Don’t rush into e-commerce because of COVID-19, says expert

With the COVID-19 crisis forcing retailers and restaurants to close their doors, some are thinking of shifting quickly to selling products online to bring in at least some revenue.

But an expert warns managers not to leap into e-commerce without thinking of cybersecurity and privacy issues.

“A lot of smaller retailers that are not traditionally into e-commerce are rushing in quickly, and there’s a concern not only about fraud but also web and business security,” says Greg Young, Trend Micro’s vice-president of cybersecurity.

A quick but poorly thought-out e-commerce process can be a back door into a business, he pointed out. In addition, e-commerce means new data worth stealing such as payment and customer information that has to be protected. It also opens the possibility of goods being fraudulently obtained through stolen payment card numbers. Finally, there’s the possibility of online fraud due to charge-backs and returns. These are things that make e-commerce exceptionally risky to just jump in and do without care, Young said. “You can do it quickly, but do it carefully.”

One of the biggest mistakes he says he’s seen are firms doing everything themselves — online credit and debit card payments and building a Web front end. “I understand they don’t want to spend a lot of money on it,” says Young. “But customers who rely on outsourcing like Shopify and other platforms certainly have a lot less risk.”

He offers these three tips:

  • “Outsource what you can, only do what you must. ” For speed to market and risk management, outsourcing to trusted parties will cost you some money but the trade-off is worth it.
  • When considering a cloud e-commerce provider ask what the service offering is, how does it protect your customers from data theft and fraud, what are the fees, does it handle returns and charge-backs, what help desk service does it offer. “The ones with the cheapest rates may not be the best for security,” Young adds.
  • “Scrub information you don’t need to save.” Don’t keep credit card information; don’t keep customer information. Remove whatever data you can after a transaction is done except the minimum needed to keep a record. “Unfortunately, most businesses tend to be hoarders of personal information, and they tend to keep too much of it. It’s an asset that can be stolen, and you have to pay to secure it.”
  • “Web security and encryption are hard.” Try to use established products where possible. Don’t try to invent e-commerce security yourself.

Retailers also have to be ready for e-commerce, Young added. He recalls a CTO who was brought into a company to set up an online storefront — before the pandemic hit — who ended up being fired because the organization couldn’t handle all the challenges. (Ironically, he adds, that firm’s revenues are up today because it finally implemented e-commerce satisfactorily.)

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs