Protect Your eCommerce Accounts from ThreatsPosted: January 29, 2020
Which category of shopper do you fall into? Would you rather purchase everything you need from the comfort of your home over the internet, or do you enjoy the sensory and tactile experience of venturing out to a store? Despite predictions of a coming “retail apocalypse,” in which online shopping would do away with our need for bricks and mortar stores, retail establishments continue to thrive in the digital age. Yet, a new report commissioned by UK law firm Womble Bond Dickinson, suggests that by 2028, 53 percent of all retail sales will be made online. If this statistic is correct, the global retail industry will undergo unprecedented change in the near future as retailers innovate and cater to the changing desires of shoppers.
From its humble beginnings in 1994 with the sale of the Sting album “Ten Summoner’s Tales,” to the creation of the platform economy which includes companies like Airbnb, DoorDash and Uber, e-commerce has rapidly evolved into a trillion-dollar industry. Advances in mobile technology, artificial intelligence and faster internet speeds are poised to push e-commerce even further. Already, on-demand delivery, auto-replenishments and augmented reality are slowly finding their way into the industry, giving online businesses improved ways to interact with their customers.
Your Private Data is Under Threat
Despite these exciting advances, it may surprise you to learn that e-commerce is under threat. These sites are a favourite target for hackers who will do whatever it takes to gain access to your personal data. According to a report by cybersecurity firm Shape Security, more than 90 percent of an e-commerce site’s global login traffic comes from cybercriminals. Hackers use specially designed programs to flood a site’s login fields with stolen data procured from the dark web. These attacks are called “credential stuffing” and are successful as often as 3 percent of the time. This may not sound like a high percentage, but the costs quickly add up for online businesses. Last year, this type of fraud cost the e-commerce sector around $6 billion.
In a credential stuffing attack, criminals will purchase usernames, email addresses and passwords from large data breaches and test them on nearly every website and mobile app that they can access. Eventually, hackers will input your stolen information in a login field and gain unauthorized access to an account. They will then collect any pertinent information about you that can be monetized. Credit card numbers, addresses, phone numbers and answers to security questions are all desirable targets because hackers can use this information to access additional accounts you may have or bundle the data and sell it to other nefarious criminals.
If you believe e-commerce sites are doing their best to safely secure your personal information, new research questions that common assumption. According to Magneto, roughly 22% of online merchants are neglecting security best practices and are putting their customers’ data at risk. Overlooking PCI compliance, requesting unnecessary information and failing to keep software updated are the most commonly overlooked practices. And if you think that a business will promptly notify you about any data breaches, thereby enabling you to quickly change your login credentials on accounts that may be vulnerable to a hack, think again. On average, it takes 15 months from the day credential data is stolen to the day an intrusion is revealed. This means that criminals often have more than a year to try out your credentials on an endless number of sites before you are even aware that your personal data has been compromised.
Don’t Fall Prey to Credential Stuffing Attacks
So, if you can’t trust e-commerce sites to protect your personal and financial information, what can you do to prevent yourself from falling victim to a credential stuffing attack? The easiest solution is to change your passwords often. Cybersecurity experts now recommend that you change your passwords every 30 days and store them in a secure password manager like KeePass or LastPass. These services not only ensure that you don’t have to remember your passwords, but they can also automatically generate complex passwords for you.
You will also want to avoid using the same password for each of your online accounts. This way, if one password falls victim to a data breach, your other accounts remain secure. Ideally, you should have unique login credentials for every site you use. Finally, it’s important to create strong passwords. Safe&Secure is a poor choice for a password because it can be easily cracked by a brute force attack. Instead, try the sentence method. First, think of a random sentence and transform it into a password by taking the first two letters of every word. So, “I was born in South London on Saturday,” becomes IwaboinSoLoonSa. You can also add numbers and special characters to make the password even more secure.
It is our hope that this post has encouraged you to reevaluate how you create and use online passwords. As one of the easiest steps you can take to safeguard your personal and financial information on the internet, we urge all of our valued members to use strong, unique passwords for each of your critical accounts.