As more consumers move online to do their shopping, the e-commerce industry continues to boom. U.S. consumers spend around $1,200-$1,300 per year, and that number is expected to almost double by 2016. That increase provides even more opportunity for hackers. The data breach investigations report estimated 174 million compromised records, 81 percent of which utilized some form of hacking.
Security measures should be the most important factor stressed in e-commerce. The brand is held responsible for securing the customer’s information. If that privacy is breached, the customer suffers consequences.
Once a customer’s information is stolen, the consumer must quickly report and cancel all accounts. Generally, the bank or company reimburses any compromised activity — this puts the consumer at a major inconvenience, but holds the seller financially accountable.
Scot Terban has been a security consultant since 1996; he’s worked for IBM’s global security services group since 2000.
According to Terban, both the consumer and the brand are at risk, though there are more concerning calculations for the latter.
“If a [company selling a service] is the source of the compromise — and it can be shown now that they have not made the proper strides to protect their clients’ data — then they may end up footing the bill in some cases as well as garner large bad press on the incident and their services,” says Terban.
In the event that your data has been hacked from an e-commerce database — depending on what data has been given to the site — Terban suggests that you do the following:
1. If you have a credit card number saved in your profile, you should alert the bank and have a new credit card sent to you after canceling the compromised one.
2. If your e-mail address is a primary one that you use for everything, be aware that it may now be fodder for “phishing” attacks on you for more information.
3. If the website collects personal data, such as date of birth or (and this should not happen) your social security number, then you should obtain some identity-theft protection that the company that lost your data should pay for.