By Phil D’Angio, business development director at VeriSign, EMEA
The global economic crisis has seen e-criminal activity increase dramatically in 2009. Bricks-and-mortar retailers are struggling in the current climate, with large chains closing stores to reduce operating costs.
More and more businesses are moving to low-overhead e-commerce channels. Today’s sophisticated cyber criminals are well aware of this increase in web traffic and are acting accordingly.
Identity thieves prey on the inability of consumers to recognize threats when they see them. Combined with the increase in sophistication of attacks, many consumers are being duped to hand over their personal information.
For example, with credit-conscious consumers looking to bag a bargain, phishing attacks have adapted, luring bargain-hungry consumers into clicking through to websites which appear to offer great discounts and offers.
The most sophisticated websites are sometimes imperceptibly different to a genuine site but have been set up to steal consumers’ log-in details, passwords and credit card information resulting in hefty financial loss. The Identity Fraud Steering Committee (IFSC) estimates that the cost of identity fraud to the UK economy is £1.2 billion or around £25 for every adult in Britain.
In addition, businesses suffer losses due to customer attrition, as many consumers vote with their feet and vow not to visit sites which they fear could leave them susceptible to fraud.
Buyer confidence is also at an all-time low. Consumers are increasingly protective of their personal details and are actively seeking out websites they can trust with their hard-earned cash. If they have any concerns about what will happen to their card details while on a site, or if someone could possibly access their account, they will cancel the transaction and take their business elsewhere. In a new survey by YouGov, 90 percent of respondents said they would stop making purchases online if they felt their credit card details or personal information was at risk.
To combat these issues online businesses must protect their sites with effective technologies and processes. But those safeguards will only work if consumers feel that the additional measures are necessary and easy to use. Unfortunately, the truth is that consumers don’t want to spend lots of time learning about online security measures.
They want to be able to trust their online service providers to protect them while they are interacting or buying on the web. This makes it even more challenging for online businesses trying to protect their sites and their customers.
So what can online business do mitigate the risks of online fraud, protecting their business, brand and encouraging trust among potential buyers? Banks, e-tailers and auction sites should use a protective system such as Secure Sockets Layer (SSL).
The SSL encryption protocol is considered to be a standard for information security on the internet and ensures that, during a transaction, sensitive data is encrypted so that only the authorised recipient of the information can read it. This is done through a system of public and private keys which encrypts the connection established between the user and the certified domain.
However superior levels of SSL certification exist today, such as Extended Validation (EV) SSL that offer more than just encryption guarantees to your customer. To get an EV SSL certificate, organisations must be verified by a Certification Authority, which checks that the business legally exists and that it has the right to use its domain name.
The Certificate Authority also checks that the person named by the organisation in its certificate request is currently employed by the company and has the appropriate authority to obtain and delegate EV SSL certificate responsibilities.
Finally, the CA contacts that person directly to complete the process. A lesser SSL certificate, or one issued by a supplier that does not comply with such rigorous validation procedures, may provide encryption but doesn’t actually authenticate the company behind a website.
Another reason to invest in EV SSL is the level of trust that it instils in customers. A site with an EV SSL certificate is clearly visible in the latest versions of major browsers, because it turns the address bar green when the site is legitimate and has taken measures to protect transactions.
If the site is not trusted, the address bar may turn red, giving the user a clearly visible and recognizable warning that the site is either not legitimate or is using security tools that are not trusted.
Consumers today react well to visual cues, and often look for a green address bar to know their details are in safe hands. Other clues customers look for include a padlock icon or sign such as the VeriSign Secured Seal or Internet Shopping Is Safe (ISIS) trust mark
Investing in one or more of these symbols make it obvious that your website is secure and that you are doing everything possible to protect customers’ personal details and online identity.
As well as EV SSL, online businesses should look to adopt second factor authentication, also known as 2FA or strong authentication. This combines what the customer knows ¬– user name and password – with what they have, such as a one-time password (OTP) generated by a convenient device.
A user can’t successfully sign on without both. It’s a combination that makes it very difficult for e-criminals to gain unauthorised access to accounts and information, because the thieves must possess not only the username and password combination, but the consumer’s physical credential as well.
Retailers can choose credit-card size credentials, tokens, even applications for mobile phones to provide the most convenient, cost-effective option for their consumers. Consumers are very welcoming of this kind of authentication – in fact, research from YouGov found that 61 percent of respondents would be willing to consider new applications to protect their identity, even if it meant extra effort on their part.
When it comes to e-commerce, the right balance of encryption and trust is essential. With the right security protection and policies in place, online businesses may have one less reason to worry in 2009. And now more than ever, establishing a trusted destination for online commerce is just good business – a big competitive advantage at a time when everyone could use a little more of that.
5 top tips from VeriSign on protecting your site and increasing consumer trust:
1. Put customers and convenience first.
Businesses too often enhance their security systems without first taking into account the potential impact those changes will make on the customer experience. That’s a big mistake, as hard-to-use sites or complicated security layers will cut down on the popularity of cost-efficient online services.
2. Invest in a symbol of trust to show users that your website is secure.
Consumers react well to visual cues – marks such as a green address bar and padlock icon guarantee that a website is safe. Online shoppers should never buy anything without first checking that these icons are present.
3. Look beyond the password. Simple login names and passwords are no longer enough to protect businesses and their customers.
Enhanced validation (EV SSL) and strong authentication technologies, including tokens which display a one-time password generated for every transaction or which send a password to your mobile phone via SMS, offer businesses a user-friendly way to make it difficult for fraudsters to seize sensitive information.
4. Know when customers are at risk.
Companies should develop detailed profiles of each customer’s typical online behaviour, such as transaction amounts, time spent online, and frequency of funds transfers. Using advanced fraud detection technologies and services, they can monitor customers’ activities against those profiles and be alerted immediately when potential fraudulent behavior occurs.
5. Stay one step ahead.
Any business looking to secure its online operations must be prepared to be bold and stay one step ahead of the fraudsters. Adopting EV SSL Certificates or strong authentication help, but these must be part of a multi-layered approach to online security that everyone with a vested interest must be aware of and prepared to act upon.
Check out 12ahead, our brand new platform
covering the latest in cutting-edge digital marketing and creative technology from around the globe.
12ahead identifies emerging trends and helps
you to understand how they can apply to modern-day companies.
We believe 12ahead can put you and your
business 12 months ahead of the competition. Sign up for a free trial today.