E-commerce is based on trust – the trust that exists on the part of the merchant that he will be given legitimate credit card information and the trust on the part of the consumer that such information will be securely processed and stored. However, according to a study performed by Lexis Nexis in September 2013, this ideal scenario does not always define reality.
According to this study, approximately 12.6 million adults were victim to identify theft in 2012, costing consumers $21 billion and countless hours straightening out their accounts. Half of those polled said they would avoid making a subsequent purchase from the same small online merchant after experiencing such a security breach – in sharp contrast to the only 8% who said they would stop frequenting a large retail chain or the 19% who would stop buying from large, well-known online venues.
The Christmas shopping season, therefore, while it can be the greatest boon of the year to small online merchants, is also a time fraught with risk. In addition to being easier to hack than large businesses, such breaches can be devastating enough to put some enterprises out of business. In addition to lost trust and sales, there may also be significant financial penalties in the form of chargeback fees. Merchants may even have their credit card accounts terminated.
However, small businesses do not have to be helpless victims in the face of credit card theft. And even if the holiday shopping season has already started, it’s not too late to make important changes. By knowing these 5 ways hackers can gain access to customer data, merchants can proactively take steps to protect their customers’ data and their business’ financial footing.
1. Network Weaknesses
Hackers access sensitive data is by entering target computers through weak points in the network. While there is no such thing as a completely secure network, firewalls provide significant levels of protection and are the first line of defense against intruders. Merchants should make sure the firewall they choose is well-respected and regularly updated.
Firewalls by themselves, however, are insufficient. Other potential weaknesses can come through lesser-known channels, such as an unprotected or unencrypted router, unattended network connections that are left idle during holidays, weekends, or vacations, and even printers that are left on, inviting hackers to enter through their web interfaces.
2. Weak passwords
When a hacker does access a computer, he or she is not finished. He then has to access the data, which often requires a password. While this should be an added layer of protection, default passwords, easy-to-guess combinations, or short and simple words are often employed, offering the hacker little more than an inconvenience. To be safe (and PCI-compliant), merchants should change their passwords regularly using hard-to-crack combinations of letters, numbers, and symbols.
3. Unencrypted information
Even if a hacker does access information, it is useless unless it is in a readable form. Using encryption is like putting information in code – only those that have the key can read it, even if they access it. Merchants should encrypt information at every stage of the process and never store unencrypted numbers on their servers.
4. Viruses and trojan horses
Another common hacking technique is to introduce a virus or a trojan horse into a computer or network device to record keystrokes or forward data that passes a certain point. To avoid this surreptitious harvesting, merchants should install and maintain a rigorous anti-virus software, scan their systems regularly, and learn to identify the signs of scam e-mails and virus infections.
5. Locally-stored card numbers
A fifth way hackers find credit card data is by selecting targets that are likely to have the card number stored on the local server. A dedicated server with its own internet connection can not only help reduce the risk of hackers, but also limits the number of people with physical access to the data as well. Small businesses should look for payment providers that store the customer’s credit card information securely on their own servers or on the cloud – never on the local server.