Retail ecommerce grew to a healthy $409.208 billion in 2017, but that growth came at a price: 16.7 million reported victims of fraud in 2017 (6.64 percent of the US population). Unfortunately, this doesn’t come as much of a surprise. With both increased rates of ecommerce transactions and consumer data on the web, fraud is becoming easier and more accessible for criminals.
This is all the more reason for merchants to buckle down and get serious about payments data security. Merchants want customers to trust that their payments data is safe, otherwise these consumers may well take their business elsewhere. Investing in a secure payment processing solution is just the first step towards cultivating a reputation as a safe and trustworthy merchant. And as anyone who has experienced identity theft knows, getting your good name back is a tough uphill battle once it’s been compromised.
The Danger of Data Breaches
Data breaches are one of the top dangers for both customers and ecommerce merchants. These aren’t just limited to big businesses: approximately 90 percent of these data breaches will impact small merchants, according to a study by Trustwave.
And this comes at a big cost, especially for smaller merchants. PCI standards indicate that the average cost of a breach is $4 million for larger websites, and the average cost for a small business can be over $36,000 — a hefty sum to bear if you aren’t a large corporation. This doesn’t even take into account the non-monetary costs that might be involved to rectify the breach, like time spent and resource allocation.
This also doesn’t take into account the damage such a data breach can have on a small business’s reputation. The Ponemon Institute has a study that indicates that a data breach can have a grave effect on any organization: 57 percent of people said they lost trust in confidence after a data breach, 31 percent terminated their relationship, and 75 percent said it had an impact on the business’s reputation. This kind of loss is difficult to quantify, since it can vary by organization size. Still, these statistics make the danger of data breaches very clear.
Data Security Best Practices
Clearly, data breaches and identity fraud are things that merchants should strive to avoid for the sake of both for their businesses and their customers. Luckily, there are plenty of tips and suggestions for beefing up your business’s security practices floating around the internet. Here are just a few best practices and requirements for maximum payments data security.
- PCI DSS Compliance: This one is a must. Formed by the major credit card companies, the Payment Card Industry Data Security Standard is a set of policies and procedures that optimizes the security of payment via credit or debit card. These procedures are important because they have methods to protect credit card data, along with ever-evolving standards for encryption, anti-malware software implementation, monitoring and risk analysis. One of the best ways to ensure your ecommerce business is at the correct level of compliance is to find a payment service provider that has already obtained PCI DSS certification and who can assure you they are up to date with the latest security technologies.
- Hypertext Transfer Protocol with Secure Sockets Layers (SSL): You probably know this better as HTTPS. This is an extension of the Hypertext Transfer Protocol for secure communication over a computer network, and is already widely used on the Internet. It’s also mandatory for PCI compliance. This uses encryption to ensure all sensitive information, including payments data, is transferred securely by making the data unreadable to all except the destination server. Implementing HTTPS on webpages with sensitive data will ensure that your payments data security is top notch.
- Two factor authentication: By combining a password and username with a second means of identification (like a code sent to a phone or email), two factor authentication providers an extra layer of security against identity theft and fraud. Allowing customer the choice to opt into two factor authentication will help them feel secure on your site.
- Tokenization: This protects sensitive information by replacing the data with random tokens that are impossible to read if intercepted. This tokenized data can only be read by a third party, like a payment processor.
- DoS and DDoS Protection: You’ve probably heard of a denial of service type of attack, where a website is bombarded by requests that overwhelm the bandwidth and render a site unavailable and vulnerable. A firewall can protect against these kind of attacks. Ecommerce sites in particular can incorporate firewalls like proxy firewalls or application gateways.
Maintaining payments data security is paramount for any ecommerce business. Educating yourself, implementing best practices, and selecting a trustworthy payment services provider with robust security offerings are excellent ways to reduce risk. Using payment data security best practices is essential for protected customers and a successful business.