The unfortunate truth is that where there are people, money and the opportunity to take advantage of both, there will be criminals. The Internet is no exception. The advent of ecommerce, while offering consumers immediacy and convenience in their purchasing decisions has also exposed them to new risks.

Identity theft, phishing and various manifestations of fraud and financial pilfering are commonplace and as systems get more sophisticated, so do the criminals who are hacking into them. The recession doesn’t help – generally sane and skeptical people are more likely to believe they have won Green Cards, the European Lottery or that a long lost relative in Russia has left them a fortune when they are struggling to pay their mortgage and keep their kids in school. Over time, this has the unfortunate effect of making customers – particularly the older (wealthier) ones – more hesitant to part with the necessary details. Just yesterday, a woman I am dealing with regarding the accreditation exam said that online payment made her nervous and could I arrange for her to make an EFT.

This incident got me thinking a whole lot more around this issue, its potential effect on online businesses and possible ways around it. I came to the conclusion that while consumers have a responsibility to educate themselves about scams, liability ultimately lies with the business that is being targeted and it should be their responsibility to protect their customers. Here are a few of the ways that your business can do that.

1. Consider vulnerable spots in the software you use

Hackers are erudite criminals. They aren’t the garden variety snatch-your-handbag-and-run-away types. Regardless of whether you consider your shopping cart and payment systems to be generally secure, there’s guaranteed to be a sneaky hacker out there who with a little lassitude on your part ,will have a field day. Make sure you have carefully investigated your system from every angle. If necessary, consult a geek who understands the technicalities better than you do. With new ways to defraud people online evolving every week, this needs to be an ongoing process rather than a once off event.

2. Educate yourself and your staff

To a large extent, your ability to provide a secure experience for customers buying things from you online depends on how well educated you are about fraud and security and how much investment you have made into educating your staff. Everyone in your company should be aware of the risks and the operational procedure that you have in place to mitigate them. Like your software analysis, this also needs to be an ongoing process. And you need to go through the motion of updating your policy as often as is necessary to keep a step ahead of crafty hackers.

3. Remember – there is more than one way to skin a cat

Fraud is not limited to hacking into ecommerce websites and stealing money from your customers. There are as many types of fraud as there are stars in the sky. Ok, that’s probably a moderate exaggeration, but you get my drift. It’s important that you focus not only on the more common mechanisms that fraudsters use, but keep abreast of other possible channels that they might see as opportunities. Don’t believe me? Check out the terms typo squatting, botnets and fast flux. Still not convinced? Consider the danger of social networking sites and the wealth of personal information shared there. As a user, what reason do you have to doubt the fact that the person you are chatting to and sharing links with isn’t actually your high school boyfriend, but a hacker intent on gathering your details and spreading virus mayhem throughout your system? No, I am not a paranoid conspiracy theorist – it could happen.

4. Implement basic tracking and protection measures on your website

Different countries and organisations have different standards and protocols to protect individuals from online fraud. It is best when considering online security that you comply with the regulations that best apply to your business. In the absence of this, or as a starting point, your ecommerce site should make use of cookies and the automatic logging of IP addresses. While cookies will (at least to some degree) ensure that there is a communication and verification system between your ecommerce site and the customer purchasing from it, IP address logging will serve a variety of purposes. These include the ability to exclude IP addresses that you have previously flagged as threatening, the ability to include IP traps into your site structure to catch hackers before they do any damage and the ability to trace and report fraudulent credit card use.

5. Keep your customers well informed

Educating and reassuring your customers about the measures you have taken to combat their risk is a highly effective way to mitigate the damage caused by online hackers and fraudsters. While it is necessary for you to collect the private details of your customers, ensuring that their details are stored safely and informing them of that fact will go a long way to securing their trust. Ensure that they can access your privacy policy and that they have a way to verify that your payment page is not a duplicate page designed to trick them, but is actually a secure payment gateway that they can trust. If you make changes to your system, keep customers updated and carefully outline how your improved security measures will benefit them.
 
Also check out:  

• Important e-Commerce Elements
• Friday Fact Box - Online Retail
• Site of Note: Covet.com