Assessing Fraud Defenses in the State of E-Commerce Cybersecurity

E-commerce transactions are a prime target for cybercriminals. In addition to targeting retail websites, fraudulent purchases and fake returns not only result in direct financial losses but also create additional costs and burdens for both sellers and customers.

New data shows that 75% of consumers would readily drop a brand after any cybersecurity issue. Almost as many (66%) said they would no longer trust a company that suffered a data breach affecting their data.

Perhaps even more threatening to online merchants is that 44% of consumers attribute cyber incidents to a company’s lack of security measures. Customer loyalty and retention are on the line, placing e-tailers in a double-jeopardy situation.

One cyber incident could significantly damage a retailer’s reputation and cost them customers. Therefore, it is more critical than ever for retailers to protect the complete shopping experience across e-commerce, mobile apps, and in-store.

As far as attacks go, cyber thieves have driven their activities to the status of a full-fledged business, according to Brent Johnson, CISO at digital payments and data security firm Bluefin. Black market activity is booming, with data acquired from cyberattacks feeding more attacks.

Hackers trade data from many websites and sell it on the black market, making millions of dollars from this activity, which has evolved in the last few years.

“We are seeing very sophisticated attacks over a wide range of commercial targets. Almost 30,000 websites are attacked,” Johnson told the E-Commerce Times.

Cyberattacks are now so widespread that the Payment Card Industry’s PCI Security Standards Council added more controls for e-commerce in its latest revision of the safety standards, he noted.

Consumer Recklessness Part of Worsening Problem

According to the Help Net Security report, businesses have been hit with 800,000 cyberattacks. Over 60,000 were distributed denial-of-service (DDoS) attacks, and 4,000 were ransomware attacks.

These findings are augmented by the lack of awareness among online shoppers about how to avoid cyberattacks. According to researchers, this lack of understanding encourages consumers to engage in reckless shopping behavior.

The report highlights two significant examples. More than half (55%) of respondents admitted to using their corporate devices for online shopping, which poses risks to business infrastructure. However, fewer respondents (35%) think fake e-commerce platforms make it too challenging for cybercriminals to impersonate large e-commerce brands.

Payment Industry Standards Vary by Region

With a rising tide of cross-border e-commerce transactions flooding the internet, payment card processes often lack uniform protection standards. These varying standards contribute to potentially higher instances of fraud that can sweep away U.S. consumers compared to their European counterparts.

“I do not want to say Europe is ahead of the U.S. in cybersecurity. I would say they are ahead in payments security as far as what they are doing with chip-and-PIN technology and EMV [Europay, Mastercard, and Visa] standards, and everything else,” Johnson clarified.

European merchants require proof of identity and account ownership at the point of purchase, making their process more secure. The more formidable card payment standards make it more difficult for thieves to make fraudulent purchases with card-not-present sales and phony credit cards.

In the U.S., those systems do not fully exist for online transactions. Once people have your card number, they can still make transactions.

By comparison, card payment standards in Europe have reduced fraud incidents. They are much more serious about standards, he offered.

AI a Tool for Cyberattackers and Defenders

Cybercriminals use AI to their advantage, creating more effective attacks and increasing fraudulent e-commerce transactions. Cybersecurity experts are juggling AI-powered defensive tools to detect phishing and scrutinize incoming web traffic, looking for an opening to breach networks.

However, Johnson thinks it will take more time for AI successes to bolster cyber defenses. AI is becoming increasingly prevalent. He sees many tools, especially on the defensive side, and knows AI plays a substantial defensive role.

“We are already using a few. But that is going to continue to grow. There is not a lot more I can say about that right now. It is exploding, to be honest,” he hinted about what AI might be able to do around the corner.

Protecting Card Payments Already in Action

According to Johnson, two advanced technologies are in play to safeguard digital transactions better. Point-to-point encryption (P2PE) and tokenization technology already provide winning solutions against the bad guys.

P2PE is on guard when shoppers insert payment cards at checkout: certified hardware and software block merchants and workers from accessing the card data.

“It is super simplified as far as compliance goes, and it is way more secure, simply because there is no sensitive cardholder data in that environment,” he explained.

Tokenization creates a digital representation of the payment information. Tokens protect sensitive data by obfuscating the identity of the payment transaction.

When combined with AI-powered applications, payment tokenization uses large language models (LLMs) and deep learning techniques to protect sensitive data by generating a temporary code to replace the original information.

“So wherever our data is, we do a lot of tokenization on the e-commerce side for card-on-file type transactions. We can give a token back to a merchant, [who does] not have hard data in their environment,” Johnson explained.

Cyberwar Battle Ongoing

From his view of all things cybersecurity, Johnson hedged a bit on the question of who is winning, whether it’s a whack-a-mole marathon or a draw.

“Sometimes it feels like we are winning. A lot of times, it feels like we are losing. So it’s a struggle,” he offered.

He noted that zero-day and supply chain attacks are more serious now because of all the data integration.

“If the tools, applications, or services you rely on are compromised, thousands of companies will be affected.” That is one of Johnson’s big cybersecurity concerns these days.

“So, to answer your question, it is whack-a-mole for sure. But we will continue to be okay,” he concluded.