Guest Column | December 21, 2018

It's The Most Wonderful Time Of The Year … For Online Security

By Sandor Palfy, LogMeIn

Payment Security

As retailers prepare for the final push of the biggest shopping season of the year, it’s not just sales at stake.

Online sales are predicted to hit a record $124.4 billion over the 2018 holiday season, nearly 15 percent higher than last year. But more shoppers and more sales means more consumer information and data are shared across e-commerce sites, leaving more people vulnerable to thieves and hackers. For online retailers, it’s critical to know what protections they can implement to keep consumers safe.

Learn From The Best

A good place to start is by looking at the security protections of the top U.S. e-retailers, as noted by eMarketer. By looking at what industry leaders are doing, other retailers can learn what to do to ensure customer information stays safe this holiday season.

No Cutting Corners

The far too common practice of allowing customers to use their social media logins, like Google or Facebook, to create an account without having to create a new username or unique password can put users at risk. Sure, this single sign-on experience means one less password for consumers to create and remember, but it also means that if that social media platform is compromised, so too is their account information on your e-commerce site.

Two Layers Of Security Are Better Than One

The lack of retailers offering two-factor authentication (2FA) for customer accounts is a miss. 2FA is a feature that asks the user for more than just their username and password when they log in, and is a fairly simple way to provide an additional layer of security to prevent unauthorized access to user accounts and data. No matter where people go online, using 2FA is more critical than ever to protect account information from cybercriminals. In fact, it’s a security best practice that 45 percent of businesses are using, according to one of our recent surveys. In that same research we found that only 13 percent of retail companies have implemented 2FA, which means many have a long way to go to catch up to their peers.

Encourage Strong Passwords

It is critical that all online retailers require users to create strong passwords on their sites. Across the board, weak or stolen credentials play a huge role in website breaches, and lax password requirements or security practices leave ample opportunity for hackers to strike. To help users create strong passwords, retailers should provide some guidance to consumers as to what makes strong passwords. E-retailers can help their customers stay safe by requiring passwords that are both long and contain a variety of uppercase and lowercase letters, numbers and symbols. Providing guidance and password strength meters are easy ways for e-retailers to help users make their passwords as strong as possible.

Finally, retailers should ensure their online sites are compatible with password managers. By designing login and registration pages with password managers in mind, you’re making it easy for customers who are taking advantage of the security and convenience this tool provides. Allowing the registration fields to be auto filled and a secure password to be generated by a password manager will encourage users to not reuse passwords and create secure credentials on your site.

While cybersecurity is a shared responsibility – consumers also need to be conscious of their online password behaviors and the amount of personal information they give to companies – online retailers have a responsibility to take the necessary steps to protect their customers and educate them on best security practices. Retailers who put protections in place like requiring strong passwords, implementing 2FA and omitting the option of social media single sign-on will not only help increase the security of their customers, but also will be protecting their business in the long run.

About The Author

Sandor is CTO of Identity and Access Management at LogMeIn, responsible for the technology vision, innovation, engineering and security of all LogMeIn IAM products.