While you may recognize the growing threat of ecommerce identity theft, most small business owners find it hard to make time to address it. While we can understand that your time is limited, identity theft is a dire problem that can drastically affect your revenue needs your attention.
Typically, small business websites are extremely susceptible to cyberthreats like ecommerce identity theft. Without the resources to mount a rigorous defense or the reserves to weather the monetary or reputational damage of a breach, criminals know these websites are often vulnerable and therefore attractive targets.
The good news is that there are simple steps you can take to protect both your sales and your customers. With some smart preparation, you can thwart would-be thieves and get back to business as usual.
Tip #1: Secure your online checkout process
While most customers these days are comfortable making purchases online, plenty of consumers are hesitant due to privacy concerns. Therefore, it’s a good idea to do everything you can to inspire trust in your online shopping environment, particularly for potential buyers who might not be familiar with your brand yet.
Make sure your visitors feel as secure as possible by protecting them against e-commerce identity theft with strong Secure Sockets Layer (SSL) authentication. If you work with a security provider such as VeriSign, be sure to add their logo to your site as well.
Tip #2: Require verification before checkout
It’s critical to make sure that all online customers are who they say they are. One of the best – and easiest – ways to do this is to always require card verification values (CVV) for every online transaction.
Additionally, consider asking (or even requiring) online customers to create and log into an account prior to making a purchase, rather than making a purchase as a guest. This extra step can help to ensure criminals aren’t able to take over a customer’s account if they steal that customer’s identity.
Tip #3: Layer your security
“Dress in layers” isn’t just great advice for staying warm – the same practice applies to cybersecurity. A well-layered security protocol starts with basic firewalls to prevent attackers from gaining access to your site. Also, always be sure to install all security patches to your website and online shopping application, to make sure you have the most up-to-date protection.
Once all of that is in place, test your site for vulnerabilities. In fact, do this often, to make sure identity thieves have not introduced new malware since your last scan.
Tip #4: Don’t hoard data
While it may be tempting to hold onto a lot of data in order to make it easier for customers to navigate future transactions, don’t.
First of all, storing sensitive information, such as credit card numbers, expiration dates and CVV codes, violates PCI standards for cardholder data security. And second, such a database is like an all-you-can-steal buffet for identity thieves. By limiting your ongoing cardholder data storage to only what you need for refunds or chargebacks, you’ll take away the easy temptation for cybercriminals.
Tip #5: Find a partner
One of the best and easiest ways to protect your business from ecommerce identity theft is to align yourself with a good third-party security partner that can provide the technology, experience and guidance you need to stay ahead of threats. Particularly if you don’t have the staff to manage fraud protection and cybersecurity in-house, outsourcing this function can be a smart, cost-effective option. First, determine if an outsourced fraud protection system or managed services is right for you, and then do a little research to determine what services you need. Here is a handy guide to five questions ecommerce owners should ask any potential fraud protection partner.
Raphael is Executive Vice President at ClearSale, a Card-Not-Present fraud prevention operation that protects e-commerce merchants against chargebacks. The company’s flagship product, Total Guaranteed Protection, is an end-to-end outsourced fraud detection solution for online retailers. Follow us on Twitter at @ClearSaleUS or visit http://clear.sale.