magento and Wordpress, retailers need to ensure that they always update all plugins to their latest versions. Business owners must be proactive in updating their platforms with the latest security patches.
Smaller Retailers Make Good Cybercrime Targets
Many small and medium-sized retailers feel that they they’re not a big enough target for cyber criminals. These business owners might be tempted not to invest in good security infrastructure simply because they might not have the kind of volume that larger enterprises have. Security infrastructure can also be expensive, so it appears to be a luxury for many smaller retailers.
Interestingly, however, a government report in the UK found that 74% of small and medium-sized businesses reported a security breach in the last year, but despite this, only 7% of small businesses plan to invest in better information security solutions.
As a result, small businesses continue to be easy targets for cyber criminals. Hackers can easily steal information about clients, such as payment card information and customer details. The data can then be sold in black markets.
Mobile Commerce is Risky Business
Despite more people using their smartphones and tablets to shop online, shopping cart abandonment remains high on mobile. To address this problem, ecommerce companies, social networks and payment processors are all developing solutions to make mobile retail more accessible and convenient for consumers.
But convenience comes at a price, as mobile fraud increased by 81% between 2011 and 2015, according to Kount’s 2016 Mobile Payments & Fraud Survey. Many retailers, both large and small, focus mainly on customer convenience and easy checkouts, often at the expense of security.
The report found that mobile commerce poses greater risks than standard ecommerce, but more than a third of retailers are taking a “blanketed approach to their security strategies." Retailers are using traditional ecommerce fraud detection tools that do not necessarily protect mobile shoppers. Mobile retailers have the dual challenge of developing solutions to protect their consumers, while at the same time making their products easy to purchase.
Having a Good IT Department or Security Software is Not Enough
According a study by IT association CompTIA, 52% of data breaches are primarily caused by human error. Whether intentional or by accident, your employees are the biggest players when it comes to securing information processing.
Ransomware is the most common threat today, a type of malware that blocks access to a computer until a sum of money is paid. It can happen easily when your employee opens an email attachment with the malware, disguised as an invoice or order acknowledgement.
It’s important to educate your staff not to open attachments or click links within unknown emails. Cyber attack prevention is not just a technical issue, but an awareness issue. Retailers must dedicate some time to train employees to watch out for malicious emails and avoid harmful websites, so as not to endanger the business.
Security Matters to the Customer Experience
The customer experience is the most important factor for any retailer, online or offline. Securing your customer’s personal data is part of providing that positive experience.
With the rise of ecommerce comes also the rise of cybersecurity risks. While there’s no perfect or guaranteed way to thwart cyber attacks, retailers of all sizes can take small steps in mitigating risks and protecting their customers, starting with awareness.