Why Aren’t Online Retailers More Concerned About Security?

Discussion
Jun 14, 2013

Online shopper loyalty is typically built on convenience, free shipping and good prices, but if credit card information is stolen or e-mail hacked due to poor security practices, all the other stuff goes for naught. Brand confidence that takes years to build can collapse in seconds. As obvious as this sounds, a recent audit found that three quarters of online retailers have not yet adopted online security and privacy best practices.

At the recent IRCE (Internet Retailer Conference & Expo) in Chicago, the Online Trust Alliance (OTA), a non-profit industry group, announced its 2013 Online Trust Honor Roll. The list is based on over 700 audits of domains with regard to excellence in privacy, security and consumer protection.

Thirty-two percent of companies audited made the Honor Roll, with Twitter having the best overall score and American Greetings ranking number one for internet retailers. Rounding out the top ten e-commerce sites (actually eleven, due to a tie) were Amazon, Big Fish Games, Bike Bandit, Books-A-Million, iHerb, JackThreads, Levenger Co., Living Social, Netflix, Ralph Lauren and Rock Auto.

Twenty-six percent of the Internet Retailer 500 made the list, but 53 percent failed to achieve even passing scores in one or more categories. The OTA says there were 2,644 reported security breaches worldwide (not just in retail) in 2012, exposing 367 million consumer records.

Yet, there are signs of progress. Thirty-eight percent of the top 100 online retailers made the grade this year, vs. 32 percent last year, driven by higher SSL (secure socket layer) scores, indicating improvement in site security and privacy policies. Do Not Track browser settings (DNT) are not yet a significant trend as only one site (Twitter) across all audited sites has adopted this standard. And while nearly seven percent of studied organizations had a breach incident in the last two years, less than three percent of the Internet Retailer 500 experienced an incident.

What are the most urgent privacy and security issues facing online retailers today? Are many online retailers undervaluing the need for trust-worthy security?

Please practice The RetailWire Golden Rule when submitting your comments.

Join the Discussion!

11 Comments on "Why Aren’t Online Retailers More Concerned About Security?"


Sort by:   newest | oldest | most voted
Ryan Mathews
Guest
8 years 11 months ago

As a society our rules, conventions and governance models have not caught up with our technology creating a “digital no-man’s land’ of privacy and security questions.

For example, could Twitter be a model of effective privacy and security on a commercial level and still feed big data to the NSA?

There’s no question in my mind that data privacy and security will be two of the biggest issues in the immediate future of commerce, government and society, but how those questions will be finally resolved is—right now—anyone’s guess.

Ian Percy
Guest
8 years 11 months ago
The annual cost of software failures and cyber-crime is $2.2 trillion in the U.S. alone! Over $6 trillion worldwide. The problem is we’re looking for security in all the wrong places; it’s like we’re trying to waterproof a sponge. The primary root problem is software integrity! Software is the most pathetic product ever produced by human kind when it comes to being fault free. Actually read one of those “I Agree” things you click on and there will be several clauses in there about how the software is not warranted to work as expected, you are using it “as is” and so on. (Ironically with Google it’s often Section 13.) 25% of all software projects are cancelled before completion due to incompatibility or failure with 5%-15% abandoned shortly after delivery as hopelessly inadequate. You may know what I’m talking about. EVERY time you tweak a program, update, add software, download an app, experience operator error or whatever you expose yourself all over again. Even the “security” programs have built—in faults. So while you are putting… Read more »
Cathy Hotka
Guest
8 years 11 months ago

Some retailers have complex and comprehensive security programs in place. The retailers who punted, thinking that nothing will happen to them, found a different reality entirely. The industry needs to have an open and honest discussion about the risks, and better ways to gain executive sponsorship.

Camille P. Schuster, Ph.D.
Guest
8 years 11 months ago

Privacy and security are major issues when consumers think about it. Breaches of security bring the issue to the forefront. As some sites became more secure and/or promoted their security, more consumers purchased items from their computer. The convenience of using mobile devices is attractive to many, but more consumers would make purchases using mobile devices if the security was better. The more breaches happen and are publicized, the more concerned consumers become.

Shep Hyken
Guest
8 years 11 months ago

This issue doesn’t just affect online retailers. It’s any business that accepts credit cards—or any place that handles a customer’s financial information. Some of the biggest security issues are with banks. There is even a grocery store chain that criminals hacked into to get credit card numbers. There are companies like AllClear that a business can bring in to help protect the consumer’s sensitive information. All that said, online retailers—and any other business that takes credit cards—need to be security conscious.

M. Jericho Banks PhD
Guest
M. Jericho Banks PhD
8 years 11 months ago

I am an online retailer. Our primary security measure is simply not storing credit card information on our site. We leave that responsibility to our payment gateway, Authorize.net, which we trust to be protected and secure. We also trust our merchant banker, Retriever, with sensitive information so we don’t have to store it on our site. I wonder if the Online Trust Alliance considered auditing payment gateways and merchant banks.

Warren Thayer
Guest
8 years 11 months ago

Having spent a lifetime in moderate paranoia, I nevertheless routinely fly in airplanes, work as a volunteer firefighter and worry about being struck by lightning while hiking in the woods during storms. These are among the risks I take and accept, just like using my credit cards online. I think most retailers do a pretty good job with security, and I avoid those who worry me more than the norm.

Craig Spiezle
Guest
Craig Spiezle
8 years 11 months ago

The challenge is integrating security and privacy with upfront planning and doing so company-wide, moving from a compliance mindset to one of “stewardship.” As an afterthought, it can stifle innovation.

Craig Sundstrom
Guest
8 years 11 months ago

There’s no mystery why security is (likely) inadequate: few in leadership have much experience in it. People familiar with management dynamics recall that there are marketing dominated companies, finance dominated companies, engineering/technical dominated companies, etc.; there aren’t many—or even any—”programmer-dominated” companies, except perhaps within the computer industry itself.

Ralph Jacobson
Guest
8 years 11 months ago

We, at least in the US, are quick to forgive and definitely forget the missteps of our beloved retailers. Even when there are significant security breeches, we don’t stay away from those merchants for long…. if at all.

I think those merchants that do not have the same best practices in place around security that the top-ranked merchants do need to get them in place asap. I think it is as simple as that. These security measures protect the merchant as much as they do the consumer.

AmolRatna Srivastav
Guest
AmolRatna Srivastav
8 years 11 months ago

“I accept all terms and conditions” has become the most common lie in the cyber world. And this is becoming a big challenge so far as privacy issues are concerned. Can there be one set of rules which can be overseen by regulatory authorities, that could put a stop to privacy issues and people signing up without knowing what they are signing in for? This could be wishful thinking, but I am envisioning a common set of rules. This can ensure that people read before signing up as they don’t have to worry about terms and conditions. They would be same for all….

wpDiscuz

Take Our Instant Poll

How confident are you in the privacy and security measures of the majority of online retailers you use?

View Results

Loading ... Loading ...