At least 145 million Americans — half the population of the United States — were impacted by the recent data breach at Equifax that netted thieves personal information such as names, addresses, birthdates, Social Security Numbers and driver’s license numbers.
That pales in comparison to the earlier Yahoo breaches, which affected more than 1 billion accounts.
However, those incidents may be just the tip of a very large iceberg, as reports of data breaches just keep on coming.
Data Breach Disillusionment
“Consumer confidence is at an all-time low,” said Paige Schaffer, COO of the identity and digital protection services global unit atGenerali Global Assistance.
“We did a survey with ORC International that found 40 percent of consumers believe businesses aren’t doing all they can to protect their personal information,” she told the E-Commerce Times. “Further, three in four holiday shoppers say they’re either very concerned or somewhat concerned about their financial or personal information being compromised due to a data breach this season.”
Still, “75 percent of holiday shoppers say they’ll be doing at least some of their shopping online,” Schaffer pointed out.
Consumer spending will be up 3.4 percent year over year this holiday season, to total almost US$680 billion, according to the National Retail Foundation.
Companies that want to nail down their share of the bonanza must not only make sure their systems are secure, but also make sure that shoppers know they’re in good hands.
Here are some ways e-commerce firms can reassure skittish customers and potential customers.
1. Have a Good Cybersecurity Solution
“Have multifactor authentication for any user accessing information and anyone in the company handling anything related to money to make life hard for hackers,” advised Ebba Blitz, CEO of Alertsec.
Ensure data storage is on a secure server like Amazon Web Services, or if the data is stored in-house, “encrypt all entry points and include a personal firewall,” she told the E-Commerce Times.
2. Make Security a Core Policy
Demonstrating a serious attitude about security at the policy level is crucial, remarked Jim Hartling, chief architect at Softvision.
Companies must have processes with security at their center, he told the E-Commerce Times. They must adhere to compliance standards including PCI, and establish policies for code revision and penetration testing.
Further, they must pay ongoing attention to exploits in the wild, Hartling said.
E-commerce companies should promote customer data protection like other companies promote their sustainability policies, said Generali’s Schaffer.
“Make it a part of your company’s culture and reflect it outwardly in all aspects of what you do,” she advised.
3. Use SSL Security
Companies should use SSL bank-level security by default on all certificates, and invest in Green Bar SSL certifications, advised Christopher Walton, VP of guilds at Softvision.
“This is the highest level of SSL, and your customers will be assured that their transactions are secure,” he told the E-Commerce Times.
Don’t just buy the cheapest SSL certificates, Walton warned. Choose a well-known and trusted vendor instead.
4. Don’t Stint on Site Hosting
Even if budgets are tight, invest in a separate e-commerce server.
“Don’t host your e-commerce site on a computer under your desk,” Softvision’s Walton said. “I’ve actually seen this before.”
Use a trusted secure hosting provider that delivers solid physical or virtual servers and has the ability to scale up as business grows, he suggested. “The last thing you want is for your servers to go down because you have too many orders.”
5. Blow Your Own Security Horn
Make sure you display your security certification logos on your website, Schaffer advised. “These seals assure customers who are inputting their credit card data that your site’s secure.”
It might be worthwhile to create a campaign focusing on demonstrating your organization’s data security policies, she suggested.
“Think about creating a simple ‘Why shopping with us is safe’ page in plain English,” Softvision’s Walton said. “Provide visibility to all your trust marks and verbiage that explains what you’re doing to deliver a safe shopping environment.”