SMEs, here are eight steps towards secure e-commerce transactions
By Britta Glade July 4, 2016
- All it takes is a single attack to destroy customer loyalty and put brand rep at stake
- Important for SMEs to place the right focus at the right time when dealing with cybersecurity
THE evolution of the Internet has transformed the way business is conducted today. E-commerce has created the means for businesses to bypass traditional limitations such as domestic markets, ballooning rental costs and human resource shortages faced in the real world, while offering what end-users expect: Convenience.
An online business environment that can satisfy the surging demand for the ability to purchase anything, anytime and anywhere on smart devices has created a more level playing field for small and medium-sized enterprises (SMEs) to exist alongside larger corporations in the virtual realm, thereby contributing to the exponential growth of SMEs in e-commerce.
Additionally, the shift in the global economic balance towards the East, combined with the increased disposable income (PDF) and standards of living across Asia, has set the region on course to be the largest and the fastest growing regional e-commerce market in the world.
In fact, analysts predict that the region’s e-commerce market will nearly double from US$733 billion in 2015 to US$1.4 trillion in 2020 in total online retail revenues.
Evidently, the opportunities for SMEs are bountiful, but they come with new challenges as well.
The known and unknown cost of cyberattacks
In the digital space, cybercrimes have become rampant, regionally and globally, which can be daunting for SMEs embarking on e-commerce ventures.
A prime example: In 2015, Japanese online shopping mall operator Rakuten fell victim to a massive hacking that exposed the identification and passwords of about five million customers.
Repairing these cyber-breaches is no easy feat and it takes a significant toll on business. The total cost of attacks globally was estimated to be at least US$315 billion in 2015, out of which these cybercrimes are estimated to have cost Asia Pacific businesses US$81 billion.
To put it into perspective, the region suffered more losses than the EU (US$62.3 billion) and North America (US$61 billion).
On top of financial losses, organisations also risk their reputation and loss of customer trust.
Yet, only just over half of all firms said they have a cybersecurity strategy in place.
Cybercriminals do not discriminate
Many SMEs have the misperception that they are unlikely to be attacked, and thus do not invest sufficiently in protecting and defending against cybercriminals.
However, it is a fact that greed does not discriminate. SMEs are exposed to many of the same threats that large businesses face.
On top of that, they make a more vulnerable target for hackers as their organisations are less prepared to deal with such threats and hence, are easier to infiltrate.
Unfortunately, SMEs enter a battlefield without the necessary expertise or sufficient resources, therefore amplifying losses that are difficult to recover from.
Online transactions involve the transfer of a lot of valuable and sensitive information over easily penetrable networks. As such, data security becomes a critical concern among end-users, especially with the spate of hacking and identity theft cases making headlines.
Besides, cyberattacks are becoming increasingly sophisticated and organisations are finding it more difficult to authenticate genuine identities of end-users, making their businesses more vulnerable to attacks.
Through fraudulent phishing attempts, cybercriminals are able to pose as reputable entities in order to obtain sensitive personal data.
One of the largest known bank robberies in history occurred in early 2016, when fraudsters used stolen credentials to make illegitimate cash transfers of more than US$80 million from Bangladesh’s central bank.
It’s not surprising that 31% of online shoppers (PDF) feel one of the barriers to e-commerce uptake was the security of online transactions.
There is no universal process in achieving effective security management. The concept of a security maturity model reflects that the journey to effective cybersecurity is unique to each organisation – contingent on a variety of factors, such as its resources, security objectives, and nature of business.
For SMEs in the e-commerce industry, limitations in resources and knowledge can hamper accurate analysis and diagnosis of their security needs.
It is crucial then, for such organisations to concoct a well-thought out security approach right from the start, layered strategically to scale and adapt as the business evolves.
Fraud prevention, data security and identity authentication
A three-pronged approach – fraud prevention, data security and identity authentication – can drive SMEs toward attaining e-commerce success, and ensure prolonged growth, success and sustenance in this competitive market.
To mitigate security threats and stay ahead of the competition, SMEs should take a step-by-step approach to protect against the threats of the virtual realm:
- Secure: Select an established payment gateway partner that ensures security of critical payment data, such as through tokenisation and encryption.
- Prevent: Next, prevent and block access to identified phishing sites and malware infection, drop and update points.
- Authenticate: Utilise risk-based, multifactor authentication to protect users accessing websites, online portals, mobile browsers and applications and identify suspicious user activity via device and behavioural profiling.
- Customise: Expose fraud threats using dynamic and real-time risk and rules-based detection approach. From login to transaction and beyond, the payment gateway partner should have the ability to deploy a wide array of configuration options and tailor fine granular identity and authentication controls.
- Recover: Perform extensive forensic analysis to equip organization with additional intelligence insights including compromised personal information and credentials, email drop accounts, and specific IP (Internet Protocol) information showing where an attack was launched.
With the security basics in place, the next step is to take a deeper dive into the cyberdefence strategy.
E-commerce SMEs need to work closely together with their security partners to expand and solidify the overall security capabilities.
Ultimately, SMEs should have the broader aim to integrate, expand and build on their own native security capabilities as the business grows.
- Analyse: Look beyond transaction data to detect and mitigate fraud. Leverage real-time monitoring analytics and risk analysts’ expertise to gain deeper insights and intelligence to the threat landscape – the rich data input and machine learning methods enable real-time risk evaluations.
- Detect: Leverage behavioural analytics to identify fraud across both Web and mobile transactions.
- Pre-empt: Proactively identify fast emerging fraud threats based on calculated risks.
All it takes is a single attack, such as one that compromises a customer’s sensitive financial information, to destroy customer loyalty and put the brand reputation at stake. A security breach or fraudulent attack can put a small business at great legal, financial and reputational liabilities.
With the limitations in resources that SMEs face, it is important for them to place the right focus at the right time when dealing with cybersecurity.
A customised cybersecurity strategy with optimised technologies and solutions can enable SMEs to receive maximum protection without busting the budget.
Hence, small business should act today – not tomorrow – to enhance the security of their e-commerce businesses as well as preserve the customer experience to heighten customer trust in their brand.
As content director, Britta Glade is responsible for content curation for the RSA Conferences globally.
Amazon’s US$600mil push into Indonesia will change the e-commerce landscape
E-commerce fuels payment gateway boom, and vice versa
The war against cybercrime now rages at the app layer: F5
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.