Contact Us

Data security in
e-commerce
faces threats on
many (store) fronts

Author: Gary Hilson

With cyber crime on the rise and growing more sophisticated every day, data security in e-commerce has never been more important for retailers of all sizes, whether online or in-store.

Some of the threats of e-commerce security are specific to retailers, while others are prevalent with all businesses with a digital footprint. These threats are constantly evolving, and the entire supply chain is vulnerable to attack, especially as retail locations, corporate offices and warehouses become increasingly connected. Retail security even encompasses the Internet of Things (IoT), as devices are deployed to improve the brick-and-mortar experience for shoppers, including through mobile Point-of-Sale (POS) terminals.

Increasingly, all these devices—regardless of location—are connected back to centralized systems that connect to a retailer's e-commerce platform. That means there are many doors a threat actor can walk through to get wider access. This could lead to a variety of compliance violations, data loss and even an interruption of service delivery for customers.

Data security in e-commerce has many touchpoints

Prior to the pandemic, many retailers were already transforming their brick-and-mortar locations to evolve the customer experience beyond just picking up merchandise off a shelf and taking it to a cashier. Changes in consumer expectations and behavior during the pandemic accelerated this transformation. Now, data security in e-commerce has a broad range of factors to consider.

M2M solutions

Retailers are increasingly deploying machine-to-machine (M2M) solutions to help them enhance the customer experience in-store, including digital signage to promote limited-time offers, augmented reality that lets customers try items before they buy and mobile POS that allows for secure, contactless payments anytime, anywhere—including curbside pickups.

Many of these interactions can be enhanced with edge computing to improve network traffic, and they can collect data that could provide insight into customer behaviors and preferences.  Securing these physical devices themselves, along with ensuring the secure transfer and storage of data between these devices, is critical. 

IoT devices

Mix in IoT devices that allow retailers to track merchandise, analyze foot traffic and perform predictive equipment maintenance, and you have a lot of threats to e-commerce data because they all connect back to cloud-based systems, which are playing a critical role in retail digital transformation to deliver better online experiences.

Connectivity 

Improving the customer experience has also brought a lot of innovation to supply chains—including increased connectivity between the retailer and its many locations, warehouses, suppliers and technology solutions partners that help them run their business. All these connections to partners have an impact on data security in e-commerce, as hackers often seek out third-party vendors to gain access to a retailer's data—including customer payment information. They are increasingly coming up with new, under-the-radar ways to steal payment card data from e-commerce sites.

The challenges of e-commerce

Many types of attacks that retailers face are no different than any other business, and the nature of data security in e-commerce means there's a very large attack surface to make them appealing targets. They are susceptible to all kinds of distributed denial-of-service (DDoS) attacks and ransomware. DDoS attacks appear to get bigger every year as they look to affect more systems with higher volumes of traffic, and retailers fit the bill. Workstations, email servers, file shares and even IP-based voice communications systems all have the potential to be affected. A ransomware attack could not only deny access to valuable data but also bring business to a stop.

As the Verizon 2020 Payment Security Report notes, mobile devices are taking a leading role in payment security as more online transactions are being made through these devices than computers. The report found that risks to mobile payment security are snowballing at a very rapid rate, and retailers must respond quickly as threats actors continue to find ways to disrupt them every day. Payment compliance is a critical part of overall data security in e-commerce.

But payment compliance is a continuum, similar to the constantly evolving threats to digital retail infrastructure. It's not enough to detect threats and react. Retailers need to take a more proactive and preventive approach if they are to cover the entire attack surface.

Streamline data security in e-commerce

Because there are so many entry points for threat actors to compromise security in e-commerce, there's no shortage of tools providing millions of alerts for the cyber security professionals tasked with protecting retailers.

However, it's simply not possible for analysts to react to every activity that's deemed suspicious. They need a way to help automate both detection and remediation of obvious threats while freeing up time to do more than just prevention. Going beyond monitoring means having cyber security analysts who know what to look for and a streamlined process for event escalation. You also need to be able to scale your e-commerce security so that you can achieve a higher level of security monitoring and analytics without overwhelming your cyber security analysts. That way, they can focus on threat hunting rather than dwelling on every alert.

Retailers can also be proactive about protecting e-commerce data by automating the onboarding of the third-party suppliers and vendors they connect with. With automated cyber risk monitoring, you can rate them based on quantitative risk data and threat intelligence from other sources—including your managed service provider—to understand how they could potentially pose a threat to your security in e-commerce.

Your infrastructure also plays a role in ensuring data security in e-commerce. Deploying SD-WAN can give you more control over your network with application awareness that automates traffic routing decisions through rules-based controls, including secure access.

Most IT teams lack the expertise or bandwidth to deal with advanced threat tracking and detection, which is why organizations with complex infrastructures such as retail can benefit from a more customized threat and monitoring ecosystem. Partnering with a managed services provider can enable you to not only leverage threat intelligence from a vast number of sources but also automate and help speed up the time between detection and remediation. This "security as a service" approach can give you access to an advanced security operations center staffed with remote security analysts who can help to monitor your environment and alert you to potential threats to your organization.

Learn more about how Verizon can support payment security.