Vaping and Cannabis Industries are Booming: Learn how to Easily Comply with Age Verification for Sales of Regulated Goods Online, Mobile and On Premise

Mobile commerce, by any measure, is booming. Forrester estimates that sales made via smartphones is expected to reach $209 billion by 2022 and in 2018 accounted for approximately 23% of all online sales. For businesses selling age-restricted products such as tobacco, e-cigarettes and cannabis, selling online is more challenging. Retailers must verify a customer’s age to meet federal regulations. In fact, it is the responsibility of retailers to ensure they do not sell age-restricted products online to people who are under the minimum legal age, and failure to set up reasonable measures to confirm the age of potential purchasers can result in fines and even possible jail time.

New laws that permit the sale of cannabis in certain states have started a whole new industry for online sales and distribution – including home delivery via “Uber” like apps. At the same time, e-cigarettes and vaping are becoming increasingly popular, particularly among teens. In 2018, more than 20% of high school students reported having used e-cigarettes in the last 30 days.

Access to these products is easily available via online sources and online retailers often rely on the purchasers to confirm that they meet the minimum age requirements by simply checking a box or providing a date of birth.  Requiring a credit or debit card isn’t enough for proof of age either, as minors can obtain these cards as well. For today’s boundary-testing and technology-savvy teens, these techniques are not adequate and fail to limit access to age-restricted products. In one study, underage buyers were able to use their real ID and a prepaid Visa card to order alcohol online and have it delivered to their home without anyone verifying their age.

As a result of online and mobile sales of restricted products and the proliferation of these products among minors, the U.S. Food and Drug Administration (FDA) announced in November 2018 that new steps to restrict illegal underage use of e-cigarettes would be coming. One proposed measure would require that online stores implement better age-verification measures – far stricter than the self-verifying measures that are common.

California has already enacted the STAKE Act, which prohibits the sale of tobacco products to anyone under the age of 21 and imposes mandatory steps for online retailers to verify the age of prospective buyers. These steps include matching the customer information to a database of verified individuals and if they cannot be verified requiring the purchaser to submit an age-verification kit with valid government identification.

To better comply with current and potential future legislation while still providing a positive customer experience to of age purchasers, retailers should implement improved online and mobile identity verification solutions, as well as in store when applicable. This will protect them from legal implications and guard their reputations in the communities they serve.

There are now technologies that can help merchants accurately verify a customer’s age using their mobile device or desktop camera in seconds. The customer can simply submit a photo of their government-issued ID for forensic authentication to ensure it is a genuine, unaltered ID. The speed of verification means that legal buyers can be assured of a quick, painless experience. On premise, this can be accomplished with either a mobile device or a scanner connected to a desktop or even a self-service kiosk solution.

For an extra layer of protection with remote transactions or for initial sign up to make recurring transactions easier, merchants can employ facial recognition technology to confirm that the person making the purchase is the same person in the ID. The buyer can take a selfie and compare it to the extracted biometric data from the ID. Again, results are given in seconds. In addition to these offerings, Acuant provides liveness detection which confirms that there is a live person in front of the camera – not a static image. Retailers can also use that information for future transactions (using only facial recognition to verify and transact), as well as for records management and marketing to age-appropriate customers.

While age-restricted products like e-cigarettes should not end up in the hands of children, legitimate buyers should be able to purchase products with ease. At the same time, retailers must protect themselves from fraud and fines due to increasing regulation. Acuant’s ID verification solutions allow merchants can take advantage of the boom in mobile commerce while staying on the right side of the law and delivering a superior customer experience.


free download KYC: ID & Age Verification in the Digital Economy

Three Ways to Combat Rising Retail Fraud

Reports show that fraud challenges and cost pressures continue to plague retailers across the U.S. A study from ACI Worldwide projects a 14 percent increase in total retail fraud attempts and a 17 percent increase in value this year compared to 2017. Areas of particular concern are the sharp rise in card-not-present (CNP) and mobile commerce fraud, according to the annual LexisNexis “True Cost of Fraud” report. The number of merchants selling goods via mobile channels, especially digital goods, is growing, but there are significant risks. For each dollar lost to fraud, online merchants can ultimately expect to lose $2.94 in revenue. That number jumps to $3.29 per dollar for m-commerce retailers.

