Online Security and the Post-Pandemic Period: Why E-Commerce Must Act Now

E-commerce providers have long walked the line between security considerations and consumers’ demand for a high-quality, frictionless experience. As a result, they've been hesitant to apply additional authentication measures, and hackers have taken note. According to Verizon’s 2020 DBIR, attacks against e-commerce apps are by far the leading cause of retail breaches.

The pandemic provides the retail industry with the perfect opportunity to address these vulnerabilities. According to a recent study, 60 percent of consumers anticipate they will not return to physical stores for some time after restrictions ease. E-commerce providers must capitalize on consumers’ temporary reliance on all things digital to finally shore up lagging security vulnerabilities. Brick-and-mortar locations will eventually resume normal operations, so it’s critical that online retailers act now — or the industry will continue to find itself falling prey to hackers.

As e-commerce providers improve their security posture, there are a variety of things to consider, including:

• Multifactor authentication: Multifactor authentication (MFA) and two-factor authentication (2FA) require users to present two or more pieces of evidence in addition to their password when attempting to log into their online account. While these methods have historically gotten a bad rap due to their perceived interruption of the customer experience, the pandemic offers e-commerce providers a chance to introduce MFA in a more positive light. Brands should draw on the data that shows hackers are eager to capitalize on the coronavirus-related surge in e-commerce shopping, and position MFA as a way to safeguard important customer information in this heightened climate.
• Adaptive authentication: By cross-referencing IP address, geo-location, device reputation, and other behaviors, adaptive authentication assigns a risk score to an inbound session and increases factors accordingly. Again, the current climate represents a good opportunity to introduce this authentication mechanism, when needed, in a way that will resonate with consumers. For example, with restrictions governing international travel, a user who typically purchases from the U.S. suddenly attempting to log on from the U.K. should raise a red flag. Customers will be grateful to know that brands are monitoring for these suspicious signs.
• Password security: While password-less logins have been the subject of much media hype, passwords are still fundamental to online security and will continue to be so for the foreseeable future. One of the most critical steps e-commerce providers can take in shoring up security is screening for compromised credentials at every login attempt. With many people creating simple, easy-to-guess passwords and reusing them across multiple sites, it’s incredibly easy for hackers to obtain credentials that were leaked in a prior breach and use them to breach additional accounts. Unlike the authentication measures outlined above, credential screening can be done entirely in the background with consumers only becoming aware of the security measure if a compromise is detected.

The business implications of coronavirus will continue for months, if not years, and it’s likely some aspects may be permanently altered. From an e-commerce perspective, the unique security opportunity afforded by the pandemic cannot be overlooked. Consumers will never be more open to additional authentication mechanisms, and providers likely won’t have another chance to strengthen security with so little customer resistance. As such, now is the time to shore up e-commerce security and begin to reverse the troubling e-commerce attack trend.

Josh Horwitz is chief operating officer at Enzoic, a cybersecurity and fraud detection solution.