3 Tips for More Secure Mobile Websites
It is getting more difficult to talk about eCommerce trends without bringing up the increasing popularity of mobile shopping. Mcommerce is quickly becoming a crucial channel for sales and many retailers are investing in it heavily as a response. However, despite the increased traffic from mobile devices, actual sales conversions are slow to match the rapid growth. Currently, there are still some major barriers to complete adoption—one of the biggest being security.
As with eCommerce, safety and trust have a powerful influence over customers when it comes to clicking ‘buy’ and entering personal or financial details via their smartphone or tablet. According to a study conducted by Mobio Identity Systems, 73 percent of survey respondents ranked security as the most important factor for making a mobile purchase—yet a whopping 94 percent would reconsider, if the transaction were guaranteed to be secure.
With these results in mind, safe mobile websites and apps are going to play a key role in merchants’ future online success. Below, we discuss three ways retailers can make their mCommerce channels more secure and increase consumer trust as a result.
Mobile PCI compliance
When customers access your site from their mobile device they are simply coming in through a different door and authentication is therefore still an issue. As more and more people trade in traditional desktop shopping for mCommerce, merchants will have to deal with double the potential vulnerabilities and adjust their code as a result.
Additional mobile security issues can stem from insecure wireless networks on the user-side. While customers may be connecting to websites via public or unknown Wi-Fi networks, merchants can pre-empt potential security risks by writing web pages and account access modules to protect sensitive data from snoopers or sniffers.
The PCI Security Standards Council published a fact sheet in 2012 to give businesses guidelines to follow in order to make their mobile payments more secure. Additionally, they recently released an eCommerce Information Supplement to help merchants better understand the online infrastructure requirements and how to work with third-party providers.
Mobile Security Policies
There will always be certain unforeseen vulnerabilities on the customers’ end, but by creating and enforcing stricter policies, you can help them avoid some potential threats.
As with traditional eCommerce security, there is always the trade off between protection and less friction—more data fields means less fraud and better security, but potentially less sales. To mitigate this, use risk and identity fields sparingly, adding them only to get valuable, decisioning information. Most importantly, always require customers to enter their CVV (Card Verification Value) code along with other payment details—even if you already have the customer’s financial information on file.
However, don’t underestimate the willingness of buyers to assist in their own account protection. Helping customers understand why you need each field may help assuage some of the friction. Like the above stats suggest, consumers may be more willing to take extra steps if it means their personal data will be safe.
Mobile specific payment gateways
Another way eCommerce merchants can better secure their mobile sites is through third-party payment or shopping cart providers. Look for built-in mobile commerce shopping cart features that can help remove some of the responsibility. Although, it is important to remember to only choose a provider who themselves is already PCI compliant.
Your chosen payments provider should store and encrypt credit card information securely in the cloud as well as make sure that sensitive information is removed from the device post transaction. While storing financial details may be more convenient, it is essential that no data is stored locally on a customers’ device.
Mobile commerce is the next frontier of retail, but before merchants rush to embrace it, they must step back and assess the potential risks to security as well as their reputation. Consumers are still uncertain about security when shopping on their mobile phones and tablets, and retailers must convince them otherwise. However, the above tips are just a small part of the mobile security measures needed to better communicate and enforce security for mobile purchases.
Share your thoughts in the comments below, and be sure to follow us on Twitter @McAfeeSECURE for the latest eCommerce news and events.