At Williams Commerce we are committed to maintaining a safe ecommerce environment for all our clients and their customers.
Online security and data protection are top priorities for ecommerce businesses. Data protection and online security involves more than the immediate financial and operational impact of a data breach. Customer trust and reputation can be damaged, sometimes beyond repair.
These issues are major concerns around the world but in Asia, and especially Southeast Asia, the rate of attempted fraud is up to 12 times greater than the global average. Online merchants lose in the region of 1.6% of their revenue to fraud each year.
Data protection threats
Wherever sensitive data is held, cyber criminals will be looking for ways to access and steal it. Here are some of the biggest risks:
Fraud – criminals make unauthorized ecommerce transactions and then remove any record that they have taken place or, alternatively, they will fake return or refund requests. With the boom in digital banking and new online ecommerce accounts during the coronavirus pandemic, this is a major issue for online businesses around the world and especially in the burgeoning ecommerce market in Asia.
Spam and phishing – malicious online attacks increased by over 30% in the first four months of 2020, with retail and wholesale organizations most heavily targeted. Spam emails are common, often targeting contact forms, review boxes and blogs. They create links to sites that can cause damage to your business systems and ecommerce platform.
Phishing takes place when criminals pretend to represent legitimate businesses to acquire sensitive information. Most phishing begins with an email, seemingly from a trusted sender, with an urgent request. Criminals target ecommerce businesses with phishing emails to plant malware in your systems that will give them access to your databases.
Trojan horses – just like the legend, where a wooden horse is used to smuggle soldiers into the enemy’s stronghold, criminals use software that looks legitimate to illegally access your systems and steal your information. If they can inject their malicious software into your site, they could access all the information you hold. This is a growing concern in the financial sector and represents a significant risk for ecommerce organizations.
There are even concerns that imported power equipment could be used to introduce malware into the ecommerce ecosystem.
Brute force – although it is a less sophisticated approach, criminals can use automated software to generate guesses for login details and encrypted data. You should be particularly concerned about attacks on your admin panel. If this isn’t adequately protected, all your backend systems could be unlocked with one automated attack.
DDoS – distributed denial-of-service (DDoS) attacks quadrupled this year, compared with 2019. They can bring your business to a standstill by flooding your systems, servers or networks with requests until they are overwhelmed and crash. They can be used to create a distraction allowing criminals to break into your systems while you’re busy restoring your site.
Data protection defences
A secure protocol – websites need to communicate with the internet and each other. At the beginning of a site’s address or URL you originally saw the letters ‘HTTP’. This was the original site security protocol, which allowed unencrypted data to be shared, causing security concerns. Google Chrome will now mark these sites as ‘not secure’. Modern sites should use HTTPS or secure socket layer (SSL) certification where data is encrypted, reducing the risk of attack.
Payment gateways – your payment gateway is a high-risk area because personal information is involved including addresses and payment details. A secure gateway is essential to make sure that all this information is securely transferred for processing. This can include end-to-end encryption, tokenization and, at the very least, meeting the Payment Card Industry (PCI) data security standards.
Anti-virus and anti-malware protection – using high quality anti-virus and anti-malware software will help to reduce the risk of successful attacks by hackers, spammers, and phishers. However, the most important protection is training to make sure that your employees follow good data protection practices.
Access control – people should only access the information they need. Security scan tools, two-factor authentication, and time limits for passwords are all helpful steps. Regular reviews of admin access, site scans and permissions control are good practices to follow.
Even the professionals can suffer at the hands of hackers, so it’s essential to continually review and revise your practices.
Platform maintenance and updates – when an ecommerce platform becomes popular there’s an added incentive for criminals to find ways to breach security. Your ecommerce platform should have built-in security capabilities and should be regularly updated to protect your site from known risks. If you use plug-ins for your site, you will need to be confident that these are well-maintained for security too.
How Williams Commerce can help protect your data
At Williams Commerce, we work closely with ecommerce platform providers to stay ahead of security risks.
Effective security relies on understanding your weaknesses and prioritizing your defences. We provide our customers with confidence about their online security measures.
Here are some steps we frequently recommend:
Testing – regular penetration tests will alert you promptly to vulnerabilities. You will then have an opportunity to find solutions before you are targeted by criminals. There are many types of penetration test, but ecommerce businesses should start with a web application test. A cyber security expert will probe your applications, using the same techniques as a criminal hacker looking for ways to exploit your systems, and you will be informed of any weaknesses.
Review your data protection practices – to run an ecommerce business you will have to collect customers’ personal information, which means you are responsible for protecting it. Cybercrime represents a serious threat to data protection. For example, the average cost of a data breach to organisations in Association of South East Asian Nations region is S$3.6 million (US$2.62 million) and the average number of records involved in each breach is 22,500.
You must also make sure that you don’t use your customers’ information without their permission. This might include using it for marketing purposes or sharing it with third parties, which could lead to a fine. We can help you set up and maintain industry standard privacy policies.
Find out more about how Williams Commerce can help to protect your valuable data assets. Speak with one of our experts.