The days of buying and selling goods hand in hand are diminishing; consumers are getting their mouse do the job of buying everything from books and plane tickets to computers and cars over the internet. But how safe is their credit card information? What happens to the information once the transaction is finished? Do eCommerce establishments delete it?
Hackers are continually devising new ways of getting access to consumers' credit card numbers via the internet, so how secure should people feel? One of the highest profile cases occurred in 2007, when unknown hackers got into the databases of off-price retailers TJ Maxx and Marshall's in the US and stole more than 45 million credit card numbers. Thus, security is one of the big issues when it comes to eCommerce.
As an example of the increasing activity of online purchase, in the UAE, the adoption of online shopping is definitely rising; 39 percent of UAE residents go online for purchases each week. More than 34 percent of UAE residents say they make online purchases between one and five times a week, with five percent making purchases online more than five times a week, according to a survey of purchasing behavior by Network International, the payment solutions provider in the Middle East.
The most frequent use of online payments was for remittances to home countries (15 percent), followed by payment of utilities (14 percent) and high value items such as property or cars (12 percent). Ten percent of the respondents said they use online facilities to pay for children's school fees.
While most residents prefer to use cash or cards to shop in-store for items such as groceries, clothes and household goods, 15 percent of respondents said they went online to purchase electronic items such as TVs or smartphones. Ten percent of UAE residents said they purchased fast food or takeaway on the move using a mobile device.
It turns out that the three main reasons for making online purchases is due to the ability to pay with a single click, robust security measures and the advantage of purchasing on the move.
Moreover, the findings revealed that Asian expatriates are the most regular users of online payment platforms with 35 percent using the facility between one and five times a week, followed by Emiratis (32 percent), Arab expats (31 percent) and Western expats (30 percent).
The findings provide great insight into the spending behavior of UAE residents, especially with regards to the method of payments. But how can all consumers around the world stay safe from hackers? This is where the role of eCommerce websites should be to provide safety measures.
Identity thieves are on the hunt for credit card numbers, social security numbers and other data considered confidential, but there are several ways to keep hackers away from eCommerce websites. As we all know, hackers and identity thieves cannot steal what you don't have. Therefore, do not collect or save any private customer data through your eCommerce solution that is not essential to your business.
When it comes to processing credit cards, use an encrypted checkout tunnel to eliminate the need for your own servers to ever see the customer's credit card data. This might be slightly more inconvenient at checkout time for customers, but the benefits far outweigh the risk of compromising their credit card numbers. Also, be certain hackers can't remotely access any private data you retain.
You should regularly test your eCommerce site for vulnerabilities to stop hackers from doing any real damage. This includes:
Regular scanning: Check your websites regularly (including a test of all links) to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.
Penetration testing: Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code.
Security apps: Look into web application scanning tools that help identify a variety of vulnerabilities, ranging from identifying Cross-site Scripting (XSS) to finding vulnerabilities inside debug code and leftover source code that could put confidential data at risk.
Regularly eliminate risky software that jeopardizes online security. Modern web development code, such as HTML 5, will help you eliminate potential vulnerabilities from Java. If you are redesigning or building a new site, opt for the safer choice. While you're at it,try to eliminate Adobe Flash and other applications that are prone to vulnerabilities when possible. If you must use Java or Flash for legacy applications, make sure you patch the software regularly to ensure you have the most secure version.
Correctly configure perimeter defenses. Buying a firewall is easy; configuring it correctly requires time and effort. If your eCommerce site is managed by a hosting provider, most likely, your IT staff will not have direct access to the network security infrastructure. That means you probably have to rely on contract language to address issues of network security. Plus, you must work directly with your provider to ensure regular monitoring and testing of your eCommerce site. Must-have security services for your site, whether you have a hosting provider or host your site yourself, include: data loss prevention, data loss detection, advanced persistent threat detection, intrusion prevention services, DDoS protection, reputation defenses, antivirus/antimalware and a fraud management service.
Moreover, encrypt your communication with business partners, especially with your credit card processor. You might even consider encrypted email. Reason being, you should never send potentially private data in plain text over the internet. Why take the chance that someone is looking at your private communications?
It's worth mentioning that attention will render hackers and identity thieves powerless. This comes down to three key actions: constant testing of your eCommerce site, immediate attention to problems, fixing them as they occur, monitoring your site to ensure the problems have been eliminated.
Additionally, log files offer excellent insight into your site's security, but are useless if you don't take the time to find the anomalies. Security is an ongoing process, not a one-time fix to pass an inspection. If your site accepts credit or debit cards, you will be required by your card provider to test your network annually, requiring a third-party tester or perhaps a self-evaluation, depending on various considerations. In addition, opt for quarterly tests with ongoing evaluation of log files for intrusion prevention and data loss prevention.
Customers should feel confident in the website owners' dedication to online security. Otherwise, it could cost to lose the business if hackers have their way. Should online shoppers assume their info is safe? Or does the responsibility fall on those running eCommerce sites?
