Overall, e-commerce sales were up 25 percent by the middle of March compared with the start of the month — and they show no sign of slowing down while people navigate the new normal of shopping. That's the good news. The bad news? An increased number of online sales comes with an even greater number of e-commerce security threats.
Payment systems are a lucrative target for cybercriminals. For that reason, retail organizations operating online without strong security measures in place might experience direct financial losses, fines and fees, increased operational costs, and reputational risks to their businesses.
A secure e-commerce business requires having an online payment solution that can efficiently move money to and from bank accounts — and payment security should be considered at every stage of the user’s journey. Making well-informed security decisions gives you the confidence your programmable payments are safe from bad actors.
As the ubiquity of digital transactions increases, here are three tips to help you secure payments during a time of increased online activity:
1. Start with risk
Security is never done. It’s a process that must be constantly evolving and there’s always something more to worry about. Compared to offline businesses, the risk of cyber incidents can be more substantial for an online platform. The core of your information security program should be a focus on identifying, prioritizing, and handling the risks that matter most for your company.
2. Lean on standards.
While every environment is different, a lot of security benefits can be gained from following the best practices and standards that are already out there. Resources such as the CIS Critical Security Controls, Cloud Security Alliance Matrix, or NIST Cybersecurity Framework can give your business a significant head start on the blocking and tackling issues. Of course, there’s a lot to them! Therefore, prioritizing these according to your risk assessments is key.
3. Control access.
Multifactor authentication (MFA), often implemented as two-factor authentication, has quickly become a security best practice. As opposed to authentication that only relies on something guessable like a secret users know (such as passwords, which are important to appropriately protect), MFA authentication requires the user to prove something they have, like a mobile device or email address. This additional layer, combined with strong cryptographic protections of data in-transit and at rest, makes it significantly more difficult to compromise user accounts.
Benjamin Blakely, PhD CISSP CISM, is director of information security at Dwolla, the programmable payments platform.
Related story: Cybersecurity for Retailers: How to Reduce the Effects of the Coronavirus Pandemic
Benjamin Blakely, PhD CISSP CISM, is Director of Information Security at Dwolla, the programmable payments platform.
Previously, he has held positions in the private, public, and education sectors, and built an information security program to support growth of a previous cloud software company through its initial public offering and into the thousands of corporate customers. He earned his PhD and BS degrees in Computer Engineering from Iowa State University, with minors in psychology and political science. He holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications, and is the lead inventor on two patents related to encryption key management in cloud infrastructures.