As with any new technology trend, online shopping has its fair share of security challenges. Businesses must ensure that consumer information submitted to them is adequately protected and stays out of the hands of would-be ne’er-do-wells. On the flip-side, consumers must ensure to conduct online transactions only with reputable businesses that have such security measures in place.
The reality, of course, is that there is wanting on both sides.
Business, whether intentionally or accidentally, may scrimp on some of the data security practices necessary to keep consumer data, such as credit card numbers, names and addresses, out of harm’s way. This may be the result of inattention to detail, honest mistakes, under-performing security measures or otherwise.
Consumers, meanwhile, may be drawn to less reputable ecommerce sites that offer whatever it is they’re looking for at bargain prices. In this day and age, when everything from music and movies to furniture and groceries can be purchased online, the customer must use his or her best judgment to avoid submitting sensitive information to sites that may not have the best data security measures in place.
A recent study from Avira found that security levels are a deterrent for online shopping for about one-fifth of consumers. In a survey of nearly 3,000 consumers, 18.9 percent said they do not shop online because of security concerns.
The majority of respondents, however, indicated that they are willing to shop online – some more comfortably than others. According to the report, 22.5 percent of respondents said they will only buy from known shops or brands, such as iTunes or Amazon. Another 15.6 percent said they’re OK with shopping online if the transaction methods are secure.
The largest portion of the respondent pool – 28.6 percent – said they are willing to shop online but that they constantly worry that personal information will end up in the wrong hands. This approach is probably less of a devil-may-care attitude toward online shopping as much as a glaring shortcoming in ecommerce security practices. It shows that consumers – whether out of necessity or simply convenience – will continue to shop online despite security concerns.
To a point, this is understandable. The influx of headline-grabbing data breaches this year has not gone unnoticed by consumers. By this point, everyone has at least heard of – if not experienced firsthand – data breaches affecting millions of unsuspecting consumers. These incidents have instilled a healthy bit of apprehension in consumers when it comes to their sensitive information, leading some to wonder whether ecommerce sites have become something of a cybercrime playground.
“Because of the continued data breaches, phishing attacks and security vulnerabilities that get reported on almost every day, consumers have every right to not feel 100 percent safe while they shop online,” said Avira’s Sorin Mustaca.
Nevertheless, the majority of online shoppers will continue with the practice. A study released this month by the World Retail Congress predicted that ecommerce sales will surge in the coming years, increasing by 10.2 percent worldwide between now and 2015.
Western Europe – where the Avira study was conducted – will become an especially lucrative market for online retailers. According to the World Retail Congress’ study, retailers expect 68 percent of their local growth to come from online sales. North America, meanwhile, is a bit more mixed, with retailers forecasting 50 percent growth to come from brick-and-mortar shops and 50 percent from online storefronts.
There are a number of ways for consumers to offset the threat of data theft. The first and most obvious is to conduct transaction only through reputable sites. This doesn’t mean consumers can only buy from big brands. On the contrary, so-called boutique websites with fewer resources can still boast more-than-adequate data security.
One way to determine whether a website is secure is to look for the “https” in the URL. The S, which stands for “secure,” indicates that the site supports encrypted communication and, therefore, is less likely to be compromised. Additionally, shoppers can look for a small lock near the top of their browser, which suggests the website is secure.
The challenge for businesses, meanwhile, is a bit more extensive. Companies that collect and store consumer financial information are required by the Payment Card Industry Data Security Standard to implement measures that ensure such data isn’t compromised or goes missing. In recent years, the PCI DSS has been updated to include best practices for online retailers. Companies that fail to comply with these standards run the risk of fines or possibly the right to conduct credit card transactions.
But PCI DSS compliance should not be the only goal for online retailers. Even companies that are fully compliant with the standard can experience data breaches and loss. As hackers become more clever and malware more complex, businesses will need to go above and beyond to protect consumer information.
In the end, ecommerce data security is a two-way street. Companies must protect consumer information, and consumers must determine whether a site is trustworthy or not. As ecommerce becomes a bigger part of our shopping habits, it will be interesting to see how both sides respond.
Security News from SimplySecurity.com by Trend Micro