Data security has always been a top of mind concern for businesses, and for good reason. Data breaches over the past few decades have become more common, reaching some scary high peaks in 2017 and slightly decreasing since then. But this slight drop off isn’t a cause to celebrate.
According to a 2019 Identity Fraud Survey, while the number of fraud incidents decreased in 2018 compared to 2017, victims are having to pay more out-of-pocket costs from their breaches. And beyond that, fraudsters are getting more sophisticated in their approaches. While good old-fashioned credit card fraud is becoming more difficult to pull off, threat actors are leveraging strategies like new account fraud, chargeback fraud, and account takeovers to fill in the gaps.
And according to research, the total costs of breaches have increased. The average cost of a data breach in 2019 was $13 million, a sum that accounts for time and resources spent finding the breach, examining its impact, resolving the issue, and monitoring recovery over a four-week period.
Clearly, businesses have plenty at stake. And in terms of security, your eCommerce platform needs to be a priority if you want to minimize your risk of experiencing this type of breach and data loss.
eCommerce data breaches are increasing over time, with fraudsters developing new tactics to overcome industry security standards.
The costs of these events are high, considering the substantial damage control and recovery processes required to secure a breached system.
Your eCommerce platform is your primary line of defense against breaches and data theft – makes sure it’s secured correctly.
Before we get into how to protect your data, take a step back and look at what types of personally identifiable information (PII) you’re collecting. Some things will be necessary to process the transaction – credit card numbers, names, addresses – but other details may be less relevant to completing the sale. This is a crucial first step to look at, as the way you store PII may affect whether your company is compliant with payment card industry (PCI) security standards. This is a big area to get into, so if you’re unfamiliar with what’s expected of you, be sure to check out this list of PCI data storage do’s and don’ts for merchants.
Beyond your own internal data policies, a step in the right direction is to find a PCI compliant eCommerce platform, like Slatwall Commerce.
Even when you’re PCI-compliant, you’ll be storing several pieces of PII for each transaction. And with more customers these days volunteering their information, including email, location, social media profiles, and so on, it’s more important than ever for businesses to have a solid data encryption strategy.
Going for a secure socket layer (SSL) certification is an easy first step, but it’s only the beginning. Look for ways to encrypt both your active data and your data at rest. Your eCommerce vendor will be able to help you here, so make sure the vendor you go with has proper security measures in place. And while you’re at it, you’ll need an effective system for categorizing your data while at rest. This is an easy way to determine the risk profile of different data points, which may require more substantial protection.
As a best practice, make sure your eCommerce vendor monitors system performance and security around the clock. This is an easy way to stay in control and keep tabs on your system, a process that usually involves scanning for issues on set schedules as determined by your provider. It’s a sort of insurance policy for your system that makes it easier to identify suspicious activity, respond to issues, and prevent system downtime as much as possible.
While contingency plans won’t exactly protect your data, they’re necessary for preventing downstream problems that come with breaches or physical damage to servers that may result in data loss. Broadly, these plans outline the basic action steps to take after an event, who’s the point person for disaster recovery, the business’s tolerance limits for downtime, and more. The goal is to create a roadmap that lets your team spring into action as quickly as possible and minimize the impact of the event, no matter what type of event it is.
As many eCommerce companies can attest, application security gets complicated fast. This area is particularly daunting when your eCommerce infrastructure is built haphazardly with various modules and integrations across your various business systems. Every new module added to the matrix may disrupt your application firewall, and each addition will need to be monitored and updated regularly.
If you’re utilizing an eCommerce platform that requires heavy use of plugins, extensions and third party code-level access, the security of your application is already at risk.
This is tough to do under a traditional eCommerce platform architecture, which is one reason why headless commerce solutions are so powerful at streamlining security. When all modules and applications are applied to a visible, segmented eCommerce architecture, it’s easy to verify that they’re all working correctly within your system.
A oft-neglected aspect of data security is user access and password management. It’s neglected because it’s so simple—companies assume that this particular endpoint will be safe, trusting their teams to keep their credentials secure. In reality, things are a bit different. The weakest link of any security chain is usually a person, and companies need to account for this. Make sure passwords are sufficiently complex, change them often, and apply two-factor authentication as an additional tool. You may also want to look into deeper access management tools in your eCommerce platform that allow you to limit what different users can do with role-based authentications.
More than anything else, eCommerce retailers need to reframe how they think about security. It’s not just a task to check off the to-do list or a workflow to hand off to a vendor; it’s an active process that needs to be managed and maintained as carefully as your eCommerce experience itself. Keep these takeaways in mind as you think about your eCommerce security.
eCommerce data security begins with good data management hygiene and best practices. Get familiar with what you need to store and protect, and what you don’t.
Encryption across both in-transit data and data at rest are essential aspects of eCommerce data security.
For the best security management, work with your eCommerce vendor to review ongoing monitoring solutions across system performance, hosting, and security.
Keep applications up-to-date in your system, and make sure that any new integrations don’t disrupt the security infrastructure already in place.
Be aware that users may be a point of vulnerability; get proactive about user access management and security best practices, particularly as they pertain to passwords and platform usage.