Let’s say you have an amazing idea. You’ll join in with all the millennials and finally start up that awesome e-commerce site you’ve been dreaming about. You hate your day job and all its technical hassles anyway. You just want to make cool t-shirts and bandanas that everyone wants to wear at Bonnaroo. Selling stuff online is a breeze. People have been doing it since eBay started in the last century. All you need is a cool Instagram account and some carefully timed sponsored posts, right?
Unfortunately, e-commerce is as rife with technical hassles as your current day job. Cyber criminals are on the hunt for low risk, high return hacks. And an undereducated attempt at online retail is a huge target.
Obviously, not all e-commerce sites are run by newbie little guys. Everyone selling anything in the modern era has an online storefront of some kind. If you’re operating in the e-commerce space and taking payments for goods or services of any kind, take a look at the risks below.
Credit Card Fraud
As an online retailer, you have two responsibilities around credit cards. First, you have to protect your customers’ data from theft. Second, it’s your responsibility to monitor your site for suspicious transactions. Are users making purchases with stolen credit cards? Use an Address Verification System and create a process for handling purchases that seem unusual.
Phishing scams come in many forms. As an online retailer, you may face situations where a hacker impersonates your brand and sends emails to customers requesting account or credit card information. Scammers will send emails with links to dummy sites that look like yours (with the promise of a coupon code or a sale). Then they will use the dummy site to capture data from the customer or share a piece of malicious code.
Another popular phishing scam that may target both online retailers and their buyers is the “shipping information” email. A customer or employee receives an email that claims to contain shipping information for a recent purchase or sale and includes a tracking link. The link, of course, contains malware.
A distributed denial of service is a malicious attack that floods servers with so many requests that they shut down. As an online retailer, you can only make sales and accept payments if your site is up and running. Consider, also, that a lack of access to your site may mean a lack of access to shipping information that could delay order processing and delivery of goods. DDoS attacks can be costly in terms of sales as well as in reputation if fulfillment promises are not met.
Think of man-in-the-middle as a form of eavesdropping on a user’s device. A hacker will find devices on a public, unsecured network and just…take a peek at what the user is up to. If your e-commerce site is not encrypted, the hacker can find it in the user’s browsing history and capture credit card information, usernames and passwords, addresses, and more.
The most important steps to take for information safety online are the most basic ones. Require your users to create really strong passwords. Use a strong SSL. Work with a high quality (PCI-compliant) hosting provider for your site. Turn on multi-factor authentication on any device your or your employees use. And complete a vulnerability assessment.