The Clearsale Blog

World Password Day: Password Tips for Reducing E-Commerce Fraud

World Password Day: Password Tips for Reducing E-Commerce Fraud

More than 80% of people online use the same password for multiple sites. While this makes account logins easier for customers, it also makes it easier for fraudsters to compromise their accounts.

Intel Security hopes to change that with its annual World Password Day, observed the first Thursday of May each year.

Started in 2013, World Password Day intends to raise awareness about the pivotal role strong passwords play in protecting our digital identities. Given that computer users globally will need to manage 300 billion passwords by 2020 — that’s 40 passwords for every person on the planet — it’s no wonder that so many people opt for simple passwords that are easy to remember.

E-commerce merchants can play an important role in helping consumers strengthen their passwords and protect themselves from identity theft — not just one day a year, but all year long. So the next time your customers think about using their pet’s name or their birthday as their password on your site, encourage them to implement these four password security strategies.

Layer Passwords

When apps and websites require a second layer of identity verification to login, accounts become substantially harder to hack.

Merchants can facilitate this by layering multiple identity proofing requirements for users, such as:

  1. Something the user owns (e.g., a chip card or a mobile device)
  2. Something the user has (e.g., a fingerprint or a retinal scan)
  3. Something the user knows (e.g., the answer to a challenge question or a single-use password delivered as a text)

Adding this additional layer of verification does require a little extra work for the user to access their account, but the increased confidence and protection far outweighs the potential friction.

Merchants who offer multifactor authentication for their apps and websites should encourage users to take advantage of this free extra layer of security.

Strengthen Passwords

Despite constant reminders to create hard-to-guess passwords, many users fail to heed that advice. For five years running, the No. 1 most commonly used password was “123456,” used by an estimated 3% of people. In the No. 2 spot — also for five years — “password.”

In fact, most of the 100 most common passwords consist of short numerical strings (22222), keyboard patterns (QWERTY), dictionary words (dog, house) and sports or pop culture references (“donald” is No. 23 and “starwars” is No. 60).

Because a password is often the only barrier between a customer and a fraudster, merchants can require customers to periodically update their passwords to include:

  • At least 12 characters
  • A combination of upper- and lowercase letters, numbers, and symbols
  • No obvious substitutions, like replacing the letter o with the number 0 (“passw0rd” comes in No. 31 of the top 100 worst passwords of the year)
  • A string of seemingly random words instead of using just a single word

On the other hand, if every website password needs to be unique and hard to decipher, customers will be understandably worried they won’t be able to remember each one. Merchants might want to suggest customers use a secure password manager, such as Dashlane, LastPass or RoboForm, to help.

Don’t Share Passwords

It may seem obvious to have to remind customers to not share their passwords, but with the increase of phishing and pharming attacks, customers are increasingly being tricked into sharing sensitive data. Customers often receive legitimate-looking emails or texts from a fraudster posting as a company needing the customers’ passwords or other personal data, and as many as 30% of these phishing emails get opened, with 12% of users clicking links.

If a customer does divulge passwords or account information, the fraudster can launch an account takeover attack and gain access to checking and savings, brokerage, and loyalty accounts. Some attacks even give fraudsters the ability to hack mobile phones and computers.

Use Passwords on More Than Just Websites

With people storing more and more of their lives on their e-commerce devices, losing an unlocked phone or a tablet can be more than just inconvenient — it can be devastating. Finding an unlocked device with full access to bank accounts, automatically reloaded Starbucks gift cards, and payment platforms like Apple Pay or PayPal is like Santa’s arrival on Christmas Day for fraudsters.

To avoid losing it all when they lose their phones, encourage customers to secure their devices with the latest technology. Many electronics now offer the option to unlock devices with fingerprints or face recognition — increasing the likelihood that only the rightful owner can access sensitive information.

Secure Devices

Even if customers have taken all these steps toward securing their accounts, they need to secure their devices, too. A fraudster looking over a customer’s shoulder when they type in a user name and password or a hacker recording a user’s keystrokes can leave accounts just as vulnerable. To avoid leaving devices at risk, customers should install updates to antivirus and antimalware software and install any security updates and software patches that are issued.

is every valid order being approved?

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How to Know It’s Time to Create a Mobile App for Your Online Store

How to Know It’s Time to Create a Mobile App for Your Online Store

We rely on our mobile devices for everything—our banking, our gaming, our arguments with that really boisterous neighbor. Naturally, we use our mobile devices for shopping as well.

Are Virtual Events the Future of Retail Experiential Marketing?

Are Virtual Events the Future of Retail Experiential Marketing?

Over the years, retail brands—including those in e-commerce—have turned to immersive experiences as a way to engage customers, build a community, and strengthen their brand experience. Whether..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog