While online shopping has become more popular worldwide, eCommerce businesses need to keep pace with their competition and the emerging trends that are appealing to the customers. The shift from in-store buying, the convenience of new payment methods, the new customers’ expectations and the possibilities to make real-time transactions globally have fueled this change in preferences. Thus, we are currently witnessing many opportunities emerging for this “borderless” eCommerce space. However, there is a price to all of these. The growth in online traffic made way for cybercriminals to perform their malicious activities. Hence, the increase in the level of cyber attacks.
In this article you will discover the most poignant security threats and challenges in the eCommerce sector, as well as some alarming facts and figures. We will point out the effect that these threats have on the ascending eCommerce trends. This blog will be soon followed by a compilation of best practices from two of Zitec’s partners, Vtex and Magento Adobe, that already have security features embedded.
The good and the bad
Business owners must keep abreast of industry trends in order to stay competitive and convert more customers. But, the advances in technology and new trends in eCommerce did not hinder cyber threats from happening. On the contrary.
Starting with the pandemic, many offline businesses were forced to open online stores to keep their commerce going. Some were unfamiliar with the digital environment, which created loopholes for malicious users to explore. Bank account details, email addresses, contact numbers are just a few of the aspects that hackers target. Successfully - some may add.
Data doesn’t lie - cybercrime at its peak
Target-based cyber attacks cause enterprises lots of operational disturbances, data breaches and leaks on critical web infrastructure. A Eurobarometer survey shows that in 2021, 28% of European SMEs experienced at least one type of cybercrime. Concerns circled around risks such as online bank accounts hacking (32%) and phishing, account takeover or impersonation attacks (31%), and viruses and spyware or malware (29%). The success of scammers goes beyond imagination. Since 2016, organizations have lost almost EUR 22.7 billion. Security Metrics reveals some upsetting facts:
- 88.89% of the Shopping Cart Inspect reviews identified malicious or suspicious issues on ecommerce sites;
- 18.42% malicious acts issues;
- 61.19% suspicious occurrences;
- 20.39% concerning problems.
Data show that at least 1,243 security incidents were publicly disclosed in 2021. The UK Information Commissioner’s Office (ICO) suggests that retail accounted for 20% of all cyber attacks during 2021. In comparison, 12% were seen in finance, 11% in education and 9.3% in healthcare. To create better awareness on what happens in the industry, we will explain some eCommerce trends and their correspondent challenges.
Trend 1: Omnichannel requires seamless CX
Today’s customer wants it all: a seamless omnichannel experience, flexibility to browse through different mediums, smooth payment and check-out processes. They also want to receive targeted marketing messages, personalized offers and fast responses. So buyers demand friction-free digital shopping journeys. This is why retailers must leverage new technology to keep the customer satisfied and boost their loyalty and trust, as well as to keep their data safe.
- Hacking: A hacker or a hacking group uses this form of intrusion to gain unauthorized access to your store’s back-end infrastructure. Once obtained, they can further damage your online store, steal sensitive data, or make your business unavailable for visitors.
- Credential stuffing attacks: Any credential that is exposed in prior breaches can be used for attacks on new sites. The reliance on eCommerce and on online accounts only opened more opportunities for cybercriminals to use leaked credentials to harm businesses.
Trend 2: On-site personalization via AI and ML
Personalized shopping experiences - a concept that keeps customers engaged. To offer this, eCommerce companies use AI (artificial intelligence) and ML (machine learning). These automated functions collect data regarding user’s preferences on the how, when and what they buy. This data allows merchants to offer custom product recommendations and individualized on-site guidance. Thus, they target particular audiences and raise their chances to obtain more revenue.
- Denial of Service (DoS): Hackers take down websites by flooding the network with an abnormal volume of traffic or requests. So, the service will be unavailable and the system will not provide usual services. In case buyers want to order or check their purchase status, they cannot use the eCommerce site legitimately. One of the hackers’ reasons for this is to extort money from the website’s owner.
Trend 3: Having a 101 with non-humans
In the current retail space, speedly and frictionless buying is a must. Chatbots are now growing in popularity for two main reasons. Firstly, they offer online users a similar experience to in-store shopping. Secondly, customers expect fast answers to any query they may have. Since FAQ pages or help forums do not always offer real-time services, here, chatbots come effectively into play. Similarly, another important aspect worth touching upon is the idea of conversational commerce. This refers to any eCommerce purchase conducted via various means of conversation. To complete the order, customers use technology such as: speech recognition, speaker recognition, natural language processing or artificial intelligence.
