Concerns over the security of online shopping have been around as long as the Internet and for good reason. The initial steps into making online payments were painful. A lack of security was obvious with the first plaintext implementations. Even today, people are still rightly cautioned about sharing their credit card information with anyone that does not have an immediate need for it.
Not only that, according to a study performed by Auriemma Consulting Group, consumer anxiety over having their credit card number compromised (stolen) rises in correlation with the value of the online purchase. About 85% of consumers that participated in a recent poll said that security was more important than speed if they were making a $100 purchase. But when the same group was asked about a $5 purchase, only 70 were still more concerned about security. But are these fears still founded in reality?
In recent years, along with the convenience, many say that shopping online has become MORE secure than offline shopping. Wired Magazine asked this question in an article titled “Have Online Payments Become Safer Than Offline?” SPOILER ALERT! The answer was “yes.”
In the first years of the Internet, online stores struggled to create secure methods for making purchases over the Internet. Recent regulation for online merchants and advancements in cryptography have made the Internet a relatively safe place to shop. As long as you are following the same rules that you follow in your offline behavior, you can be fairly confident that your credit card information will be safe.
Nearly two-thirds of consumers in another survey indicated that they are concerned that a one-click checkout makes them more susceptible to fraud.
The reality is that a one-click purchase through payment processors like Amazon Payments, PayPal Express, or Stripe uses a technology known as tokenization. This means that rather than sending all your personal data and credit card information, the payment processor simply sends a secure ID number to the processor (Amazon, PayPal, etc.) and requests a purchase based on that ID. This allows for increased convenience and security because none of your data is entered into your device and the secure transaction happens with banking-level encryption behind the scenes.
Even if someone was somehow able to intercept the token, they would be very limited in how they use it, and the payment processor would be able to quickly identify that your token was being used from a device other than yours and cancel it.
The biggest threat to your security online comes from making purchases offline. Retail stores and even big box companies built much of their security systems before network security was an issue. Even today, point-of-sale machines are not required to encrypt your password as long as the data is being transmitted on a private network.
“You walk out of the store while the transaction continues to ricochet across the country — using technology from the 1970s,” Jason Oxman, CEO of the Electronic Transaction Association, told NPR.
This is how hackers were able to steal personal information from 70 million clients at Target in 2013 and Home Depot announced that they had allowed 56 million credit cards to be compromised by hackers.
“In general, big box retailers don’t make the same commitment to security as online retailers,” suggests Marc Summe, former Product Management Director at 2Checkout. “Overhauling their entire system and taking extra security precautions is an expensive and time-consuming proposition, and so they neglect to take extra measures. This stands in contrast to online retailers, who are built from the ground-up with strict security in mind because just one hack could destroy their business.”
Even using cash is not secure as it used to be. The number of skimmers that are being used on ATMs and POS machines is increasing exponentially. Skimmers are devices that are installed on top of keypads at an ATM. They are very difficult to spot, as they look exactly like the original keypad and card slot. When you enter your card, they capture the data from the magnetic stripe and your PIN code. Thieves are then able to create duplicate cards and use your PIN code to access your bank account or credit card directly.
“ATM skimming, in San Diego and nationwide, has reached epidemic levels,” said Dave Shaw, Special Agent in charge for US Homeland Security Investigations in San Diego. “Consumers need to be more vigilant about the increase in these types of thefts and frequently monitor their bank accounts for any suspicious or unauthorized activity,” Shaw said in a statement. “These types of crimes not only result in significant losses for financial institutions and merchants but can cause a major disruption in consumers’ personal finances.”
In short, there are a few things that merchants can do to help consumers make purchases online:
- Whenever possible, offer payment options that they are comfortable with – PayPal, Mastercard, Visa, American Express.
- Ensure that your entire site is encrypted and uses the https protocol.
- If you need to follow up, never ask for your customer’s credit card information on a call that you initiated. They cannot be certain who called them. Instead, give them a number to call into if you need to verify additional information.
- If you use a tokenizing payment processor that people trust, like Amazon Payments or PayPal, provide one-click checkouts so that customers don’t have to enter the payment information themselves.
- Only offer to save their information for future purchases if you have the network security to keep their data safe. As an online retailer, just one data breach can end your business forever. If your payment processor is secure, not only is it more convenient for your customer, their data is much safer on their computer system than traveling back and forth over the Internet every time they want to make a purchase.
By following these simple rules, you can increase consumer confidence, and therefore, successful checkouts at your online store. While there have been some widespread security breaches, they have mostly happened to brick-and-mortar stores rather than online payment processors. While today these fears are mostly unfounded, gaining customer confidence in light of a rocky start is now the largest obstacle to overcome.