Online merchants are navigating between two worlds: what they hear from online privacy and payment card experts and buyers; perceptions of the risk involved in sharing credit card data over the Internet.
Shopping online has become ubiquitous throughout the US — 66% of the online American population has bought something through the channel in the last year, according to a recently released survey from Pew Internet Project. The number of Americans buying online has doubled in the last seven years. But the same study found the channel is still vastly underused due to fear; 75% percent of that same group say they do not like sending personal or credit card information over the Internet.
However, most security experts agree that consumers are at far greater risk of having their credit data stolen in-store than online.
“In-store transitions or point of sale transactions may lead in the threat area,” said Judd Rousseau of security firm Identity Theft 911. “The technologies and tools needed to take or copy information is easier to get and use for point-of-sale transactions.”
Mark Byers, VP of operations at e-commerce service company Mobilians International, agreed.
“Most online systems have more security and have less human interaction than a customer using their credit card at a retail store,” he said. “There is much more opportunity for a credit card number to be stolen in these circumstances versus being hit by a security breach at an online mega-retailer.”
Still, the Pew report estimated that without privacy concerns the share of Internet users buying products online could be as much as three percentage points higher. Certainly, online merchants themselves recognize the importance of brand reputation and consumer trust becoming central to whether or not a buyer will complete a purchase on a particular Web site.
Craig Vodnik, VP of North America at third-party payment services provider Cleverbridge, said that while the right data-encryption technology and third-party payment processing partners are important, there are other factors that may lead a consumer to buy on a particular site.
“Security wise, not much has changed in the last year,” he said. “But the perception of what is safe and what is not has changed.”
He went on to say that consumer reports of phishing — the illegal practice of redirecting traffic from a legitimate merchant’s Web site to that of a fraudulent scammer in order to obtain information — increased three to four years after the online security experts had begun discussing and combating the risk.
Vodnik recommended online merchants using third-party vendors apply certificate seals, consistent branding and a familiar IP address to customer-facing shopping carts, so as not to alarm consumers who might be looking out for the sign that they are being redirected during the payment process. The reality, he says, is that customers are often being redirected to a more secure third-party site that is charged with storing payment card data and uses advanced encryptions before being asked to enter personal information.