Are You Cybersecure?

With more consumers shopping online, retailers and brands must have sufficient cybersecurity \systems in place to protect themselves and their customers. We ask some industry experts about how the risk of cybercrime can be reduced in retail.

James Allen-Lewis
Development Director Sonassi

“With consumers shopping online more than ever before - particularly as we move through this year’s golden quarter and discounting is increasing immensely - the rate of online threats has surged as COVID-19 provides new ballast for cybercriminals.

One quick and easy way retailers can safeguard their online capabilities is by implementing best practice steps to secure their online stores. Simple steps such as regular updates to passwords and multi-factor authentication should not be overlooked. Another consideration should be locking down the administrator interface by IP address. This simple change makes it much harder for hackers to gain access to this critical part of the store.

It is also imperative that retailers monitor their log for any suspicious file activity as many attacks involve files being added or changed on a website. Furthermore, audits on admin accounts should be run regularly and admin access should be kept to a minimum, it is essential retailers always know who has access to their website. Finally, merchants must scan their website for indicators of compromise as this will give far more visibility into the security posture of the business.

The bottom line here is that consumers will look to retailers who offer reliability and security. Merchants must therefore implement cybersecurity best practice steps to ensure their speed, usability and security are unrivalled."

Matias Madou
Co-founder and CTO Secure Code Warrior

“Cybercriminals are always finding new and creative ways to steal customer data and funds, and the acceleration of digital sales driven by COVID-19 means that consumers are more dependent than ever before on retailers ensuring that their data remains safe. Retailers are spending millions on various security tools to stop cybercriminals, but there is a much more effective way to approach cybersecurity, and it starts with developers themselves.

One of the easiest ways hackers can gain access to eCommerce sites is through vulnerable code, and a lack of tools and training for developers is a big part of the problem. Given that traditionally security has not been the responsibility of a developer, learning secure coding needs to be a positive experience. Developers are creative people who thrive on problem-solving, so to really make a difference you need to demonstrate how security can seamlessly feed into a developer’s current coding practices by giving hands-on, contextual learning that mimics the code they work in each day.

If developers are guided through how coding and security can be combined, without it taking time away from feature building, they are much more likely to continue best practice in the future.

Avoiding exposure to cybersecurity risks in the eCommerce sector is near impossible, however preventive measures can be taken and developer-centric learning is a key part of this."

David Jeffrey
Director of Product Barclaycard Payments

“Online shopping has scaled to new heights since the first lockdown, and so has online fraud. It is vital that businesses adapt and take full advantage of emerging technology, such as artificial intelligence (Al) and machine learning (ML), to ensure they have smart fraud protection processes in place to support a better retail experience.

A combination of emerging technology and rule-based analysis can streamline the online fraud prevention process and ensure companies don’t accidentally block transactions by genuine customers - in turn supporting healthy business.
It’s imperative that companies have the tools to analyse all customer behaviour - so that when there is an anomaly, it can be quickly and efficiently blocked or flagged.

Using behavioural analytics based on historic and real time data makes it possible to detect unusual customer behaviour and consistently detect new fraud patterns. Machine learning-based systems pull data from constantly changing data sets and can find hidden connections, which makes it possible to detect even subtle fraudulent activities.

Introducing sufficient safeguards and friction to combat fraud - while still providing a seamless customer experience to genuine customers - is a delicate balance to strike. Companies need to distinguish between helpful, positive friction that prevents fraud, and harmful, negative friction that hinders the customer journey. Once this distinction is made, businesses can start to eliminate negative friction points whilst optimising the positive ones."

Rafael Lourenco
Executive Vice President & Partner ClearSale

“According to ClearSale’s recent report titled ‘No Second Chances! Why the e-commerce industry needs to make anti-fraud protection a priority’, UK consumers are prepared to make sacrifices to their shopping experience in return for the knowledge that they are protected. In fact, 77 percent of UK consumers say they would be more likely to shop at a trusted website with fraud protection, even if they had to pay more for the products and wait longer for deliveries, while nearly half (47 percent) believe that fraud protection is more important than online privacy and are prepared to provide personal details in exchange for protection. Two thirds (66 percent) of consumers would like to see new technology incorporated into websites that detect suspicious behaviour.

So, what can online retailers do to reduce the risk? Firstly, it is essential that online retailers have an understanding of payment trends and fraud practices in order to recognise suspicious behaviour.

Using a Security Socket Layer (SSL) provides a secure session and protects the client’s personal data from being stolen, and steps such as two factor-authentication will ensure that stolen data, like a password, is useless without additional confirmation. If a retailer is looking to partner with a third-party fraud-prevention software, then they must ensure that it is accredited and has a proven track record across markets, prevents ‘false declines’ (so that the customer experience is not hindered by over-zealous protections) and that it can tailor any solutions to the specific risks the website faces, rather than a ‘one size fits all’ approach."

Original article at: https://flickread.com/edition/html/5fe212ed61efc#1