Our design services have helped grow some of the UK's fastest growing online retailers. Let us see how we can help you too!
Each Tuesday, until the end of June, we’ll be posting an article as part of our Ethical eCommerce series. Today, we turn the spotlight onto online retailers’ responsibilities around the murky realms of data security and privacy.
With headlines screaming news of leaked emails and card details almost weekly, and the increasingly familiar sinking feeling as another grovelling email arrives in your inbox advising you to change your password, it can feel like data breaches are becoming more and more common. It’s a fair assumption to make; it was estimated that in the first half of 2018 alone, around 4.5 billion records were compromised as a result of breaches of this nature. Of course, all of these leaks didn’t spring from the eCommerce sector, but it raises an important issue for those working within the industry; what are the ethical implications of our responsibilities around sensitive information, the way that we collect, store, protect and ultimately leverage it?
It’s an important problem to tackle, and one that affects online retailers more than most. This is because we’re asking our customers to make a considerable leap of faith when they buy from us; placing their trust not only in our description and portrayal of items and the quality of our products, but effectively handing over their wallets, for us to make the transaction on their behalf, out of sight and in a manner that they possibly have a limited understanding of. In short, our industry runs on trust, and the erosion of this trust drastically undermines the success of the ecosystem as a whole. A decade ago it was estimated that 9% in online sales were lost annually due to security concerns held by customers, amounting to a whopping $9.1 billion. With the increase in the value of today’s eCommerce market, and the increasing savvy of the modern shopper, it’s not unreasonable to suspect that today this figure may be even higher.
Concerns around the security of online shopping are understandable. Monitoring from Garlik, which provides services that help protect consumers from identity theft and financial fraud, suggests that over 40,000 pieces of sensitive and financial information are traded online through the black market every day – around 13.2 million a year. While it’s technically correct to say that data is what’s being taken here, what’s really being stolen is identities. What’s the going rate for an identity? According to the latest dark web market price index, bank details remain one of the most costly and desired listings, going for nearly £350 – but your passport could fetch less than a tenner, with a debit card bringing in even less.
The other casualty of these breaches is consumer peace of mind. As online retailers, if we wish to maintain our competitive edge on rival brands, the trust of our customers, and our profit margins, it’s of paramount importance that our data security is not only industry-leading, but also that we’re mindful of (and transparent regarding) the data that we collect from our shoppers.
Of course, data isn’t just something we ask for, use and store for the purposes of processing orders. In many instances, we also seek to learn from it. This is where the waters become a little muddied. What a company sees as ethical data collection for the purposes of bettering customer experience (with, let’s face it, the ultimate goal of a happier buying purchasing more), may not be interpreted in the same way by their customers. The law, of course, lays certain baselines here, and by adhering to data privacy laws, companies know that they are at the very least complying to a baseline of what is generally perceived to be acceptable by the public. As cross-border selling becomes the norm, it’s important to consider regulations that differ country by country. In addition, internal company ethics, for example, who has access to customer data within your organisation, are still important and requiring of considered attention.
Choosing the right eCommerce platform is also of paramount importance when it comes to ensuring you’re building stable, secure sites. It’s worth doing your due diligence to see how different options stack up in terms of the main categories; data handling, fraud protection, SSL and admin security. Shopify is PCI compliant right out of the box. While you sacrifice a little customisation capacity in terms of check out for the sake of this security, with Shopify Plus you have the additional capacity to make modifications even to this section of your site. A huge benefit of the platform is the fact that it comes fully hosted, something which sets it apart Magento and Woocommerce, and comes with a huge amount of reassurance – no need to manage your own server and the inherent security considerations attached.
Ultimately, consent and clarity is everything when it comes to data collection. Privacy policies should be easily accessible and well written. When considering this element of your site, it’s worth noting that a browsewrap (where a policy is provided, but the onus is on the user to actively seek out and consent to it) has far less legal standing than a clickwrap, which demands affirmative user action (usually tick box) to actively give consent.
As cyber attacks intensify, and consumers become more conscious and generally savvier as to how their sensitive information may be being collected, used or exposed, clear policies on data, and robust security strategies that take all facets of protection into account are only set to become increasingly important. While towing the legal line covers your bases, the most successful eCommerce brands of the future will be those using ethical, transparent data policies to build, earn and maintain the all-important trust of their consumers at a time when it is under attack from all sides, and at which it has never been more important.
Hi, can you help with my eCommerce store?
Yes! We provide beautiful, powerful, reliable eCommerce solutions for fast growing brands. Click below to get started.