With online retail booming store owners must know about these five security concerns

Online retail is booming, with more and more existing retailers going digital and new small e-commerce businesses constantly opening up.

According to data from the CNBC/NRF Retail Monitor, sales at online retailers were up 18% year over year in February 2024.

It’s fair to say that much of the success of online shopping rests on investments made in improving the customer experience. Streamlining the checkout process and removing obstacles to payment helps encourage customers to return and makes online retail far more appealing.

But as online shopping becomes more successful and the number of digital stores rises, it also attracts more cybercriminals. No business is too small to be a target.

Online retailers need to defend themselves and their customers from fraud and hacking, because shoppers who get defrauded on your online store won’t just blame the criminals, but also your business for failing to protect them.  

To help shorten the journey to safe shopping, we’ve gathered 5 security issues that online retailers must be aware of to keep themselves and their shoppers safe.

1.   Card skimming

Most people think of card skimming as something that plagues ATMs and card readers in dodgy eateries and gas stations, where fraudsters install software to steal your card details and use them for fraudulent purchases. But now there’s an online version: digital card skimming.

Contrary to popular opinion, this is the e-commerce business’ problem and not something for the payment provider to deal with.

“Since most e-commerce businesses facilitate consumer payment through third parties and payment gateways, they believe the liability will fall on the payment service provider,“ says Ran Arad of Memcyco, a real-time website spoofing fraud solution.

“However, that is not the case - and it’s up to retailers to invest in protecting their shops and shoppers, on and offline, with continuous security monitoring and other threat detection solutions.”

Cybercriminals employ various methods of digital card skimming, including spoofing your website and inserting modal overlays onto your website or app.

E-commerce businesses can use a multi-faceted solution like Memcyco’s, which can detect fake sites, monitor your digital assets for attempted brand hijacking, and provide trusted proof of authenticity for your shoppers.

2.   Supply chain attacks

Today’s extended, interconnected networks put online retailers at risk of breaches or attacks through third parties.

All it takes is for one employee at one third-party connection to click on a phishing link, and hackers and cybercriminals could saunter into your systems through the back door.

Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes Threatdown Labs, warns that “The BNPL (buy now pay later) industry heightens online fraud risks. It's a prime target due to rapid growth and lax security checks compared to traditional systems.”

“BNPL systems have less stringent checks, making it easier for cybercriminals to hijack accounts or create new ones with stolen or synthetic identities, combining real and fake details for unauthorised purchases.”

The best protection is to apply a zero-trust security policy, together with strong access controls that prevent any unauthorized access. You also need to carefully and thoroughly vet all your vendors, including subcontractors and even fourth and fifth tier suppliers, ideally using a tech solution that gives you visibility into your network.

3.   DoS/DDoS

Denial of Service (DoS), or Distributed Denial of Service (DDoS) attacks involve using bots or malware to overwhelm your website and make it unavailable to shoppers, either entirely or at point of payment.  

Erez Hasson and Gabi Stapel of Imperva warn that despite reports that such attacks have dropped recently.

“DDoS attacks continue to pose a significant threat, especially low-volume, lengthy attacks that can remain undetected and impact online transactions,” and add that “smaller attacks, such as those recorded in the past 12 months, can still affect performance and revenue, especially if they are sustained over long periods.” 

One way of addressing the issue is to use a waiting room queuing system like Imperva’s. This way, you can control the traffic that enters your site, protect your business from bot attacks, and avoid disappointing customers.

4.   Fake returns and refunds

Retailers have had to deal with shoppers fraudulently claiming refunds, or returning “unused” items after having used or worn them, ever since the invention of returns policies. However, it’s particularly difficult for online stores.

Laura Garrett, returns expert at ReBound, says that “Consumers fraudulently returning items is placing an additional burden on the bottom line at a crucial time of year for retailers and brands and may push more brands to charge for returns. […] As retailers look for solutions, an increasing number have started to consider banning serial returners.”

“The challenge is that this cohort includes both their most loyal customers as well as the fraudsters.”

The best way to prevent returns and refund fraud is through a strong returns policy that makes it clear what condition goods must be in, a shorter returns window, and “no cash refunds” to reduce incentives.

It’s also important to require IDs and contact details before processing returns, so you can cross-reference with the order and check it wasn’t purchased with a stolen credit card.

5.   Ransomware and malware

Due to the rise of Ransomware as a Service (RaaS), which makes it easy and inexpensive for cybercriminals to attempt a ransomware attack, such attacks are surging.

“Some folks are saying the number of ransomware attacks have plateaued,” says Deepen Desai, Zscaler’s Global CISO and Head of Security Research and Operations. “[But] based on what we are seeing, it’s a 38% year-on-year growth in ransomware attacks and a 37% increase in double extortion attacks,” he warns.

There’s clearly no room for complacency. Online retailers need to apply a range of different defenses against ransomware and malware attacks. These should include zero trust methodologies, and strong tools like Astra’s web application firewall.

Online shopping can be a minefield

The range of threats facing online stores isn’t likely to diminish any time soon. It’s vital for ecommerce businesses of every size to take the necessary steps to protect themselves and their customers from hackers and cybercriminals.

From adopting advanced solutions to implementing robust security procedures, online stores of every size need to keep their defenses high.