- Social engineering: Malicious actors use social skills and tactics to manipulate users. Their objective is to influence the victim to disclose cardholder data, offer access to networks, open insecure links or messages, or reveal passwords.
- Card testing and botnet attacks: When bad actors obtain the victim’s payment information, they make small purchases to test which card gets approved. Then, they attempt to either make larger purchases with the approved cards or resell the information on the dark web. Yet, testing cards manually is time consuming. Therefore, cybercriminals use botnets to run numerous low-value transactions.
Trend 4: Traditional payment methods are losing the race
To avoid the risk of potential sales cancellation and checkout abandonment, having various payment methods and multi-channels is something to seriously consider. If, initially, credit and debit cards were used massively, tools like PayPal made their appearance soon after. Later, digital wallets like Venmo had a boom in usage. Consumers prefer these wallets because they allow payments via the app or QR code. With Buy Now, Pay Later (BNPL) and similar offerings like Pay in Four, users can pay large purchases in installments. Alternative financing and other means of cash injection (e.g. revenue-based financing (RBF) and inventory financing) are preferred to taking out loans. Lastly, online stores have started to accept cryptocurrencies as well.
- Phishing scams: Sometimes cybercriminals pose as a legitimate company or individual to trick people into willingly providing sensitive information. Often they intend to manipulate victims via emails or messages to disclose social security numbers, credit card details, bank account info, and more. Thus, attackers bypass the ID verification checks and get access to your financial resources.
- BNPL: BNPL fraud can take many forms. For instance, a hacker can either take over existing and legit BNPL accounts or use the stolen credentials to sign up for a new account with a BNPL provider. If the card payments are not correctly identified in the fraud screening process, an attacker can order various goods, request a drop address shipment, but not have the intent to actually pay. In addition, fake merchants can get involved in false chargeback requests. The problem is that the BNPL companies absorb the damage.
Trend 5: Mobile shopping is gaining momentum
This type of shopping permits lots of flexibility, as people can buy items from anywhere in the world. Paying digitally on mobile devices is a plus for customer’s convenience.
- Malware infection: Hackers use malware to target and infect mobile apps and the devices that host them. When this happens, your personal data that is stored on the device or can be obtained from the eCommerce account or site (e.g. financial and personal information, credit card data, addresses or birth dates) can be easily accessed. Not having a strong antivirus installed on the devices or an antimalware at all endpoints, as well as not having sufficient authentication measures can lead to this.
- E-skimming or digital skimming: Cybercriminals exploit any opportunity if your site presents any vulnerability, no matter how small. They can insert a skimming code in your eCommerce site; more precisely, into the pages processing the payment cards. What happens is that they compromise the customer's financial security because they steal the card data while the user is paying. They can also infect the checkout pages with special malware in real time.
Trend 6: Ordering flexibility
When it comes to ordering online, providing options like split orders, pre-orders, in-store pickup or click to bricks is a must in the retail world. Offering notifications regarding shipping dates and estimates, the order status, or the unavailable stock is a smart strategy to keep your customers loyal.
- Data breaches: When customer data is stolen, the attacker gains access to your store’s database. Another situation of data breaches involves employees who accidentally share sensitive information. In this case, the information gets publicly accessible to everyone. Either way, stolen or leaked data can lead to reputational or financial damage.
- Friendly fraud or first-party misuse: Customers may try to get their money back after receiving the ordered product or service. Hence, they engage in fraudulent activities, trying to extort the vendor of both the product and the money. They actually request a chargeback from their bank directly, without contacting the merchant.
- Refund fraud: Similar to friendly fraud, refund fraud occurs after the transaction. Usually, those who attempt this kind of fraud ask for refunds from merchants’ customer service agents. They often do not return the received goods or, if they do send back any product, it is actually a different item than the one originally purchased.
You have seen so far how important it is for eCommerce businesses to be aware of security incidents and the damage they can cause. It is equally important to implement cybersecurity measures and have in place strong defensive plans. As the tech enablements are emerging, so do cyber attackers keep pace with these advancements. But, to prevent them from breaching networks and stealing data, we will compile a list of best practices and solutions that two of our partners - Vtex and Magento Adobe - employ to outsmart hackers. Stay tuned!