As electronic payments become more common worldwide, consumers, banks, card companies and governments grow increasingly concerned about privacy and payment security. For example, the U.S. began switching to EMV chip technology in 2015, a standard used worldwide to reduce fraud and identity theft from in-store payments. Unfortunately, EMV doesn’t currently protect online transactions. Retailers need to take extra measures to ensure their consumers’ payments are secure.
Why security is important
Keeping customer data safe goes a long way to building trust and keeping shoppers coming back. Unfortunately, as data breaches keep occurring, consumers are starting to doubt the security of online payments. According to a survey by Gemalto, a company specializing in secure technology, 64 percent of shoppers said they wouldn’t return to a business if a prior transaction compromised their bank accounts or other sensitive information. Fifty percent said they wouldn’t do business if non-sensitive data was stolen. The threat of lost business doesn’t stop there – 49 percent said they might pursue legal action against an organization that suffered a data breach.
One could question who is at fault in such instances – other than hackers, of course. The survey found 54 percent of Internet users have the same passwords across all of their accounts, increasing the chance for identity theft. Meanwhile, 75 percent admit to using one or more shopping applications or websites that don’t secure payments with two-factor authentication.
Despite these liabilities, consumers feel organizations aren’t doing enough to protect their information. Seventy-five percent of shoppers believe businesses do not place enough importance on payment security and 69 percent feel companies are the ones most responsible for keeping data safe. While there are small steps individuals can take to keep their information private, the fact is businesses are negatively affected by a lack of consumer trust. E-commerce retailers need to do all they can to establish confidence among their audience, and that means taking every measure necessary to secure payments.
Keeping data safe
So how should businesses approach consumer security? One method is to use a third-party payment processing company that is PCI compliant.
“Never store customer credit card info,” Richard Stiennon, a chief analyst for data-security consulting firm IT-Harvest, told Practical Ecommerce.
Most businesses, especially smaller ones, don’t have the technological awareness or budget to keep consumer data completely safe. Plus, keeping payment information on someone else’s server presents another barrier for hackers to go through. Separate companies are experienced in this endeavor and often only store what is absolutely essential.
In fact, online retailers should use this idea and only collect data related to necessary business operations. This includes marketing, but companies shouldn’t go overboard. Similarly, they shouldn’t keep information for an unnecessary amount of time. Marilyn Prosch, an associate professor at Arizona State University’s W.P. Carey School of Business, told Practical Ecommerce data that sits around without serving a purpose could potentially harm a business down the road.
Passwords and multiple security layers
Creating a password is ultimately up to shoppers, but having certain requirements points them in the right direction, CIO.com noted. Logins with a variety of characters are harder for criminals to break. Companies shouldn’t stop at complex passwords, however. Any sensitive information should always be encrypted in case it does fall into the wrong hands.
CIO.com also stressed the importance of having multiple methods of protection. Firewalls are essential to any business, as they safeguard networks overall. Practical Ecommerce suggested using SSL certificates on pages where customers supply their information, including login forms, checkout and customer surveys. This encrypts data as it is sent across networks. The certificate also lets consumers know your website is authentic, not a fraud created by an unauthorized party intent on stealing information. Visitors know a website has an SSL certificate if its URL begins with “https” as opposed to “http”. There will also be a padlock on the far left of the address bar.
Unfortunately, security breaches are common enough to concern shoppers and businesses of all sizes. Third-party payment processors keep consumer information off your servers, but companies should also take other measures to make their websites safe to use.
Brought to you by PacNet Services, your one-stop global payment processing solution.