The dramatic growth of mobile sales and the need to acquire and retain customers are driving retailers to move to m-commerce. Millennials are particularly likely to purchase from their mobile devices, but m-commerce transactions are rising across the board as smartphone ownership is at all time high. Half of U.S. adults (51 percent) report making online purchases via their smartphone according to Pew Research.

So what can retailers do to mitigate the risks of online shopping? Here are three ideas to keep identity scammers at bay.


 1. Require Customer Accounts

To better know and understand their customers, retailers can require shoppers to set up an account. Taking this step will ensure that customers provide more information about themselves during the buying process. In order to make on-boarding seamless, merchants can allow mobile shoppers to use their smartphone camera to capture the identity document and auto-populate key customer information directly into the system using Acuant’s IDscan technology.


2. Verify Your Customer

As mobile commerce is the sector most susceptible to fraud, particularly identity fraud, retailers are realizing the importance of both ID authentication and verification. With AssureID, merchants can know that the identification document is valid and use Acuant’s FRM technology, to authenticate that the customer is the person in the document. In the digital ID capture process, Acuant runs up to 50 different authentication tests per document in seconds. Acuant then validates the identity of the user, comparing facial biometrics from a liveness-tested selfie to the identity document. The combination of Acuant’s solutions enables a streamlined workflow for shoppers while reducing the risk of fraud from identity theft.


3. Choose Cloud-Based Solutions that Utilize Machine Learning

Online fraud detection is growing in complexity and demand, and its tools are being used for risk-based authentication and new account fraud prevention. Security and risk management leaders involved in online fraud detection should use machine-learning analytics and cloud-based deployment options, states Gartner’s 2018 Market Guide for Online Fraud Detection.

Mobile commerce is where retailers are seeing strong growth and given the current retail environment, no merchant can afford to ignore this trend. At the same time, it is important to balance the risk and the opportunity to ensure that retailers are protecting themselves against loss while still providing seamless customer experience. Acuant provides solutions that are best in class, securing transactions, protecting PII data and providing a pleasing customer experience.


Learn more about Acuant’s identity verification solutions and visit us at NRF 2019: Retail’s Big Show, Jan. 13-15 in New York. We’ll be in our partner Aila Technologies booth # 1240 demonstrating our solutions and happy to book meetings on-site here.




Why Vape Shops Need to Embrace Modern ID Verification

The FDA ruled earlier this year that electronic smoking devices including vape pens and e-cigarettes fall under the category of “tobacco products,” which makes them unavailable to anyone who is under 18. This means vape shops and other retailers now need to verify the ages of customers who want to buy them. The new legislation went into effect August 8, 2016 and will no doubt hugely impact the $3.5 billion a year industry.

The new regulations are in place because the FDA has seen a significant increase in minors who are using electronic smoking devices over the past five years. Back in 2011, 1.5% of high schoolers were using e-cigarettes, but by 2016, that number jumped by 16%. With the new ID verification laws, electronic smoking devices will be harder for minors to access.

Sellers will now have to make sure customer ages are verified before they can purchase an electronic smoking device. When the age restrictions weren’t in place, merchants used to offer free samples to customers and electronic smoking devices were also available in vending machines. The new regulations prevent customers from buying electronic smoking devices without a verified photo ID. Retailers will have to ID customers who look younger than 27 and want to purchase an electronic smoking device.

Verifying IDs can be a difficult process for store clerks, especially if they are doing it by hand. Accuracy in ID verification is critical for retailers under this new regulation because if they fail to verify the ages of customers, they can be hit with huge fines.

Acuant offers a solution for retailers needing a fast, easy and reliable age verification. Whether in the vaping, alcohol, lottery or market, retailers can use Acuant’s ID card authentication solution to accurately verify customer identities and ages in seconds. Acuant’s AssureID solution automatically recognizes IDs from all 50 states, making it easy for retailers to implement across national locations. With immediate image processing and data intake, customers won’t have to wait in long lines while cashiers verify customer IDs. Instead of manually checking IDs, which can lead to inaccuracies, cashiers can use Acuant’s solutions to electronically verify ages with a scanner or mobile device. Acuant’s instant ID verification technology guarantees accuracy and speed, so retailers will be able to remain in compliance and transact with confidence.

Gun Control: Current Purchasing Process and Technology’s Role

The topic of gun control is making headline news more and more consistently. With recent tragic events and ongoing gun control law battles, one might start to question and research what laws currently exist around purchasing a firearm today and what that process looks like.

