A lot of progress has been made in the e-commerce industry in addressing cybersecurity concerns, but there is still a long way to go. On average, merchants received a ‘D’ in “network security and patching cadence” according to a survey released at the end of 2017 by SecurityScorecard, a national security ratings firm.
The report also found that technology retailers and department stores scored the lowest compared to other types of stores in cybersecurity. According to the SecurityScorecard survey of 1,924 businesses, retailers were “the prime target for cybercriminals…and this includes both online and brick-and-mortar shops.” Many retailers are, according to the poll, “increasingly reliant on third parties, including cloud providers and payment processors.” It’s clear that e-commerce is continuing to rise, with $500 billion in online purchases expected this year. As the demand for goods and services online rises, so does the importance of cybersecurity in safeguarding data and profits for businesses.
Before addressing the benefits of the blockchain, here are a few common-sense reminders you may have overlooked this month to help prevent fraud to yourself and to your customers.
- Back up your data. If your data is compromised in some way, you will want a backup ready to go so you can be back in business in an instant.
- Run routine security checks just to be safe and keep your antivirus software up to date.
- Make sure to review any third-party plugins and remove any that aren’t entirely necessary. These can introduce vulnerabilities.
- Your company’s security doesn’t rely only on the company’s internal security. Make sure to thoroughly vet any third-party vendors or partners who may have access to sensitive data.
- Protect your own devices and the devices of your employees. Use strong passwords and authentication methods.
- Use authentication methods for your customers and try to remind them to make strong passwords as well.
- Do your part to mitigate phishing attempts. On Telegram, many mods put “Will Not DM You” in their handles to prevent users from being tricked. Remind your customers of your protocols and communication methods. Be clear and consistent.
Blockchain Marketplaces are Better
The largest NFT marketplace, Opensea, is a great case study on how secure a marketplace based on the blockchain can be. With such massive volume for about five years, there have been very few scandals. The only notable scandal was uncovered on Twitter. An employee was engaging in insider trading by buying NFTs before they hit the market. Most, if not all, of the security risks so far have been human error.
And this isn’t due to a poor UI or how difficult UX can be in crypto. Opensea is easy to use. Of course, it is a simple concept with a strong design: there is nothing stored on the website itself. All of the NFTs are on the blockchain. Opensea aggregates and displays that data and allows you to interact with it.
But scammers have found a few tricks rather than hacks. They may upload fake NFTs. This can be protected by checking the contract address or clicking the link directly on the project page. Sometimes, Opensea grants legitimate projects a blue checkmark. Fake projects won’t have this.
Help your users navigate what’s real and what’s fake. Tell them to only visit Opensea by clicking the link on your page.
Another clever little trick some scammers have done is bid on NFTs with USD instead of wETH with a profile picture of ETH. This has fooled some people into thinking they were getting a 3 ETH bid instead of a 3 dollar bid, and they accepted without thinking.
How The Blockchain Can Help
Blockchain technology excels at privacy and security. What’s better is that this security exists in a trustless environment. It is the safest way to store transaction data, and the crazy part is that no one is in charge. If e-commerce transactions could reside solely on the blockchain, we would be better off. But there is still a lot of power and convenience in Web2 systems as well as a world full of users. So how can blockchain integrations help maintain security in a Web2 environment? Let’s look at some common problems in e-commerce today.
1. Financial information. Hackers use a varied technique called “e-skimming” to take payment information in real-time and divert it to their own server. Skimming codes can infiltrate a system in a number of ways: through the e-commerce platform, the internal network after obtaining admin credentials, a third party acting as an unaware trojan horse, or other vulnerabilities.
- If customers pay with their crypto wallet, no financial information needs to be entered and the transaction will be secure. Even fiat on-ramps typically do not require information to be stored.
2. Personal information. The easiest way for hackers to obtain customers’ personal information is for them to grab it all from one centralized server. Putting it all in one place is incredibly risky. Anyone who has identity protection services will see security breaches happen on a regular basis. Even more sinister is that some companies will sell customer data.
- If e-commerce sites begin to adopt decentralized storage, it will become impossible for hackers to gather that data or for it to be distributed without the user’s permission.
3. Checkout bots. When new products launch, some bad actors use bots to buy as much inventory as possible so that they can then sell those limited-edition goods for a high price. This prevents loyal customers from enjoying their favorite products. The problem is so pronounced that even the American government stepped in to help. A federal team was launched to analyze and take down the large groups that create the majority of these checkout bots.
- If brands sell ReserveX NFTs to their customers, then this problem can be solved. Unless a user holds a ReserveX NFT, their checkout button will not be visible. NFTs are impossible to fake, therefore these fraudsters will have no more options.
4. Data loss or fraud. Two problems with a similar solution. A brand may manage to lose its personal data and not have a proper backup. Or someone may commit fraud by using stolen payment information to buy products at a brand’s store. Both of these scenarios involve transactions either lost or made incorrectly.
- All transactions are transparent and visible on the blockchain. After coming back online, brands can get right back to where they started based on the data stored on the blockchain. Or if a fraudster recorded transactions on the public ledger, it won’t be incredibly difficult for the FBI to find.
There are other problems in retail that the blockchain can help with, such as DDoS attacks, but these four are the main focus right now, and the blockchain has immediate answers. By applying its specialized security benefits in novel ways, SHOPX can expand the reach of Web3 capabilities to Web2 vulnerabilities and make the e-commerce shopping experience smoother for everyone involved.