The upcoming holiday shopping season has the potential to be the one in which ecommerce earns its place as the top choice for consumers looking to beat the mall crowds and find the best deal.
Overall, ecommerce has been steadily growing the past few years, as the volume of Internet-connected devices has skyrocketed and Web users become more comfortable making purchases online. Earlier this year, Forrester Research revealed that global online retail sales topped out at $176.2 billion in 2010 for an increase of 12.6 percent. By 2015, researchers said, online shoppers will combine to spend $278.9 billion.
Perhaps on the strength of such reports, many companies have plans to implement ecommerce programs if they haven’t already. Conducted by PricewaterhouseCoopers’ Canada Retail Consulting Services, a poll of 21 U.S. and Canadian national retail chains found that all acknowledged the importance of having an ecommerce presence, while another 90 percent said they will increase their focus on the area moving forward.
“Retailers are increasingly focused on growth strategies that differentiate them and provide new, exclusive and differentiated value, thus providing a more compelling proposition to keep customers coming back,” Antony Karabus, PwC Canada Retail Consulting Services leader, said.
And this holiday season has the potential to be a turning point for the trend. That can mean any number of things for companies operating in the online retail space. For one, they had better be prepared for an influx of Web purchases. And, secondly, data security threats may never be more common than at this point of the year.
The fact that more Web users plan to make purchases online this winter certainly won’t be lost on cybercriminals. Any increase in ecommerce activity could produce a goldmine of sensitive payment card data for any hacker able to breach Internet security measures.
All online retailers should take the required steps to ensure they don’t find themselves on the wrong end of that equation. Perhaps the best method for doing so would be to reinforce the business’ compliance standing with the Payment Card Industry Data Security Standard. In doing so, organizations with an online storefront can rest assured knowing they have the proper security measures in place.
Some firms may have already gotten ahead of the curve.
“[B]anks are doing much more elaborate education on the PCI compliance process, and that is something they should be doing to protect themselves and their customers,” Heather Foster, the vice president of marketing for compliance solutions provider ControlScan, recently told Bank Systems & Technology.
“Many merchants think PCI compliance is a one-time event and then they’re done, but there is a lot of ongoing education that has to take place,” she added.
Foster’s company recently released a report on the state of PCI compliance and found that much work still needs to be done to bring data security measures up to speed. That’s concerning, considering the problems and issues associated with poor data security practices may be compounded during periods of heightened traffic, such as the holiday season.
Overall, ControlScan’s research revealed that the smallest merchants are most likely to be non-compliant with the PCI DSS. Nearly half of respondents with 10 or fewer employees said they were unsure or not at all familiar with their obligation to protect customer payment card data.
On the other hand, 77 percent merchants with 51 or more employees said they were very or somewhat familiar with PCI DSS. And familiarity only grew as did the merchants, according to the report.
Foster said the main reason small merchants are unaware of their data security responsibilities is because it’s not something many small business owners think about. They are too caught up in running other areas of the business, she said.
What’s more, many small businesses may have a false sense of security in thinking they won’t be the target of a cyberattack. However, that’s no longer the case, as cybercriminals have shown they are willing to launch attacks against any and all companies, regardless of size, industry or geographical location.
In addition to compliance, online retailers also want to take their brand’s reputation into consideration during these times. There’s perhaps no worse time during the year that a company reliant on retail sales can afford to suffer negative press because it was responsible for a data breach.
If unconvinced of such an impact, all a company must do is take a look at the latest Unisys Security Index, which revealed that nearly all Americans surveyed said they would take action against an organization that compromised their data. Of those, nearly 65 percent said they would publicly expose the company responsible.
And that could prove even more disastrous during the holidays, when hackers know online retailers’ databases will be bursting at the seams with customer payment card data.
Data Security News from SimplySecurity.com by Trend Micro