When a customer buys a firearm from a Federal Firearm Licensed Dealer, they have to fill out government forms like ATF Form 4473, from the Bureau of Alcohol, Tobacco, Firearms and Explosives. ATF Form 4473 requires customers to fill out personally identifying information like names, addresses, and dates of birth. Customers also have to include information from valid government-issued photo IDs, like a driver’s license that includes their current address.  A National Instant Criminal Background Check System (NICS) background check transaction number is required as well. This background check determines if prospective firearms or explosives buyers’ name and birth year match those of a person who is not eligible to buy.

Firearms sellers rely on customers to fill out forms accurately, since they have to keep a log of all purchases. The ATF can inspect purchase logs, and lying on federal forms for a firearms purchase can result in a felony. Incorrectly filling out forms for a firearms purchase can result in severe consequences for the buyer and the seller, so it is imperative that the information gathered is accurate.

Intelligent data capture and identity verification can help to reduce fraud and errors in the firearms transaction process. Our recent partnership with ITouch Technology, a developer of multimedia technology for the hunting and fishing sports industry, has created a self-service kiosk solution that enables electronic capture of customer’s identification to be utilized for processing the ATF Form 4473 and NICS background checks. ITouch Technology’s kiosk application has been developed for use by federally licensed firearms dealers, and offers Acuant’s solution for accurate identification capture and information gathering.

Instead of manually filling out forms, Acuant’s software gathers data from government issued ID’s and auto-populates the information into government approved forms. Filling out forms manually can often result in inaccuracies, which can cause problems for buyers, sellers, and the ATF. Intelligent data capture guarantees accuracy.

Sporting goods retailers that sell hunting and fishing licenses can also benefit from intelligent data capturing solutions. Instead of filling out applications with a retail employee, customers can instead apply for a license at a self-service kiosk. Customers can scan their ID’s at the ITouch Technology self-service kiosk. Acuant’s solution will verify the customer’s identity while automatically filling out a license application with information gathered from the ID. This solution eliminates errors while the verification element ensures the person’s identity.

Purchasing a firearm is a serious matter, and immaterial of current federal regulations, it is clear that technology solutions can play a positive role in the current process.

5 Reasons Why Every Business Needs Identity Solutions

Gathering information from customers and verifying the identities of those who provide it is becoming a simpler task, with the advent of identity solutions that enable businesses to capture, process and verify information in a single step.

Most identity solutions combine hardware systems, software and even cloud-based solutions to make capturing information as easy as swiping a credit card. No more paper forms to fill out. No manual typing of information. It sounds almost magical when you think about it.

But is this new technology simply the latest fad or something your business should seriously consider? Here are 5 reasons why your business should be investing in identity solutions now:

1. Streamlined Processes & Greater Accuracy


Whether they are paper-based or computerized, using forms to gather customer information has its limitations. Customers spell things wrong, leave things blank or mistype information. Handwriting can be difficult to read on paper-based forms, leading to data entry errors. Even your own employees can make mistakes when typing information or merging it with other data in the system.

By contrast, the technology behind identity solutions virtually eliminates manual input of information for greater accuracy.

A simple swipe of a driver’s license, state-issued ID, passport, or other ID easily captures relevant information, intelligently populates the fields for use in third party databases, and verifies the identity of customers in a single step. This saves time, money and frustration by simplifying a formerly complex process.

2. Better Customer Relationships

By eliminating the annoying pile of paperwork that most customers fill out on their first visit, you’ll be one step ahead of your competition, making your business more customer-friendly from the start.

Furthermore, the additional time you can spend with your patients, clients or customers when you eliminate the lengthy check-in process becomes a great way to start customer relationships on a positive note.

Even customers who shop online will appreciate the streamlined process that identity solutions allow, enabling them to proceed through to checkout with minimal input of information.

Finally, you’ll build trust with customers when you take the time to verify their information. Customers will appreciate your attention to safeguarding their identity, building rapport and brand loyalty.

3. Increased Security

With threats of domestic terrorism on the rise, it’s more important than ever to verify the identities of customers and other visitors that enter your store, facility, practice, or campus. Identity solutions are a great tool to instantly verify the identity of any visitor quickly and easily, making both customers and employees feel safer.

The integrated technologies of many identity solutions can give your business the ability to process and verify visitors quickly, while capturing detailed information and images from visitor ID’s, business cards, or passports.

