The COVID-19 pandemic, coupled with the fast progression of digital transformation has made online shopping an affordable and reliable alternative to the busy malls that consumers have started to stray away from. For those who are in the e-commerce world, or who have just entered it, it’s an exciting time. With Black Friday at our doorstep and Christmas around the corner, it looks like it’s going to be a prosperous year.
But just as it might be a lucrative year for merchants, so too is it an opportunity for cyber criminals. Just as a brick-and-mortar could be robbed, e-commerce stores are just as vulnerable to scams. Online merchants are susceptible to theft by fraud, and many are unprepared to identify and stop the threat before it wreaks havoc on their website and their customer data.
While more transactions will be happening online over the next few weeks (and that’s great for the economy) the truth is that when more purchases are made online, there are more opportunities for scams to occur. If you’re busy preparing your online store for this busy season, we’ve got a handful of cybersecurity tips to get you through safely.
Customer data is a number one priority
All of your customers’ data, including account logins, names, addresses, numbers, email addresses, bank card and bank account numbers must be stored safely away from prying eyes. This is highly sensitive information that criminals want to get hold of in order to access and steal information and even often money.
There are a number of precautions you must take to secure this data. Firstly, invest in robust malware detection and removal software. Once it’s installed, remember to action all updates and security patches that you get notified about, as this will ensure all potential holes or glitches are patched as soon as they appear.
Be upfront if a hack attempt has been successful
If you find out your website has been hacked, the first step to take is to reach out to your bank and payment gateways. The very next step is to notify your customers straight away. The South African Banking Risk Information Centre (SABRIC), is able to assist you in the process of contacting your bank.
Customers will always appreciate being told about a hacking attempt as it unfolds, rather than later when their information has already been discovered and used. Reveal your plan to mitigate any damage and inform customers that they can reach out to you at any point in time. This will only improve customers’ trust in your brand.
Be aware of files received from unknown sources
If you receive an email from an unknown address, don’t open any attachment until confirming it is safe. Malware is often spread via links and attachments which if clicked upon include a code that gives cyber criminals access to your data.
If you’re expecting an email from an address outside of your company or organisation, ask for the email address ahead of time so that if your business email system flags it as spam, you can accept it and move it into your inbox without any fear that it could include harmful links or files.
Check and recheck your website links
A common tactic to extract customer data is by hacking into website links and redirecting people to malware infested fake websites that look like yours. Frequently check all the links on your website and links that point to your website from other sources to ensure they haven’t been tampered with.
These links will send your customers to a payment portal or website that looks similar you yours and is designed to steal payments, putting both you and your customers at risk.
Check up on your domain name
As mentioned above, fake websites are often set up using a domain name that looks almost identical to yours. Criminals then create fake social media accounts to attract and divert your customers to this website in the hopes that they will enter their information and they can then benefit from the payment.
Regularly type your registered domain name into Google and your browser to see if any fake websites that are posing as yours show up in the results. If you do find fake alternatives, you can report it to the ZA Central Registry (ZACR), which is responsible for South African subdomains (.co.za, .org.za, .web.za and .net.za). Fill out a complaints form and send it to email@example.com.
Remember to also have an SSL certificate installed. It’s the simplest way to create a secure, encrypted connection between your website and your customers. Plus the padlock sign next to your website name proves your website is trustworthy to all visitors.
Use a trusted and PCI compliant payment gateway
If you are a merchant that accepts credit card payments you must be in compliance with PCI Security Council standards. Choose a PCI DSS level 1 certified service provider and your business will be in line with both these security standards and POPIA. By choosing a trusted and reliable third party payment gateway, you ensure your customer data and privacy is safeguarded.
From payments, to files to domain names, there are a number of ways merchants can stay ahead of cyber criminals and keep their customer data as safe as possible over the busy holiday season.