By Sandeep Kamble, Founder & CTO, SecureLayer7
Over the past few months, as people were forced to be under complete lockdown, digital platforms came to the rescue. And e-commerce websites became the lifeline for survival. From shopping for essentials and groceries to buying clothes and accessories, medicines, Office and school supplies, e-learning tools to even some essential services, e-marketplaces became the ‘go-to’ destination. As per an Impact report released by Uni-commerce, India’s leading eCommerce focused SaaS platform, titled ‘E-commerce Trends Report 2020’, e-commerce has witnessed an order-volume growth of 17% as of June 2020, and about 65% growth in single-brand e-commerce platforms.
However, with this rise in the popularity, e-commerce web portals also experienced a rise in frauds and cyber-attacks. A single hacker group managed to break into nearly 570 e-commerce websites across 55 countries, including India in just three years and managed to steal over 1,84,000 credit card data, resulting in over USD 7 Million of payment frauds. Also, over 29% of all e-commerce website traffic comes with a malicious intent of cyber-attacks and reportedly, e-commerce frauds result in USD 660 thousand losses per hour!
Some of the most common frauds done by cyber-criminals compromise e-commerce sites include:
1. Payment/Account fraud or Identity theft: Fraudsters manage to gain access to credit card/ bank details and use it for making fraudulent purchases online. Sometimes, fraudsters also get access to personal credentials like email accounts, name, address, IP addresses, and personal devices to then create fake accounts, make fraudulent purchases, and manipulate traffic. This is one of the most common frauds associated with e-commerce websites.
2. Friendly Fraud: This may or may not actually involve a legitimate customer. However, it qualifies as a fraud as the customer/ fraudster pays for the purchase but claims to have never received the delivery. The merchant is then forced to offer a refund or a re-deliver the item, or face a chargeback. A chargeback is a payment the merchant is liable to make to a customer who has been a victim of fraudulent practices.
3. Shipping Fraud: This is closely associated with the identity theft/ account fraud where fraudsters gain access to the personal information of a customer and use it to track and re-direct the shipment to a different address. The customer ends up never receiving the product, although the merchant has shipped it.
4. Affiliate Fraud: Most merchants and e-commerce sites operate through affiliate marketing where partners earn a commission for sharing links and content. Fraudsters use malicious means to manipulate web traffic and amplify attention to the site, thereby posing as fake affiliate partners and take off with the commission.
5. Triangulation Fraud: This is where fraudsters set up fake storefronts/ e-commerce sites and put up products at very cheap prices, enticing customers. Once the customer has made a purchase from the fake storefront, the fraudsters use their credit card/ payment information to then makes a valid purchase from the authentic merchant. They may or may not ship the product to the customer, however, in both cases, the customer ends up paying twice, and also has his payment information leaked.
Ahead of the festive season, it is time e-commerce portals re-look at their cybersecurity and data protection infrastructure. Listed here are some of the precautions and steps e-commerce portals can take to protect oneself from these security threats:
Account Takeover Prevention Solution: E-commerce sites can now leverage Machine Learning tools to track and prevent most frauds related to identity and credential theft. ML helps identify a fraudulent pattern, howsoever subtle, and call it apart from the other genuine transactions/ consumer patterns, thereby ensuring the consumer and the merchant are safeguarded. Most fraudulent threats, including chargebacks, friendly fraud, credential and voucher abuse-related frauds can be identified and prevented through smart ML suits that can be customised for e-commerce merchants.
HTTPS and SSL Certification: As per a report, over 60% of e-commerce websites lack HTTPS secure browsers that help safeguard sensitive data, including credit card and other payment information. Switching from HTTP to HTTPS is the first and the most important step for creating a secure e-commerce website. Not only do they secure data, but also help boost the Google rating of the webpage. SSL certification, on the other hand, will not only ensure authentication but also enable encrypted connections, making it more secure.
PCI DSS Compliance: Adhering to the Payment Card Industry – Data Security Standard helps secure and guard against payment-related frauds/ credit card frauds and ensures safer, encrypted transactions. Further, the requirements for the certification enables e-commerce websites to engage in regular and consistent security checks and comply to set of rules around web hosting and enhanced security at payment processing level.
Deploying Web Application Firewall: Web Application Firewalls or WAF offer enhanced security to web applications by filtering and monitoring traffic to a from the HTTP website, over the internet. This offers enhanced security from threats like forgery, affiliate fraud, and threats like SQL injection and XSS related threats. They are also efficient in regulating traffic to the website and ensuring legitimate visitors to the platform.
Regular checks and Data Back-up: As a mundane as it may sound, doing regular security checks is vital to the health of any and every online website/ portal. Checking for vulnerabilities in advance can help one remain rectify the loopholes and remain prepared, in case of a breach. Data back-ups is another mandatory practice that can safeguard one for an expensive malware/ ransomware attack!
Training Employees and educating consumers: Lastly, educating consumers about safe online payment practices and ensuring they follow secure payment gateway solutions is vital not only to fight payment related frauds but to also build a long term trust among consumers, thereby building brand loyalty. Additionally, regular training sessions for employees around following set cybersecurity protocols and adhering to the strict codes of secure conduct when administrating and operating various aspects of the e-commerce website can ensure there is a vigilant and alert internal watchdog to sniff out challenges in advance.
While most of the above cybersecurity practices for e-commerce websites are currently available, not many web portals are applying them. This has resulted in the rise of cyber frauds and caused heavy monitory losses to both, the web portal and the customers. As we step into an increasingly active world of virtual transactions, it is increasingly vita for e-commerce companies to take up the matters of securing their online platform with the best tools and provide enhanced protection for customers.