Data Security & Fraud Prevention

March 7, 2017 | 5 min read

data security

9 Data Security & Fraud Prevention Essentials for eCommerce Merchants

A single data security incident may result in a massive loss of revenue, as well as punitive non-compliance fees, but the worst part is the lasting reputational damage that can haunt the merchant for years. In fact, one consumer survey suggested that nearly 50% of loyal customers would either shop less frequently or stop conducting business with a retailer altogether after a security breach.

Merchants’ best hope of avoiding this potentially irreparable damage is to utilize tools and processes specifically designed to decrease risk exposure for eCommerce stores.

Data Security & Fraud Prevention

Use Secure Sockets Layer

Utilizing Secure Sockets Layer (SSL) to encrypt data is an essential step in operating an eCommerce site. Without that basic measure of security, any transmitted data—including cardholder information—can be easily intercepted and stolen by fraudsters.

Data Security & Fraud Prevention

Be PCI-DSS Compliant

Maintaining PCI-DSS compliance is essential. Not only is a safe infrastructure for data security a requirement for online businesses, it also enhances customer confidence and helps prevent security breaches.

The Payment Card Industry Data Security Standard is comprised of varying security standards in a tiered structure based on the number of transactions processed, and violation of PCI standards will mean hefty fines. Through regular auditing, businesses can ensure compliance and high data security standards.

Data Security & Fraud Prevention

Implement a System for Purging Data

The less data being stored, the less information that’s available to hackers—and less liability after a breach.

Merchants should limit data collection to only essential information, and retention should be kept to an absolute minimum in accordance with card network regulations and chargeback time limits. Also, make sure what little information is stored is well secured and sensitive data is encrypted.

Data Security & Fraud Prevention

Patch Systems Immediately

Third-party plugins are a favorite target for fraud attacks, as merchants often neglect or simply forget to install patches when new versions of code are released. Merchants should remember to check for updates regularly and install patches as soon as new versions are made available. Tools like Wordfence can help.

Not only will this prevent hackers from discovering and exploiting vulnerabilities in the merchant’s IT infrastructure, it will also keep the business up-to-date with defenses against developing threats.

Data Security & Fraud Prevention

Hold High Standards for User Credentials

Account takeover fraud is on the rise, and weak login credentials turn unsuspecting consumers into victims.

Merchants can help minimize their own exposure, as well as keep customers safe, by requesting hard-to-hack passwords. Experts suggests a combination of numbers, upper and lower case letters, and special characters. Also, with the kind of botnet technology criminals commonly employ, anything less than eight characters is too short to be secure.

Data Security & Fraud Prevention

Monitor Site Activity

It’s important to have a real-time analytics tool—not just for marketing and sales purposes, but for security as well.

Analytics allow merchants to monitor how visitors navigate and interact with the site, thereby detecting suspicious activity in real time.

Likewise, hosting services should monitor for viruses and malware, as well as any other signs of potentially malicious software. It’s wise to look for a web host who offers this service as a daily practice.

Data Security & Fraud Prevention

Use a Secure Platform

There are plenty of eCommerce platforms to choose from. Careful evaluation and research should be part of the selection process in order to find a platform that offers the best blend of usability and security.

Each platform is built based on different logics and methods, and each has a different way of addressing the need for eCommerce security.

A representative from VoIP Supply once said, "We've used plenty of different open source eCommerce platforms in the past and the one we're using now is by far the most secure. Our administration panel is inaccessible to attackers because it's only available on our internal network and completely removed from our public facing servers."

Data Security & Fraud Prevention

Train Employees Regarding Security Best Practices

In many cases, security vulnerabilities are introduced because of merchant error. A minor slip-up or mistake on the part of an untrained employee could cause major problems.

Accidents will happen, but most can be avoided by establishing comprehensive privacy and security policies and then training employees based on those policies. Service providers like KnowBe4 can help. Policies will need regular updates, as fraud is an evolving problem demanding a similarly adaptable solution.

Above all, train employees on how to handle and exchange customer data. No standard communication method such as email, text, or social media messenger, is secure against interception—thus, none should be trusted with sensitive information.

Data Security & Fraud Prevention

Layer Complimentary Security Tools

Unfortunately, no single security tool could be considered all-inclusive for every threat available, nor entirely unbeatable by determined hackers. Every strategy and technology has inherent shortcomings and vulnerabilities.

Merchants should take advantage of a combination of the various tools at their disposal for detecting suspicious activity.

Just the Beginning of Fraud Protection

Chargebacks911® is happy to provide merchants with a generalized education about secure online transactions. We strive to discover and share information regarding emerging fraud trends and new data security regulations.

However, this article is intended to serve as a cursory glance into one of the greatest challenges facing both eCommerce and brick-and-mortar businesses.

If you are concerned about your own approach to data security and whether you’re making the most of your strategy, consider contacting Chargebacks911. Our representatives can help you implement data security and fraud prevention tools without increasing friction, answer questions about PCI DSS or SSL compliance, create customized business best practices, and more.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form