Secure 2023
Best of VIDEO

E-commerce and Data Privacy - Part 1

In recent years, purchases and sales of products and services via the Internet have grown meteorically. The growth of e-commerce (as we more commonly know it) whilst increasingly convenient for sellers and customers alike, also reveals new risk areas for them both as well.  

It is almost impossible to complete a transaction without sharing your personal data and its for this exact reason that data privacy has now become one of the most significant and pressing concerns in e-commerce. Naturally then, companies need to reflect on how to approach such a complex topic, namely through defining a privacy policy.

An e-commerce privacy policy should become your everyday handbook and should reflect what types of personal data you collect from your site’s visitors, how you use this data and how you keep it safe along with any other relevant details about your privacy practices.

In fact, GDPR requires all companies operating in the EU as well as foreign companies that handle personal data of EU citizens to have a Privacy Policy. This is part of the EU’s goal to ensure that personal information relating to its citizens is obtained and processed fairly.


E-commerce, still growing strong

According to a report from Digital Commerce 360 published in January 2019, global e-commerce has been steadily growing within the retail sector. This is especially visible within two of the largest dominating economies in the world, the US and China.

China is now the number one e-commerce market globally with online sales surpassing $877.00 billion in 2017, with retail sales hitting a grand total of $5,85 trillion during the years 2017 and 2018. Moreover, the US has the second largest global market in retail sales, coming in at $449.88 billion during the same period.

This growth is easy to explain in light of the benefits offered by e-commerce such as purchasing goods directly from anywhere using any device, the huge range in choice shopping online provides as well as increasingly competitive pricing.

Conversely, though, far more information is required from you as a customer. To complete an e-commerce transaction you need to share your personal data, such as name and last name, shipping address, billing information, among others, introducing complex data privacy issues that need to be subsequently addressed.


Privacy threats to e-commerce

Users may be reluctant to share their personal data if they believe their privacy can be invaded, at risk or shared with third parties without their consent.

Unauthorized access to or reuse of their personal data, as well as illegal sale of their private information to other parties, are one of their main concerns. Fortunately, users are more vigilant than ever about their privacy protection and may stop using an e-commerce service if they have the impression that privacy safeguards are not guaranteed.

Threats affecting an e-commerce site can compromise personal data from their visitors. These can be accidental, intentional or due to human error. The most typical security and privacy threats include phishing and social engineering, personal or card data theft or misuse, malware, and hacking.

Two highly prevalent threats that can adversely impact the personal information of an e-commerce site visitor are phishing and social engineering attacks. With this technique, hackers send emails to customers presenting themselves as a legitimate business and attempting to get users into clicking on malware links or disclosing their personal or card information.

Another privacy threat to e-commerce is password and identity theft. Sites should enforce strong passwords or advanced authentication methods while raising awareness to their visitors or customers about best practices when creating passwords (i.e. do not reuse passwords or use simple patterns). Otherwise, attackers might find patterns and easily discover user passwords allowing for their personal data to be stolen

All of these threats highlight the importance of having the appropriate data privacy measures to ensure that the protection of personal data of e-commerce site visitors and customers is guaranteed.