As new technologies help the human race make great advances in healthcare, transportation and commerce, there’s a new set of risks that come with the rewards.
Online shopping, for example, opens up a whole new world of products that are inaccessible to people in some areas. It makes it easy to find and send gifts to family or friends instead of driving around to multiple stores until you found the perfect gift at the perfect price. Now, it’s as easy as a few clicks of a button, saving us time and money.
We’re shopping online today more than ever before. During Amazon’s 36-hour annual Prime Day sale earlier this month (July of 2018), 100 million products were sold to shoppers in 17 countries.
Why We Shop Online and Why the Hackers Love It
When our favorite brands and online stores can help us save time and money, we’re more than willing to give up all kinds of personal data, like our address and credit card number, in order to make it happen.
What we don’t want to spend time doing is managing dozens of passwords for the dozens of online stores we shop. So, many of us are guilty using the same password over and over in order to make it easy on ourselves. But, what we’re actually doing is making it easier for hackers to access our accounts, in turn to use and exhaust our available credit or funds.
New Research Shows Hackers Target eCommerce
The topic of personal data theft via eCommerce and other sites using a technique called “credential stuffing” is the focus of a recent study published by Shape.
Hackers opportunize on credential spills, which Shape defines as an incident breach during which hackers obtain an organization’s database of usernames and passwords. Then, user credentials are tested en masse on other sites and for those that do work, hackers can often assume that user’s password works on other sites, where payment methods reside.
This study is not only raising the eyebrows of consumers but eCommerce brands as a result of a frighteningly notable finding:
“more than 90% of the login traffic of online retailers actually comes from hackers using stolen login data.”
And—yes, you did read that right.
What Can Consumers and Companies do to Combat Credential Theft?
The answer, of course, isn’t simple. Consumers and the companies holding your credentials need to be vigilant about data protection.
eCommerce companies should use HTTPS, or Hypertext Transport Protocol Secure, which encrypts data, such as usernames and passwords, transferred via the Internet. Google Search also happens to give better rankings to HTTPS websites versus those without it, according to Practical ECommerce.
eCommerce companies, or any company for that matter with a password protected account option, should encourage and require users to create a unique password that’s not already in use. Or, consumers can take their own data protection into their own hands by using a password manager to make it easier to deal with the dozens of passwords most of us have today.
You should also inform and educate your customers of hacking techniques, like phishing emails, to obtain user credentials.