1. Industry
Send to a Friend via Email

Your suggestion is on its way!

An email with a link to:

http://ecommerce.about.com/od/eCommerce-Design-and-Dev/a/Ecommerce-Security.htm

was emailed to:

Thanks for sharing About.com with others!

You can opt-out at any time. Please refer to our privacy policy for contact information.

Discuss in my forum

Ecommerce Security

Why Is Ecommerce Security Such a Big Deal?

By

High ecommerce volumes are here to stay. The B2C ecommerce segment itself has become a multi-billion dollar industry. In fact on Cyber Monday 2011, the one-day shopping volume stood at $1.25 Billion.

In the B2C space, ecommerce is about shopping, in the B2B space, ecommerce is about conducting/facilitating business processes electronically. If even a small fraction of B2C or B2B transactions faced security threats, the effect could be detrimental to the very existence of ecommerce. Even today, we have pundits who forecast that the ecommerce's total reliance on its website perpetually keeps it on the edge of a precipice.

And if someone thinks that cyber security issues are blown up disproportionately, recollect the famous Google attack by Chinese hackers.

That is a pretty compelling argument for making the ecommerce environment highly secure.

Security Threats to Ecommerce Websites
Security threats arise either because of somebody's malicious actions, or because of incorrect technical setup. As a result, there cannot be an exhaustive listing of all ecommerce security issues. But here are the most common:
  • Malware
    Viruses, Trojans, and other forms of malware can infect ecommerce website servers. Such malware infects users of the website by executing unintended actions such as downloading software without permission.

  • Unauthorized Data Access
    Online discussion forums are flooded with criminals (what else could I call them?) offering databases of credit card information. They promise that these databases contain accurate and complete information. Isn't that scary?

    Using backdoors, cross site scripting (XSS), or other methods, hackers gain access to private information stored in the databases of ecommerce sites. Imagine the havoc that can be caused by someone who has such sensitive financial and identity information!

  • Denial of Service
    Denial of Service (DoS) or Distributed Denial of Service (DDoS) is a method used by hackers to send a large number of automated requests to an ecommerce website. To the website server, these requests seem to originate from genuine visitors. So the website server attempts to respond to the requests. But the sheer volume overwhelms the server.

    The high volume of artificial traffic has the same effect as high volume of genuine traffic would, i.e., the server slows down, or worse, completely blocks out genuine visitors.

    Most ecommerce businesses are cyclic. Imagine if hackers were to cause an ecommerce website to shut down on an important shopping day such as Cyber Monday! Even a few minutes of downtime could cause huge losses.

  • Phishing
    To the accomplished criminal (once again the only appropriate term I can come up with), it is easy to set up a website that looks exactly like your ecommerce website. Then it is only a matter of inviting a large number of users to this fake site. Some of them will fall for it and wrongly assume that they are on your ecommerce website while in reality they are on the criminal's site.

    If you assume that you are on a genuine site, you will be more likely to part with information such as credit card information, personal identification information, user names, passwords, and he like. Once such sensitive information reaches the wrong hands, there is no telling how it will be misused.

These are just some of the security hazards that ecommerce websites face all the time. As an ecommerce business, it is your job to ensure that your customers feel safe to shop online. Relevant legislation that understands digital crime and creates strong deterrents will also go a long way in reducing the incidence of cyber crime.

Conclusion
While there is no silver bullet, recognizing the menace is a good first step. Then using methods such as two factor authentication, or good old regular-backups, you could significantly increase the level of security of your ecommerce website.

©2014 About.com. All rights reserved.