This is a guest post from Odysseas Papadimitriou, CEO of the personal finance website WalletHub, which offers free credit scores, full credit reports, 24/7 credit monitoring and customized money-saving advice.
Identity theft and the various forms of fraud that come with it pose a lurking problem for both merchants and consumers in our increasingly digitized economy. And while no one is completely safe in this “brave new retail world”, there are some simple steps that you can take to not only protect yourself, but also to do right by your customers.
We’ll highlight a handful of options below. The overarching theme, as you’ll see, is that strategic outsourcing to specialists can save you significant amounts of time, money and market share in the long run.
- Find a Payments-as-a-Service (PaaS) Solution: Sometimes the smartest strategy is to stick to what you know best, which probably isn’t the inner workings of the payments infrastructure . So why not pay someone (like Dwolla) to help you handle all the red tape of payments APIs , so you can focus on the product?
Assuming the price is right, this is an investment that could pay huge dividends in terms of your own personal peace of mind and, perhaps most importantly, customer satisfaction. After all, customers aren’t always familiar with how your site is being protected. What matters most to them is the safety of their personal information.
- Outsource Email Management: Email might seem like a trivial task to pay someone else to do, but that can actually save you and your customers in the long run. After all, one of the most common forms of fraud is phishing.. Roughly 10% of email phishing leads to a data breach, and CEO email phishing in particular has cost businesses more than $2 billion since 2013, according to the Internet Crime Complaint Center.
A well-implemented email management system can reduce the likelihood of someone falling victim, while ineffective email practices have the potential to destroy both your deliverability and reputation.
- Invest in Network and Application Security: Little is more important to an online business’s success than security. “If experience in other countries is a predictor of the effects in the U.S., merchants should anticipate an increase in online fraud,” according to the Norton Rose Fulbright Data Protection Report. And to think you are prepared to face this expected onslaught alone would be the height of hubris.
So, to continue the theme of this advice, find a reputable security service that can handle your web-server protection. Countless companies, from boutiques to conglomerates, operate in this space, so you should be able to find something that meets your exact needs and price point. For example, I would recommend checking out CloudFlare, which has a solid reputation and a variety of inexpensive service options.
- Formalize Employee Policies & Contingency Plans: Teamwork and clear communication are essential to identity-theft avoidance, so make sure to establish and share will all employees any company policies and expectations that you foresee being necessary. This should include policies regarding the use and upkeep of electronic devices (e.g., antivirus software, password conventions, the acceptability of external drives, etc.); as well as the company’s data retention, storage and disposal procedures; and rules regarding customer confidentiality.Furthermore, you should have a clear plan for what each member of the team will do if one of your customers’ identities is stolen, including how to handle the respective individual and patch up any related vulnerabilities. Should the unfortunate happen, you’ll be glad to have a simple checklist to fall back on.
- Get Stress-Tested By a Third Party: Once every year or so, it would be wise to have an independent security consultant “come in” to review all of your company policies and practices – everything from the manner in which employees share information to the external security settings of your marketplace. You have a plethora of qualified consultants to choose from, many of which can do their work remotely, so if you can afford it, there’s little reason not to engage in this sort of preventative care.
At the end of the day, it’s worth noting that strong security features and a blemish-free reputation are strong signals of quality for consumers. So emphasize your data protection policies and other security practices on your website, including any related certifications you may have received. Even something as simple as an “https” address or a “CAPTCHA” on payment pages can help you win the perception game.