SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
How online retail businesses need to bundle security into customer experience
Mon, 8th Oct 2018
FYI, this story is more than a year old

Cashless payments are driving the eCommerce market in Southeast Asia (SEA).

With smartphone payment apps such as Google Pay and Apple Pay, consumers get to enjoy the convenience of a digital wallet anywhere, anytime.

Whether it's ordering McDonald's delivery, stocking up household necessities or even the occasional impulse purchase, consumers are demanding convenience – be it on their computers, or mobile devices.

In fact, recent research has found that consumers are willing to pay more for convenience and a personal touch.

Yet, for all the convenience those services offer, there's still one overriding factor holding consumers back from using online services – trust.

A recent Ipsos study found that nearly half of global online shoppers refrain from shopping online due to a lack of trust, as fears and concerns over data privacy have deterred many people from sharing their personal information online.

Security is an important aspect in Singapore, with the latest research revealing that 47% of Singaporeans believe that security is the most important feature in their eCommerce apps such as Carousell and Amazon.

This is compounded by the fact that three in five respondents will delete an application if its data security is compromised.

As online market places evolve and customer preference for eCommerce continues to grow in Singapore and the Asia Pacific, security risks are becoming a bigger issue.

Businesses need to cater to the security needs of their customers to capture the opportunities in the region – but how can businesses ensure they deliver seamless and convenient services without compromising security?

Think like a consumer: We all have trust issues

From email addresses to phone numbers and credit card details, users expose a trail of data whenever we interact with online sites and apps.

With the amount of private data out there, coupled with the frequency of news on data breaches – 98% of the top 50 eCommerce apps have been found to be vulnerable to security attacks – online retailers as well as customers are at risk of cybersecurity threats such as credit card fraud, hacking and phishing attacks. 

eCommerce sites, in particular, are increasingly targeted by hackers due to the sensitive payment card information.

Organizations doing business online need to have adequate cybersecurity controls in place, or risk consequences such as a loss of revenue, and damage to brand reputation in the event of a cyberattack.

Without a strong cybersecurity posture, no individual quality of a business is enough for visitors to buy a service or product they do not trust.

Security vs convenience

Mobile apps have taken the eCommerce industry by storm.

So much information is stored in apps – users even have apps residing within apps that enable them to easily store social network profile or payment information in apps.

This has transformed the way consumers shop online.

While online shopping has brought about greater ease of use and convenience, it also presents significant cyber risks due to the volume of sensitive data and personal information shared between merchants, payment providers and consumers.

This is a worry as consumers tend to favor convenience over security, and use devices and apps without discernment and readily surrender their information without a second thought – leading to a treasure trove of data for cybercriminals.

We recently ran a social experiment in Singapore and found that contrary to what they said (53% prioritized security to convenience), 70% of Singaporeans were more willing to sacrifice personal data for convenience.

This means that while users acknowledge the importance of security, their actions do not quite reflect it.

Therefore, there needs to be greater awareness of the issues of data privacy to ensure that adequate measures are taken by customers to secure themselves and their online accounts.

There needs to be a fine balance – and silent security is key

The demand for technology-driven intuitive experiences is here to stay, with the emergence of an affluent and digital savvy middle-class and rising Internet and mobile penetration in the region.

What this means for businesses is that they must be able to balance both the demands of convenience and need of staying secure.

This is where silent security comes in – the concept of providing an app experience that is secure, yet not overly inconveniencing users.

It involves using solutions that grant access to application functions and data depending on the identity, location, and device used to access the app from.

This ensures that users are who they say they are, and ensures that their credentials have not been compromised.

Biometric checks like fingerprints and facial recognition, as well as using two-factor authentication devices are also equally important.

As more consumers adopt online shopping, security in eCommerce is a top priority for both businesses and consumers.

Security needs to be foundational and silent, and should not be an afterthought.

Online businesses should have multiple layers of security in place to keep valuable data protected – ultimately finding that sweet spot between convenience and security to deliver the right user experience, or risk losing them.