6 E-Commerce Security Pointers for Marketers and Consumers Alike

In 2008, the total average costs of a data breach grew to $202 per record compromised, an increase of 2.5 percent since 2007 ($197 per record). The average total cost per reporting company also rose, growing to more than $6.6 million per breach (up from $6.3 million in 2007) and ranging from $613,000 to almost $32 million, according to a recent study from Ponemon Institute, an independent research firm that specializes in privacy, data protection and information security policy.

Online businesses must understand the kind of security measures and warning signs consumers increasingly look for on the web today. Here are six tips to help you see things through their eyes and plan your own security strategy accordingly:

1. Visual cues. Consumers need to protect themselves from “phishing sites,” phony websites set up by criminals to steal personal information. Simple visual cues can demonstrate that your site is safe and open for business. Consider, for example, the “http” in the URL address or the green address bar in the web browser.

These cues tell consumers that a website owner has invested in digital certificates verifying that a site is legitimate and that customer information will be encrypted during transactions.

2. Too much information. Phishing sites frequently lure consumers through “urgent” email alerts and then request personal information organizations should already have or information they clearly don't need for account activity.

These messages alert customers to account problems, account status changes, special sales offers or even the need for special security software downloads. These messages also include links to phony websites to get customers to input personal information.

Retailers’ sites generally don't need more than a name, shipping address, billing address, credit card type, card number and expiration date. Consumers should become suspicious whenever social security numbers or bank routing numbers are requested. Retailers don't need to execute customer downloads to upgrade site security. As a business rule, only collect what you need for the purpose of the transaction at hand.

3. Two-factor authentication. Online businesses increasingly use “two-factor” authentication to provide access to end users’ accounts. This combines something the consumer knows, such as a user name and password, with something the consumer has, such as a unique, one-time security code.

This code is typically generated by a small, plastic token, credit card-shaped smart card or SMS-enabled mobile device. Because a two-factor-protected site requires both the user name and password combination coupled with the one-time code, the theft of one is useless without the other.

4. Checking in. Customers should have readily accessible ways to raise security concerns with an online retailer. Online businesses should make phone numbers, instant messaging attendants and/or feedback forms easily accessible. And concerned queries from customers should be addressed in a time-sensitive manner.

5. Checking out. Given that checkout is when online deals are consummated, use that interaction to nurture trust. Most well-run websites — such as Amazon or eBay — send printable order and shipping confirmation emails. These features assure customers that someone is watching out for them throughout the transaction.

6. Education. Finally, businesses should take on the responsibility of educating their customers on what to look for as they transact online. This takes online security beyond the measures you put in place and builds trusted relationships between merchants and consumers that'll pay dividends far beyond today’s purchases.

Tim Callan is the vice president of product marketing at VeriSign, an internet infrastructure services firm. He can be reached at tcallan@verisign.com.