E-commerce businesses have grown massively over the past years; many buyers all over the world tended to shop online more or less regularly. In 2020, the COVID-19 pandemic completely changed the situation in the shopping industry…forever. Both e-commerce and brick-and-mortar were somehow affected, as the interest in online shopping has soared dramatically.
E-commerce Gone Wild
Let us have a look just at some unprecedented statistics for 2020:
- According to Adobe’s Digital Economy Index, U.S. online retail businesses have abruptly grown by 49% in April, compared to the pre-lockdown era at the beginning of March. Online grocery shopping has grown by 110% daily!
- According to Narvar, 56% of buyers have tried a new shop during the lockdown period
- According to eMarkete, Amazon's e-commerce sales increased by 39.1%, Best Buy by 105.5%, Target by 103.5%, and Kroger by 79.2%. Those were the biggest sales figures ever for the mentioned companies.
- Amazon affirmed that the 2020 holiday online shopping season was the biggest ever. This was confirmed by many other retailers
As for 2021, e-commerce will obviously keep its glorious march, regardless of pandemic and vaccination developments. eMarketer predicts the US online shopping sales to grow to $843.15 billion (up from $794.5 billion in 2020).
What About Security?
The lockdowns and restrictions have forced most of the consumers to adjust their way of leaving choosing internet shopping from home, in a safe and familiar environment. But is it safe to shop online? Online retail was always accompanied by some risks: damaged or unexpectedly low-quality goods, dishonest sellers unwilling to refund, etc.
However, we will concentrate on the most important problem faced by e-commerce business owners and their customers: cybersecurity. Online retail has always been and will always stay the hottest target for cybercriminals, and of course, the unprecedented success faced by e-commerce businesses in 2020 could not elude the hackers’ attention.
Why? Simply because personal data is becoming one of the most valuable assets. The convenience of online shopping was particularly important during 2020 lockdowns, but the more people shop online, the more it attracts hackers. According to Cyberpion, 83% of the top 30 US retailers are vulnerable to cyber-attacks.
Apparently, both the online stores and the customers are affected. To buy something online, the customers need to provide their personal data to the online store. They must entrust their credit card information, e-mails, usernames, passwords, etc. Cybercriminals can steal that information from the online store database to make money. At the same time, if the clients’ personal data is compromised, it can ruin completely the company’s reputation, as it will be held accountable both to the clients and to the entities regulating the industry.
Cybersecurity is a big responsibility. E-commerce business owners need to be very serious about online safety. They just cannot afford to lose their customers’ data and their company’s reputation. Of course, many online retailers are aware of cybersecurity threats and are taking the necessary measures to guard against those. According to the VMWare Carbon Black 2020 Cybersecurity Outlook Report, 77% of eCommerce business owners have acquired new security tools, while and 69% of them have invested in the cybersecurity workforce.
However, cybercriminals are on the constant quest for new vulnerabilities and are working harder on their skills. Thus, online retailers need to stay constantly ahead: keeping up with the newest e-commerce cybersecurity threats is a must.
So which are the biggest security threats for e-commerce businesses?
1. DDoS (Distributed Denial of Service) Attacks
DDoS attackers send simultaneously a large amount of requests from hundreds or thousands of compromised IPs, to take your web resource down. When your online store is flooded with such a big amount of traffic, your customers are not able to make purchases.
DDoS attacks disable your online store for several hours or even days, which is especially annoying during peak seasons. If your site is attacked during holidays, you lose a huge share of income (and sometimes customers), as your competitors…win.
2. Phishing.
This is a type of fraud, aiming to access the buyers’ personal data (logins, passwords, bank card details). Phishing attackers often use mass mailing on behalf of popular companies with links to fake online stores that are outwardly indistinguishable from real ones (the site usually looks identical, but the URL may slightly differ from the original one). Naturally, after paying, the buyer receives nothing.
3. Malware (malicious software)
Any software trying to infect a computer or mobile device is considered malicious. Cybercriminals insert the malware on victims’ websites for various purposes: obtaining personal data and passwords, stealing money, blocking the device owner. They can automatically redirect the website to another page or open multiple pop-up windows to mislead the consumers.
4. Ransomware
Ransomware is one of the biggest cyber-disasters. It’s a specific type of malware locking the device from its user. To access his own data, the user needs a key, which can be provided only by the hacker. The user is blackmailed until he pays the ransom. The ransomware can be injected into your device through phishing e-mails, pop-ups, fake sites.
5. E-skimming
You have probably heard about skimming devices used to hack ATMs. Now the cybercriminals use a more sophisticated technique called e-skimming: they insert a skimming code in your e-commerce site, right into the pages processing the payment cards. Thus, they steal the card data in real-time, while the user is paying.
To shop or not to shop?
E-commerce cybercrimes are not limited to the aforementioned list. Does this mean that shopping online is always dangerous, and you should avoid it? Of course not! Shopping online is very comfortable, practical, and sometimes inevitable. Good news: you can make it completely safe!
Secure online shopping is a mutual responsibility. Both the organizations and the consumers must make some steps towards a safe environment.
Here are some conclusions and steps a regular user can do to avoid cyber-dangers while shopping online:
- Shop only on trusted sites
- Update your computer OS and Antivirus
- Use strong passwords, change them from time to time, don’t save them on pcs and websites and vary them from site to site
- Don’t open suspicious e-mails (i.e. promising you an award), sites, pop-ups, payment pages
What an online shop owner can do to avoid data breaches?
- Invest in your employees’ education: everyone should be aware and responsible
- Keep your e-commerce site, devices and systems updated
- Take additional security steps during holiday shopping seasons, when cyber-criminals become especially active!
- Secure your site with HTTPS
- Back up your data
- Keep investing in cyber-security to protect your company’s and consumers’ data at maximum. Buying cybersecurity software is not enough. Remember that today any site can be breached, any data can be stolen. So think about making it unreadable and useless to cybercriminals!