Retailers have recently become a favorite target for hackers around the globe. This is because of the troves of customer data they process every day and the low barrier to entry required for anyone to open an online shop.
While the media only focuses on big companies like Target and Home Depot, smaller retailers attract a lot of cybercrime too.
Many entrepreneurs make the mistake of thinking that the small size of their business insulates them from snooping hackers. But as recent history has proved, small doesn’t necessarily mean safe.
Most online retailers simply don’t have billions of dollars waiting for them when they need to clean up after a major cyber attack. One major data breach could send them out of business. As such, you must be vigilant in keeping yourself up to date with the retail cybersecurity landscape, by learning of new threats as they come up, and knowing how you can defend yourself from them.
Top five emerging cybersecurity threats affecting online retailers
Although there are many ways to breach online systems, not all of them are favored by hackers targeting online retailers. In fact, some of the hacks below are unique in that they are almost always used against retailers.
Below are five of the most common threats against online retailing.
1. Return and refund fraud
You must have a return policy at your online shop. At least most reputable retailers do.
While this policy is meant to safeguard your enterprise from dishonest customers and scammers, hackers have somehow always managed to find loopholes that allow them to make a profit at your expense. There are three main ways that return and refund fraud happens;
- The use of fake receipts to get refunds on products that were never purchased in the first place
- Customers collect their goods upon delivery then file a complaint claiming that their order was never shipped
- Hackers can order good using stolen credit cards then request a refund that should be processed through another credit card
Insulating your business from refund fraud is not always a black and white affair since hackers keep inventing new ways to make fake receipts look very legit. However, keeping yourself updated with the return fraud landscape can protect your business from falling victim to refund and return fraudsters.
2. Supply chain attacks
As a small or medium-sized online retailer, managing your cybersecurity is fairly easy and requires little effort.
However, your peers and the companies that facilitate your operations might not be as secure as you are. This includes your suppliers, your shipping company or online SaaS products integrated with your business.
Supply chain attacks take place when hackers manage to breach the security of your third-party connections. They don’t have to access your systems directly for them to do the damage. Since the businesses you do business will have some data about you, accessing it can compromise your security. Also, your business partners or businesses that have direct access to your core software, for instance through app integration, can be used to gain access to your system. Recent studies have shown that as many as a third of all retail cybersecurity breaches originate from third-party vulnerabilities.
Due to the interconnectivity of the web, one wrong third-party integration with another company’s software can put your online store’s cybersecurity at risk. Be vigilant about choosing app integrations and avoid connections with businesses with poor cybersecurity practices to stay safe.
3. IOT vulnerabilities
IOT devices are changing people’s lives all around the world. And their adoption has skyrocketed in almost all areas of human life.
In retail, IOT devices are being used at every step of the supply chain. These internet-enabled devices are helping online retailers track their supplies from the time they leave their supplier’s warehouse to the time they reach theirs. Also, they are being used to monitor warehouses and sort and restock supplies.
Internet-enabled IOT devices are quickly making stores smarter by autonomously doing tasks that would take humans many days to finish. However, the rapid demand for these devices has made it impossible for manufacturers to keep up with their security. This makes them an easy target for hackers.
While IOT breaches may sound harmless to small retailers, they can have damaging consequences that eventually force you to close your doors to customers. For instance, a single IOT attack could potentially reroute all your supplies to a different site, making you incur massive losses in the process. All the hackers have to do is to find a way to get the supplies delivered to them and you lose it all.
Given that the internet of this is an emerging technology, small businesses have to tighten their cybersecurity since they are the ones who risk business failure in the aftermath of a major IOT attack. At the very least, you should always keep your hardware and software updated with the lasted security patches to remove the bugs that the hackers might use to penetrate your system.
4. Ransomware attacks
Ransomware is a hacker’s best friend. Not only does it provide quick monetary rewards but also ensures the hacker’s identity remains anonymous as long it is well executed.
In a recent cybersecurity survey, 69 percent of executives said that their companies had faced a ransom attack in the previous year.
This proliferation of ransomware attacks has hit online retailers the hardest. Since they store lots of customer data, it only makes sense that hackers would find them very attractive for their attacks. Most ransomware attacks on retailers encrypt all business data and lock it with a unique key. The data remains unusable until the business pays the ransom in exchange for the key that unlocks the data.
Other strains of ransomware may hit you with massive distributed denial of service (DDoS) attacks that render your website unusable until you pay a ransom for the attacks to stop.
Given that online retailers rely heavily on the usability of their websites and continued access to customer data to remain in business, a well-coordinated ransomware attack could kill your business if you refuse to pay the ransomware and your data is lost. The best way to avoid being hit by ransomware is to practice good internet hygiene to make it harder for hackers to infect you with malware through methods such as phishing emails.
Also, having multiple backups of your data can save you from data loss if your servers ever get compromised.
5. Retail account takeover (ATO) fraud
Account takeovers are a form of identity theft where cybercriminals gain access to the accounts of registered users and take their control. Using these legitimate accounts, they can then make purchases without the real owners of the accounts realizing it.
Account takeovers affect many online businesses including email providers and banks, but it is online retailers who suffer the most.
When the hackers make an order using a stolen account, they then change the shipping location so that the order can be delivered right into their hands. Since the orders are made by registered accounts that have already made successful purchases in the past, the hacker’s activity is often written off as normal customer activity and this allows the crime to go on undetected for a long time. Unless the real customer discovers the receipts in their email from orders that they did not make, they too may never know that they have been hacked.
In many cases, online retailers have been forced to refund the lost money to customers without recovering the stolen goods. And while the costs may not make a dent on your finances, it is the reputation damage that causes the most harm. News of an ATO breach often kills customer trust and it could be a while before customers can trust you again.
The best way to prevent account takeover fraud is to require varying degrees of authentication before making purchases to make it harder for hackers to make purchases using compromised accounts.
A secure foundation = a secure store
It is almost impossible to make yourself completely safe from cybercrime. However, you can do your best to make it harder for hackers to penetrate your security.
As a rule of thumb, cybersecurity should be built into your store from the ground up instead of being treated as an afterthought. Don’t wait until your online retail shop is up and running before you think of its security. Should start by first hosting your business on a secure e-commerce platform, then focus on making other areas of your shop more secure even before the customers start pouring in.
