Increased online shopping increases potential for cyberattacks

E-commerce sales rose 7.6% last year, according to the U.S. Census Bureau. By all accounts, online retail shopping will continue to increase—and along with it will come increased opportunities for cyberattacks.

Cracking of consumer passwords and the creation of ghost websites are among the leading threats to retailers, making identity management a priority, says Nick Stuart, an RSM senior analyst for the consumer products industry. Ghost websites are replicated websites that look exactly like a retailer’s website, but with a fake URL. When the consumer checks out on a ghost website, the criminals will steal personal information, including credit card details. Sound security strategy includes authentication and other access protocols to combat these threats.

“Given various online platforms, passwords are prevalent, from consumer loyalty accounts to store apps and checkout systems,” he says. “Once breached, personal data, shopping history, financial information, credit card numbers and more are grabbed for criminal use.”

While security is paramount, retailers also want to limit “friction,” the frustration their customers experience when online purchases require additional effort and time. Consumers want less hassle with fewer clicks to check out, even as they expect the process to be secure, Stuart says.

Technology can help with this balancing act. Authentication apps such as Shopify’s Shop Pay and Amazon Pay, as well as payment platforms like Apple Pay can amp up security while reducing checkout time. They securely store consumer information so that shoppers avoid reentering data such as shipping information every time they make a new purchase. These platforms rely on biometric passkeys, PINs and other techniques in lieu of two-factor authentication and passwords—tactics that customers often find frustrating.

“The process allows speedy checkout and a satisfied customer, one that will hopefully be back for future purchases,” Stuart says.

Fortifying identity management also calls for a comprehensive data governance program, cloud migration and constant monitoring of relevant privacy and security regulations. These measures will help protect customer data, maintain business continuity and build trust with consumers, Stuart says.