Retailers: Don't Overlook eCommerce Web Security This Holiday Season

The headlines have become routine. Web security (or cyber-security) is part of the everyday fabric of our increasingly digital lives. There is an inherent risk in everything we do online, especially when it comes to commercial transactions. For retailers seeking big online gains this season, security concerns have the potential to be the proverbial turd in the holiday punch bowl.

Recent data shows that one-third of online shoppers hesitate to buy due to concerns about credit card data security. Additionally, 60% of consumers report security concerns when shopping online. Retailers can either fret about these facts, or instead, find the silver lining. eCommerce revenue will continue its steady rise; the onus is on retailers to provide a secure shopping experience and settle jittery consumer fears that kill conversions.

Web Security in the Holidays

The holidays are peak season for hackers to target retail. Increased traffic levels help disguise hackers from detection and retailers are preoccupied with preparing Black Friday sales or putting final touches on holiday email campaigns. To help make sure you deliver a safe and secure online shopping experience this holiday season, it is imperative to prioritize security measures.

Five Web Security ‘Must-Haves’ for Retailers

1. PCI DSS Compliance: PCI DSS (Payment Card Industry Data Security Standards) are requirements for companies that process, store or transmit credit card information to do so safely and securely. Make sure you are PCI compliant, and add a visible badge to your eCommerce application. This will signal to consumers that payment information is properly encripted and safeguarded.
2. HTTPS/Secure Browsing: Ever noticed a small, green “Secure” tab in a browser’s URL bar? That is a digital certificate, provided by a 3rd-party Certificate Authority to certify that the site encrypts HTTP traffic, keeping the contents of requests and responses secure for visitors. Digital certificates are another easy signal to ever-wary shoppers that they are on secure site that can be trusted. (Learn more about digital certificates)
3. DDoS Mitigation: A Distributed Denial of Service (DDos) attack presents a real threat for retail sites. DDoS events are designed to flood a website with traffic and repeat requests. DDos events can happen anytime and are sometimes preceded by an extortion message demanding payment. Unless requests are diverted or blocked, DDoS will slow down or completely crash a web application, making it impossible for real users to access it. Even one hour of downtime will cost a retailer significantly in lost revenue. Retailers need to be prepared at all times and invest in a monitoring and DDoS mitigation solution.
4. Web Application Firewall: A web application firewall is a type of security technology that filters and reads traffic. A WAF can block or divert requests based on rule configuration. This is a key tool for DDoS mitigation in that bad traffic can be blocked or rerouted. Web application firewalls differ from traditional firewalls in that a cloud-based WAF covers the flow of requests and responses to third-party sites that are integrated into a web application, such as a social media widget. Integrations are often utilized by hackers as a weak point of entry to breach the security of an application.
5. Education: Some of the largest security breaches have originated from relatively crude methods, like email phishing. The marketing team at ADT takes this to an extreme by sending fake phishing emails to employees, and if they catch a click, the guilty party has to study up with a course on web security. Developing company-wide security policies is an essential step to safeguarding against attacks.

Real Business Impact of Online Threats and Security

A 2014 report from McKinsey projected that increased cyber-security measures would save the global economy $3 trillion in the next 5 years. A company’s first priority is to safeguard against a denial of service attack or data breach. Target had to pay out $252 million dollars in damage control in the aftermath of its infamous 2013 breach. Of course, these are must-prevent scenarios. However, there is also the silver lining to investing in web security – consumers will take note of your efforts. A site that performs without hiccups and demonstrates a security commitment with PCI compliance and digital certificates will stand out from the competition and generate higher sales.