E-Commerce has evolved tremendously in the last decade, becoming a key source for discovery as well as closing the transaction loop for consumers. One of the challenges online retailers have been heavily investing in is simplifying the customer journey and boosting loyalty, which spans across the entire process from discovery to payment. This will shift the focus towards creating a trusted, enjoyable and annoyance-free digital experience.
Consequently, retailers encourage shoppers to create online accounts that hold their basic user data, including the billing and shipping addresses, credit card information and transactions history. To ensure a quick login process to these accounts and finalize the purchase process, retailers continue to expand their features, adding easy social networks login processes and other supporting capabilities.
In order to expand on features offered, online retailers must first establish a level of trust with their consumers. The information online retailers expect their consumers to save when creating online accounts is of the utmost sensitivity. The data is a direct connection to a consumer’s finances. A consumer must know, when submitting the data, that an online retailer will take the necessary security precautions and keep their site protected from outside threats.
The constant need to simplify the online purchase process, together with the necessity to offer a simple login procedure, has essentially forced online retailers to carry a similar risk as financial institutions, due to the fact retailers now store sensitive consumer and payment information online.
With their continuous effort to obtain large data repositories and financial data, hackers were soon to follow. Indeed, in the last couple of years we have witnessed quite a few cases of breaches and attacks on large e-Commerce databases including Target, Neiman Marcus and many more. In most breaches, the focus was on obtaining credit card information on a large scale, which would later be used by hackers to execute fraudulent transactions.
These types of breaches forced online retailers to improve their PCI compliance measurements and expand internal cybersecurity practices in order to protect their servers and end-point assets. Despite these recent efforts, a significant vulnerability remains in the devices of users.
Shoppers’ devices and browsers have remained an open door for hackers, offering them access to any data displayed digitally and available for the user, including the credentials, credit card details, billing address, etc. Client-side malware basically bypasses the need to penetrate the servers by leveraging client-side data. According to research, 15%-30% of online shoppers are infected with client-side malware, thus significantly increasing the risk of client-side attacks.
Client-side malware (CSIM) vulnerabilities include ad exploit (injected ads and competing products displayed on top of the retailer’s digital assets without its knowledge or approval) as well as sophisticated spyware that invisibly collects consumer data. For example, by obtaining the account credentials, hackers can access the account, change the shipping address and freely purchase products and services without raising any red flags on the retailer’s end. These activities don’t even require the hacker to obtain the actual credit card details, which are stored in users’ online accounts, and are easily disguised as typical consumer behavior.
CSIM has two major implications on customers’ trust and loyalty, by significantly affecting both the “annoyance” and the “enjoyable” aspects of the digital journey. Online retailers have a duty to their consumers to ensure the safety and security of online account data. By enabling malicious third parties to inject ads, banners or pop-ups directly onto an online retailer site, on both desktop and mobile, without the retailer’s approval, CSIM poses a direct threat to the consumer. CSIM has the opportunity to destroy the trust and loyalty online retailers have built to satisfy client requirements and demands.
The bottom line is balance. How should online retailers balance their two objectives — creating a smooth and effective sales funnel while protecting the sensitive data of their consumers? As online retailers continue to evolve to fulfill consumer demands for a simplified online process and hold more and more sensitive consumer data, the balance is likely to shift towards protecting the customer journey, and will drive online retailers to measure and assess risk more like financial organizations.
Alon Rozenberg is VP Customer Success & Solutions at Namogoo. He comes to Namogoo with 13 years of experience working in the security and cyber spaces, dealing with some of the largest financial institutions in the world and top Fortune 500 companies. Throughout the years Rozenberg has worked in a variety of startups and large corporations. Before joining Namogoo, he worked at Trusteer, where he initiated and led the Customer Success group, managing more than 400 customers worldwide.