E-commerce transactions are a chief goal for cybercriminals. Along with targeting retail web sites, fraudulent purchases and pretend returns not only lead to direct financial losses but in addition create additional costs and burdens for each sellers and customers.
Latest data shows that 75% of consumers would readily drop a brand after any cybersecurity issue. Almost as many (66%) said they’d now not trust an organization that suffered an information breach affecting their data.
Maybe even more threatening to online merchants is that 44% of consumers attribute cyber incidents to an organization’s lack of security measures. Customer loyalty and retention are on the road, placing e-tailers in a double-jeopardy situation.
One cyber incident could significantly damage a retailer’s repute and price them customers. Subsequently, it’s more critical than ever for retailers to guard the entire shopping experience across e-commerce, mobile apps, and in-store.
So far as attacks go, cyber thieves have driven their activities to the status of a full-fledged business, based on Brent Johnson, CISO at digital payments and data security firm Bluefin. Black market activity is booming, with data acquired from cyberattacks feeding more attacks.
Hackers trade data from many web sites and sell it on the black market, making hundreds of thousands of dollars from this activity, which has evolved in the previous couple of years.
“We’re seeing very sophisticated attacks over a big selection of economic targets. Almost 30,000 web sites are attacked,” Johnson told the E-Commerce Times.
Cyberattacks are actually so widespread that the Payment Card Industry’s PCI Security Standards Council added more controls for e-commerce in its latest revision of the protection standards, he noted.
Consumer Recklessness A part of Worsening Problem
In response to the Help Net Security report, businesses have been hit with 800,000 cyberattacks. Over 60,000 were distributed denial-of-service (DDoS) attacks, and 4,000 were ransomware attacks.
These findings are augmented by the lack of expertise amongst internet buyers about the right way to avoid cyberattacks. In response to researchers, this lack of information encourages consumers to interact in reckless shopping behavior.
The report highlights two significant examples. Greater than half (55%) of respondents admitted to using their corporate devices for online shopping, which poses risks to business infrastructure. Nevertheless, fewer respondents (35%) think fake e-commerce platforms make it too difficult for cybercriminals to impersonate large e-commerce brands.
Payment Industry Standards Vary by Region
With a rising tide of cross-border e-commerce transactions flooding the web, payment card processes often lack uniform protection standards. These various standards contribute to potentially higher instances of fraud that may sweep away U.S. consumers in comparison with their European counterparts.
“I don’t want to say Europe is ahead of the U.S. in cybersecurity. I’d say they’re ahead in payments security so far as what they’re doing with chip-and-PIN technology and EMV [Europay, Mastercard, and Visa] standards, and all the pieces else,” Johnson clarified.
European merchants require proof of identity and account ownership at the purpose of purchase, making their process safer. The more formidable card payment standards make it harder for thieves to make fraudulent purchases with card-not-present sales and phony bank cards.
Within the U.S., those systems don’t fully exist for online transactions. Once people have your card number, they will still make transactions.
By comparison, card payment standards in Europe have reduced fraud incidents. They’re way more serious about standards, he offered.
AI a Tool for Cyberattackers and Defenders
Cybercriminals use AI to their advantage, creating simpler attacks and increasing fraudulent e-commerce transactions. Cybersecurity experts are juggling AI-powered defensive tools to detect phishing and scrutinize incoming web traffic, searching for a gap to breach networks.
Nevertheless, Johnson thinks it’ll take more time for AI successes to bolster cyber defenses. AI is becoming increasingly prevalent. He sees many tools, especially on the defensive side, and knows AI plays a considerable defensive role.
“We’re already using a number of. But that’s going to proceed to grow. There is just not loads more I can say about that straight away. It’s exploding, to be honest,” he hinted about what AI might give you the option to do across the corner.
Protecting Card Payments Already in Motion
In response to Johnson, two advanced technologies are in play to safeguard digital transactions higher. Point-to-point encryption (P2PE) and tokenization technology already provide winning solutions against the bad guys.
P2PE is on guard when shoppers insert payment cards at checkout: certified hardware and software block merchants and employees from accessing the cardboard data.
“It’s super simplified so far as compliance goes, and it’s far more secure, just because there is no such thing as a sensitive cardholder data in that environment,” he explained.
Tokenization creates a digital representation of the payment information. Tokens protect sensitive data by obfuscating the identity of the payment transaction.
When combined with AI-powered applications, payment tokenization uses large language models (LLMs) and deep learning techniques to guard sensitive data by generating a brief code to switch the unique information.
“So wherever our data is, we do a variety of tokenization on the e-commerce side for card-on-file type transactions. We may give a token back to a merchant, [who does] not have hard data of their environment,” Johnson explained.
Cyberwar Battle Ongoing
From his view of all things cybersecurity, Johnson hedged a bit on the query of who’s winning, whether it’s a whack-a-mole marathon or a draw.
“Sometimes it appears like we’re winning. Lots of times, it appears like we’re losing. So it’s a struggle,” he offered.
He noted that zero-day and provide chain attacks are more serious now due to all the information integration.
“If the tools, applications, or services you depend on are compromised, 1000’s of corporations shall be affected.” That’s considered one of Johnson’s big cybersecurity concerns nowadays.
“So, to reply your query, it’s whack-a-mole needless to say. But we’ll proceed to be okay,” he concluded.