Deep Dive: How Retailers Guard Against Cyberattacks

In the eCommerce world, few things destroy a customer’s trust in a merchant as fast as a security breach or cyberattack. Shoppers, even those previously loyal to a given merchant, typically head for the hills when shown retailers cannot prevent bad actors from stealing their digital identities.

One study reported that 36 percent of consumers would purchase less frequently from compromised merchants, and more than one-quarter claimed they would spend less money with a compromised retailer. What’s more, as many as 12 percent of “loyal” customers would completely stop purchasing from a retailer that exposed their personal information to cybercriminals.

PYMNTS explores the forces threatening consumer trust in this month’s Digital Identity Tracker™ Deep Dive, including how companies protect themselves while boosting customers’ confidence.

Cybersecurity Challenges

Credit card fraud has quickly become the most common fraud technique used with online merchants. Cybercriminals gain unauthorized access to consumers’ credit card information and use it to make purchases. Phishing scams — which attempt to trick consumers into handing over account or other digital identity data — are also on the rise.

That’s just the tip of the iceberg, though. Many merchants are targeted using Distributed Denial of Service (DDoS) attacks. These see a cybercriminal attempting to reach an online service by overwhelming it with web traffic, forcing the website to go offline to deal with the fallout.

The number of man-in-the-middle attacks has also been increasing as of late, with hackers developing more sophisticated cybercrime methods. They fool users into connecting with what appears to be a normal, public wireless network, but these connections allow bad actors to access digital identity data, browsing history, credit card numbers, passwords and usernames instead. These can then be used in credit card fraud or other attacks.

Bad actors are tapping bots to gain unauthorized access to payments and digital identity data, too, a particularly vexing problem for retailers and security providers. These firms often use bots for legitimate purposes, making attacks especially difficult to stop.

Still, other cyberattacks are committed with malware, or malicious software, typically used to access online retail store databases. Hackers can then make off with payment card details, personal information and other data stored inside.

Fighting Fraud

Bad actors are developing new methods to access digital identity data, but merchants and security solution providers are creating tools and resources to thwart them.

Many retailers are hosting their eCommerce sites with payment card industry (PCI)-compliant providers, for example. This ensures that the host has adopted risk analysis, monitoring, anti-malware and encryption tools to prevent cybercrime, and that it frequently updates security processes and protocols.

Others are adopting address verification systems (AVS), matching customers’ stored digital identity data from inside their credit or debit cards with that of the stored by the website. Transactions are usually flagged for further follow-up if the data doesn’t match.

Such fraud-fighting solutions can slow cyberattacks and digital theft, but they’re far from foolproof. They can’t guard against DDoS or similar cyberattacks, for example, leading many experts to recommend that online retailers turn to platforms built for large traffic disparities. This can make it less likely that a hacker could bring a website to its knees.

Experts also recommend that merchants and retailers take common identity protection steps, like requiring users to create longer and more difficult passwords. 

The Future Of Cybersecurity

Merchants and security providers are working to keep bad actors from using tried-and-true methods of deception and identity theft, but they’re often fighting a losing battle.

Cybercriminals are constantly developing more sophisticated ways of fooling consumers and companies into giving away digital identity data. It’s also impossible to know which attack methods bad actors will turn to next, making it difficult to anticipate industry changes or trends.

There is reason for hope, however. Emerging technologies like artificial intelligence (AI) and machine learning (ML) could serve as powerful weapons, thanks to their ability to almost instantly find suspicious patterns in massive troves of data. This allows retailers and banks to approve transactions and offer users convenient and secure online transaction experiences.

Whether it’s AI, ML or another new technology making its presence felt, merchants — particularly those doing business digitally — will be eager to adopt tools that can keep fraudsters at bay while maintaining their customers’ trust.