Realising the benefits of online security
A few simple measures can secure your website.
Despite targeted education efforts by banks and online retailers alerting customers not to share their personal information online, internet users globally continue to fall victim to phishing attacks. Criminals worldwide are constantly developing new scams to trap the internet-savvy who won't fall for the old 'click here to verify your account' email scam. Today, phishing scams are becoming more sophisticated, and e-criminals continue to develop scams targeting the most vulnerable.
Recent research1 revealed that scare tactics by fraudsters remain an effective form of phishing through sneaky strategies such as imitation websites trying to 'phish' personal details. This strategy is one that has been shown to work successfully (to the detriment of consumers) across all demographics.
Rather than asking, 'How do I stop internet crime?' businesses today need to ask, 'How do I stop internet crime affecting my business?' The first step to doing this is to understand the kind of security measures and warning signs businesses and their customers increasingly need to look for online. Here is a list of key security tips for businesses planning their own security strategy:
1) Visual cues: Consumers need to protect themselves from 'phishing sites', which are fake websites set up by criminals to steal personal information (although legitimate sites have been known to be compromised also). Simple visual cues can demonstrate that your site is safe and open for business, such as using the 'https' in the URL address, or the green address bar in the web browser. These cues tell customers that a website owner has invested in digital certificates which verify that a site is legitimate and that customer information will be encrypted during transactions.
2) Too much information: Phishing sites frequently lure consumers through seemingly urgent email alerts and then request personal information which organisations should already have, or information they clearly do not need for account activity. These messages alert customers to account problems, account status changes, special sales offers or even the need for special security software downloads.
These messages also include links to fake websites in order to get customers to input personal information.Retailer sites generally do not need more than a name, shipping address, billing address, credit card type, card number and expiry date. Consumers should become suspicious whenever social security numbers or bank routing numbers are requested. Retailers do not need to execute customer downloads to upgrade site security. As a business rule, you should only collect what you need for the purpose of the transaction at hand.
3) Two-factor authentication: Online businesses are increasingly using two-factor authentication to provide access to end users' accounts. This combines something the consumer knows, such as a username and password, with something the consumer has, such as a unique one-time security code. This code is typically generated by a small plastic token, credit card-shaped smart card, or SMS-enabled mobile device. Two-factor-protected sites require both the username and password combination coupled with the one-time code, which means the theft of one will be useless without the other.
4) Checking in: Customers should have readily accessible ways to raise security concerns with an online retailer. Online businesses should make phone numbers, instant messaging attendants or feedback forms easily accessible. Concerned queries from customers should be addressed in a time-sensitive manner.
5) Checking out: Given that the checkout is where online deals are completed, it is very important to use that interaction to nurture trust. Most well-run websites – such as Amazon or eBay – send printable order and shipping confirmation emails. These features assure customers that someone is watching out for them.
6) Education: Finally, businesses should take on the responsibility of educating their customers on what to look for as they transact online. This takes online security beyond the measures you put in place and builds trusted relationships between merchants and consumers that will pay dividends far beyond today's purchases.
Businesses need to earn their online customers' trust and confidence to be successful, especially in tough economic times when consumers are jittery and competitors are just a click away. Many businesses today are enjoying increased customer confidence and great online sales results by implementing a security solution called Extended Validation (EV) SSL Certificates.
These certificates provide an easy and reliable way to verify that a website is authentic and provide a secure environment for users conducting transactions. EV SSL Certificates provide immediate visual cues to web users using the latest web browsers that currently support EV SSL. The address bar turns green, a padlock icon appears next to the address and a new field is displayed to the right of the URL in the browser. This field contains the name of the organisation that owns the site as well as the security provider that issued the certificate.
1 The online survey was commissioned by VeriSign and conducted by YouGov on 21-27 May, 2009. The survey asked more than 8000 respondents across nine countries to spot the difference between real and fake websites from VeriSign's recently launched Phish or no Phish (www.phish-no-phish.com) challenge.