4. Deter Fraud

lexis nexis

Excerpted from

By verifying the identity of shoppers both in-person and online, you’ll decrease fraudulent transactions which lead to lost merchandise and chargebacks that cut into your bottom line.

Identity solutions don’t just verify that the credit card or other payment method is valid. They also verify the identity of the card user, effectively preventing transactions from lost or stolen credit cards.

5. Regulatory Compliance


Using identity solutions is a great way to comply with legal requirements imposed by state and federal laws. For example, if you serve alcohol or sell other products that cannot be sold to minors, identity solutions enable you to verify the identity and age of potential customers, so you stay in compliance with the law, avoiding costly fines and even lawsuits. Financial service providers can ensure that their customers have a fast, positive experience when opening accounts while meeting the Know Your Customer (KYC) and Customer Identification Program requirements.

Identity solutions are also a great tool to help medical practices and other businesses comply with growing HIPPA regulatory compliance requirements.

Emerging identity solution technologies are changing the way business is done for the better, leading to reduced paperwork and greater accuracy, increased security, less fraud and better compliance with regulatory requirements, while providing a better customer experience all around. If you’re interested in moving your business forward, while saving time and money, it’s time to consider identity solutions for your growing business.

Information is Power

by Bruce Ackerman, EVP of Global Sales & Marketing

The phrase scientia est potential is Latin for “knowledge is power”.  And while that may be true, I prefer the Latin phrase notitia est potential which means “information is power”.

Imagine going into a sale and knowing in advance what your prospective customer’s budget is, how much money they make, or how much cash they have for a down payment.  It is possible to some extent using a credit bureau such as Experian, Equifax, or TransUnion but this is a cumbersome process requiring the prospect to grant permission to check these sources.  It can be costly and no one wants their credit checked too frequently as it adversely affects their credit score.

But what if you could simply scan someone’s name and address right off of their driver’s license and ping that information against a series of databases using a sophisticated algorithm to return an income range? Information is Power.

You now have the power to customize your sales approach with each prospect.  For example, you are a sales person selling automobiles and you are about to go on a test drive of a $50,000 car with a person who makes between $25,000 and $50,000 per year.  You probably want to know if and how this person can afford the car in order to use your time effectively. For instance, during the test drive while selling the virtues of the car, you could delve into the financial side and find out that valuable information without taking up valuable time.

Now think about this for underwriting, loan platforms, or retail banking. You can prequalify a customer without having to hit their credit (numerous credit inquiries creates a detrimental effect for the loan applicant).

There are also numerous possibilities for this kind of technology for retail; you can verify someone’s identity and income with a simple scan of their ID.  This would be especially useful in high end or luxury retail operations, qualifying for store branded credit cards, and even promoting loyalty programs.

Another scenario is when renting an apartment, the agent can do a background check and a preliminary “credit” check or income verification while standing with the potential rentee in the unit they are considering.  It saves both parties valuable time in pre-qualifying.

As you can see, this type of information is power. Power that saves companies and employees valuable time and money in sales strategies and upgrading customer service through a seamless, quick and easy experience.

Walmart Launches Mobile Payment App

Walmart is launching a new mobile payment system that will allow customers to pay for their purchases using their smartphones while they are in the store. The app will be tied to the customer’s payment card. Walmart customers have to open up the Walmart Pay app on their smartphones, and then scan a barcode on the register screen during checkout.

Walmart is launching a new mobile payment system that will allow customers to pay for their purchases using their smartphones while they are in the store. The app will be tied to the customer’s payment card. Walmart customers have to open up the Walmart Pay app on their smartphones, and then scan a barcode on the register screen during checkout. The register then sends a receipt to the customer’s smartphone. The payment gets handled by the payment card that’s linked to the app. The new mobile payment method will be available to customers in Arkansas now, and will be launched nationwide in 2016.

The Walmart Pay app works on both Apple’s iOS and Google’s Android mobile operating system. This mobile payment method competes with Apple Pay, Samsung Pay, and MCX’s CurrentC app. MCX, which was launced in 2012, will be particularly affected by the new Walmart Pay app. Walmart was one of the retailers participating in the MCX mobile payment system before the launch of Walmart Pay.

