How to protect online retail customers against cyber crime

By: Luay Alfaham


New research from the Cyber Aware campaign and Experian revealed that the UK public’s email passwords could be leaving them vulnerable to cyber attacks.

So what can retailers do to protect themselves and their customers?

This article discusses ecommerce, cyber security, and how retailers can protect their customers.

Cyber attacks are on the rise, including in the retail industry. According to PwC, attacks on retailers are up by 30% year-on-year. Online shopping, digital marketing and loyalty schemes mean shoppers submit more personal information to retailers than ever before, which is of value to cyber criminals. This article will explore the online retail landscape and provide retailers with the recommended cyber security advice for their customers.

It is important that online retailers are following and advising customers on the correct behaviours to adopt when it comes to cyber security. The public interact with retailers on a regular basis, and they are often a trusted source of information for many people. As a result, these same retailers, however small, have a central role to play in educating their customers about the importance of staying secure online.

Man with multiple screens

One way which leaves the door open to cyber criminals are email accounts – putting organisations and customers’ cyber security and identity at risk. Phishing emails are becoming increasingly sophisticated, targeting specific individuals within a company and often purporting to come from someone within the organisation.

Our research shows that despite 66% of those with an email account saying they were worried about hackers using their personal information, such as passport details or home address, to steal their identity, more than a quarter (27%) reuse their email password for other accounts. This goes up to 52% when it comes to 18-25 year olds.

In order to tackle this issue, retailers need to encourage their customers to have a strong and separate password for their main . As a large online community, it’s really helpful if retailers come together to share consistent messaging across all of their channels. This will help to educate their customers about making one reset to the password of the email account they use the most and ensure their personal details are not stolen via their mailbox.

The current climate in the online retail space

Given the rise in popularity of online shopping, retailers accumulate more and more personal information on their customers. Whilst they all have a duty to keep this data protected, customers too can make sure their online accounts are locked down with strong passwords, particularly for their main email account.

Given the threat, online retailers are feeling the pressure to invest more heavily in cyber-security as the impact of a data breach becomes greater. In line with this, it is also important for retailers to think about remaining competitive in the market. This means that many online retailers are investing in digital channels, apps and other payment technologies to keep ahead of the curve.

Data breaches can have a big effect on retailers’ bottom lines and the impact of them can be long term. According to the RSA, the impact of cyber attacks is wide reaching, with 73% of retailers losing customer data, 68% experiencing unexpected downtime and 50% fraud losses from illegitimate purchases.

PwC also found that only 58% of retailers have an overall security strategy. The same report revealed the retail and consumer sector suffered on average over 4,000 security incidents in 12 months.

In addition to this, the General Data Protection Regulation (GDPR) rules come into place this May and this has significant implications for retailers. One of which is that a retailer has to notify the regulator quickly if they have been breached, and retailers have to be able to delete customer data from all of systems if they request it.

This can be challenging, given the fact that data is often scattered across retail organisations. The increase in data protection regulation has led to greater awareness and concern around issues of data privacy and sovereignty, with 72% of retailers claiming to be affected.

According to the British Retail Consortium’s own Retail Crime Survey, around 53% of fraud reported in the retail space is cyber-fraud, equating to around £100 million in costs each year. Hacking and data breaches accounted for around 5% of the total, around £36 million.  A strong and separate password for your email account is a good way to help prevent cyber attacks and protect your online identity.

Have a strong and separate email password

Our Cyber Aware research highlights the worrying amount of personal information people surveyed keep in their email accounts, which can be a ‘treasure trove’ for hackers.

The research found that people are happy to share their personal information over email, with over three quarters (79%) of people sharing their address or bank details over email, and of those who did, 67% have not deleted all the items. In addition, more than half (55%) of those sending their passport or driving licence still have it in their sent items, 52% have still got bank or credit card details, 66% mortgage or tenancy agreements and 56% handwritten signatures.

Hackers are able to exploit a weak email password which is why Cyber Aware and Experian are urging retailers to encourage their customers to have a strong and separate password for their main email account to help protect their identity.

Hackers can also use your email account to access many of your other personal accounts, by asking for your password to be reset. 55% of those surveyed with an email account have six or more online accounts – from social media to online shopping – with some as many as 21 – so not adopting simple protective measures could have major personal consequences.

A good way to create a strong and memorable password is to use three random words. Number and symbols can still be used if needed, for example 3redhousemonkeys27!. Use words which are memorable to you, but not easy for other people to guess. Don’t use words such as your child’s name or favourite sports team which are easy for people to guess by looking at your social media accounts or simple substitutions like ‘Pa55word!’

The ‘One Reset’

Despite these risks only 8% of those surveyed picked improving their online security from a number of ways in which they felt they needed to “reset” their life. The results form part of Cyber Aware’s recent #OneReset campaign which is encouraging everyone to think about the simple resets they can do to make their lives better – from resetting their fitness regime to resetting your shopping habits by keeping a meal planner – while at the same time taking cyber security more seriously to help protect their identity.

Making just one reset to their email password to keep it strong and separate from all other passwords can help protect Britons from the majority of cyber threats. Cyber Aware and Experian’s survey also highlighted the most popular resets - improving fitness levels (48%), eating a healthier diet (41%), getting more sleep (37%), gaining control of finances (25%) and even changing hair colour (14%).

However, the good news is that it’s simple to take action to help protect your business and customers online by ensuring you have a strong and separate password for your email account. So next time you consider the areas of your life most in need of a reset, reflect on how important your personal data is and the simple reset you can take now to make a big difference to your cyber security. This could help protect you and your customers from being the latest victim of cyber crime.

Tips to better protect your online identity:

  1. Ensure you install the latest software and app updates to your device. You can set these to download automatically, but if not – we recommend you check regularly. The reason this is so important is because they contain vital security patches that protect your device.
  2. When available you should use two-factor authentication on your email account. It gives it an extra layer of security, as it means your account can only be accessed on a device that you have already registered.
  3. Don’t use public Wi-Fi to transfer sensitive information such as card details. Hackers can set-up fake WiFi hotspots, which might enable them to intercept sensitive information you are transferring online
  4. Back up your data to an external hard drive or a cloud-based storage system. If your device is infected by a virus, malicious software (malware) or accessed by a hacker, your data may be damaged, deleted or held to ransom by ransomware, which means you won’t be able to access it. Backing up your data means you have another copy of it, which you can access.


By: Luay Alfaham, Senior Partner Networks Manager for Cyber Aware, Home Office

For advice on simple ways to be more secure online, visit the Cyber Aware website.

Join thousands of other Online Retail professionals

Get unique insights straight to your inbox for free, and improve your understanding of online retail. Subscribe to Online Retail Weekly now.

Webinar Scroll Banner
Join thousands of other Online Retail professionals

Get unique insights straight to your inbox for free, and improve your understanding of online retail. Subscribe to Online Retail Weekly now.

Webinar Scroll Banner