E-Commerce Security – Protecting Against E-mail Fraud
E-Mail fraud and e-commerce security is a genuine threat that we all face daily. These messages, sometimes referred to as “phishing” or “spoofing,” are becoming more prevalent and may appear legitimate by incorporating company logos, colors, or other legal disclaimers into them. As an online merchant, your customers are an extremely vulnerable group. It is essential to protect your customers and have an online presence that is credible, professional and secure.
Here are some security tips for online merchants.
- Never request any customers’ personal or banking information via e-mail.
- Include your customer service phone number in the header of your site – this is both comforting to your customers and provides a mechanism for them to report suspected fraud.
- Ensure your e-mails have a consistent style and layout that is professional and that your customers recognize.
- Display the full URL of links in your e-mails – this allows your customer to see that the URL is to your site.
- Follow e-commerce security best practices as it relates to account creation and passwords. (See Magento Password Options)
- Take appropriate steps to secure your site from site-spoofing and URL-spoofing that include monitoring and countermeasures.
- Use authenticated e-mail servers. These include DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework), often in conjunction with DMARC (Domain-based Message Authentication, Reporting, and Conformance).
Learn more about how to avoid phishing scams in this article from the U.S. Federal Trade Commission:
Crimson Agility is an e-commerce and Magento expert with a focus on security and preventive measures for online merchants. Ask us about our Magento Security Audit for your Magento 1 or Magento 2 site before its too late. An ounce of prevention is worth a pound of cure. A little precaution and planning before a security crisis occurs are preferable to reacting to the fallout of a disaster.
For more help and information on e-commerce security, contact us at Crimson Agility.