How to Protect Customer Information from Hackers
November 9, 2015
There are a lot of different ways hackers are able to get into anyone’s account. If someone uses a weak password, or the same password across different accounts, then they are just asking to be hacked. Using public Wi-Fi makes it very easy for a novice hacker to get into your system and obtain your information. When checking out an e-commerce store and creating an account, you become vulnerable to losing your credit card information if that site ever gets breached.
Consumers should always use different passwords that utilize a multitude of different characters and symbols, and should checkout as a guest on an online e-commerce store just to be safe.
When it comes to enterprises and big business, there are ways to protect their own information as well as their customers’. Similarly, enterprises can unintentionally allow hackers into their systems and breach personal information about their customers, including address, credit card information, and more.
A 2015 study done by Verizon on the Payment Card Industry Data Security Standard showed that 88% of businesses are failing to be compliant with credit card security protocols, up from 67% in 2009. The Verizon report also showed that 9,700 companies detected about 43 million security incidents in 2014, an annual growth rate of 66% since 2009.
Most enterprise companies still think their systems and customer information won’t be targeted. In a study by Experian and Ponemon Institute, 43% of organizations surveyed that were breached in the past two years, and prior to that they probably thought they would never get hit, either.
Meeting credit card compliances is just one of the factors for a secure online experience for your customers. Besides not meeting these compliances, companies are still doing quite a bit wrong to secure their customers from data breaches, which costs about $3.5 million on average per company.
5 Enterprise Companies Mistakes with Customer Security
1. Not installing updates and patches to their website immediately
Hackers target sites that have not updated their servers and software, and it is very common that breached sites are found to be running old versions of their applications.
What to do: Keep systems up to date
Whether it’s a web server that hosts a WordPress or Joomla website, or a web app like Xcart or ZenCart, you should install patches and updates the same day they are released. Along with updating your applications, you should also update your firewalls and anti-virus and malware protection software on a routine basis to make sure you are up to date and safe from the newest hacks and viruses.
2. Revealing customer information in live chat or e-mail
Email, text, and live chats aren’t exactly the most secure, and can easily be hacked into. Chat logs and sessions can be used to find credential information about customers.
What to do: Never reveal sensitive information
This comes down to training your employees correctly so that they know even if a customer seems to be who they say they are, you still shouldn’t reveal any private customer data to anyone. In addition, employees should not click on links in emails and chat sessions that look to be real and safe. In reality, these are often a phishing attempt by the hacker to get the employee to hand over sensitive information to whom they believe is the actual customer when it is not.
3. Not establishing address and card verification
By not verifying credit card of address information of a customer, you are leaving it open to hackers to ship products to wherever they want, and possibly with a stolen credit card. In the end, you take the financial loss because you gave away your product for nothing.
What to do: Always verify and authenticate
Use identity verification that authenticates that a credit card is legitimate by requiring the card verification value, or CVV, which is usually on the back of most credit cards. Another step of customer validation is to verify their billing and shipping address. This helps to reduce chargebacks, labor time and return shipping costs, which also increases your business profits.
4. Storing sensitive information
You keep your customer’s private and financial information on your records for the ease of use for when they return. Any site that has the ability to create user accounts and store financial information are easy targets for hackers as they can access all of your customer’s information in one fell swoop. What’s worse is if you are not encrypting this customer information. Encryption is an advanced layer of protection from hackers, but doesn’t keep your customer data completely safe by itself.
What to do: Put a policy in place
Your company should have a policy to not store customer credit card and personal information after it is no longer needed. There really is no reason to store this information, except for the ease of use for the customer that wants to be able to quickly fill out a shopping cart form. For those customers, a third-party form-filling tool that helps to remember their information can be used. In the unfortunate scenario your company gets hacked, your customer’s information is still protected in this case.
5. Not having secure authentication on your website
You don’t have a security certificate known as Secure Sockets Layers (SSL) that helps to secure information on your website as well as any data you are storing. It doesn’t mean you are 100% safe from all hacking, as no one is, but it does give you another layer of security.
What to do: Secure your website
Buy an SSL certificate for your website and make sure the certificate never expires. To tell if a website has an SSL, their URL should read like https://www.website.com. If there is no ‘s’ after the http, then the site likely does not have an SSL certificate and visitor traffic is not being encrypted.
Your business should do everything it can to protect customer information from a data breach, because losing millions and millions of dollars, not to mention losing customer trust and loyalty, far outweigh the costs of setting up a secure system.