As the portion of shopping done online rises, so does the importance of e-commerce to retailers’ overall strategies. Unfortunately, the increased focus on e-commerce also extends to fraudsters looking to make illegitimate purchases – a trend accelerated by the EMV liability shift earlier this month. As more retailers have provided greater payment security in the store with the addition of EMV, fraudsters will be shifting their efforts to target e-commerce sites.
As a result of EMV according to Trustev, and referenced in our 2015 E-Commerce survey, online fraud is predicted to increase 106% over the next three years. Fraudsters also are looking to exploit ecommerce transactions to capture credit card numbers and other personal data. These changes in the retail landscape make it more important than ever to protect customer data and effectively monitor online transactions.
Online transactions create a unique set of security challenges. Since the transactions are “card not present,” there is no way to verify the card’s legitimacy by verifying the signature, checking the customer’s ID or matching the last four digits of the card. To protect themselves from fraudulent online transactions, retailers must implement a rules-based fraud detection tool, auditing suspect transactions and authorizing legitimate ones.
Protecting Online Customer and Payment Information
Today’s customer expects a certain level of convenience when shopping online including the ability to save their personal and payment information on sites they frequent.
Payment Card Information – Further, the amount of credit card data retailers must save to offer this convenience makes it a target for hackers. Fortunately for retailers, tokenization technology works for both brick and mortar and e-commerce transactions. In fact, all of our clients currently implementing tokenization are implementing multi channel tokens. This not only secures their customer’s credit card data, but also provides the retailer with an omni-channel payment solution central to creating a consistent brand experience across channels.
PCI is not Enough
With the shifting retail paradigm, simply passing PCI is no longer enough to truly protect customer information. Retailers must build security into their technology roadmaps to ensure that the level of protection is commensurate with their omni-channel strategies. We suggest an annual security audit outside of PCI and other standards to ensure that security measures are not in place merely to pass audits but to truly protect the customers’ information retailers work so hard to gain and retain.
As always, I appreciate your opinions on this topic. Please share your comments below.