Mobile payments through smartphones at retailers are expected to increase to $118 billion by 2018. Last year, customers used their smartphones to make $3.5 in mobile payments at retailers. However, both Apple and Google have struggled to get shoppers to switch over entirely to using their smartphones to complete transactions. This past Black Friday, shoppers used Apple Pay in only 2.7% of eligible transactions, and instead preferred to use their credit cards or cash.

Walmart’s new mobile payment system mimics the system Starbucks introduced back in 2011 with their app. The Starbucks mobile payment app initially let customers make payments and store their Starbucks gift cards. Now customers can store their credit cards in the Starbucks app and scan their smartphones at the register to pay for their coffee. The coffee chain says that of the 9 million weekly transactions conducted in their stores, 20% come from payments via smartphones.

Retailers are trying to make payments easier and faster for shoppers. With mobile payments, customers won’t have to wait in long lines before paying for their purchases. Retail employees won’t have to spend time helping customers pay for their purchases at a register. Instead, they can be on the floor helping customers find what they need. Walmart hasn’t integrated a loyalty rewards program into its app because it would cause too many issues. Retail employees can use their time on the floor to help customers sign up for loyalty programs and store credit cards. Employees can easily enroll customers into a rewards program with a card scanner. Instead of filling out forms to sign up for a rewards program or credit card, a card scanner can instantly gather relevant information from a customer’s driver’s license. The card scanner can also verify the identity of the customer, so retailers will know that a fraudulent account isn’t being opened up in their store. As mobile payments become more popular with consumers, retailers should invest in card scanning technology to get customers to sign up for loyalty rewards programs and store credit cards.

Credit Card Malware During the Holiday Shopping Season

A new point-of-sale malware has been discovered just in time for the 2015 holiday shopping season. The latest form of malware can steal credit and debit card information when a customer pays for their purchase. The malware, which is called ModPOS, has infected point-of-sale systems at national retailers, although the specific retailers have not been named publicly. Security researchers say that this malware is the most sophisticated point-of-sale malware to date because it’s a framework rather than one piece of software. The different frameworks combined can collect confidential financial information about customers, and information about retail sales systems. The malware can also figure out the personal log-in credentials of retail employees, including executives. The ModPOS malware has been around for two years, but it was hard to detect because it used encryption and file compression to hide itself from anti-virus scans. Reports also say that health care providers, hospitality companies, and payment card processors might also be affected by this malware.

Security experts have also warned retailers and consumers about another point-of-sale malware called Cherry Picker, which has been around since 2011. Cherry Picker infects a point-of-sale system and then scrapes cardholder information from the memory. Most point-of-sale systems encrypt cardholder data when it’s transmitted to the payment processor for approval. Cherry Picker exploits the fact that many point-of-sale systems don’t encrypt cardholder data that’s stored in the memory before transmission. This malware also uses encryption, command line arguments, and configuration files to avoid detection. Criminals can keep the personal information they have collected about customers for themselves, or they can sell the confidential data online to identity thieves.

Since December 2013, when the data breach at Target affected millions of holiday shoppers, consumers and retailers alike have been concerned about keeping their information safe. Retailers have created an intelligence-sharing program called the Retail Cyber Intelligence Sharing Center in an attempt to stay on top of cyber threats. Despite the creation of this program, consumers are still worried about their information being stolen and used for identity fraud. Some consumers are opting to only use cash at retailers in an attempt to avoid identity theft. A survey conducted by BankRate and Princeton Survey Research Associates International found that 39% of holiday shoppers are planning to use cash to pay for their purchases. Only 22% of shoppers plan to use their credit cards when making a purchase this holiday shopping season. This is problematic for retailers who want customers to sign up for their store credit cards. Consumers are hesitant to sign up for store credit cards because they don’t know if that data will be encrypted and protected. Retailers can show their customers that they are keeping their data safe by requiring identity verification before customers are allowed to sign up for a credit card. Retailers can give their employees a card scanner that can authenticate IDs from all 50 states. With a quick authentication tool, retailers can get customers to sign up for store credit cards while also showing them that they value identity protection.

Loyalty Programs Keep Customers Coming Back

A study by the University of San Francisco found that loyalty programs at casinos can keep customers coming back. In the past, casinos used free drinks and hotel stays to attract people, but when every casino is offering the same basic perks, people expect more. Casinos have attempted to build long term relationships with their customers through customized loyalty programs that offer tailored rewards based on demographic data.

A study by the University of San Francisco found that loyalty programs at casinos can keep customers coming back. In the past, casinos used free drinks and hotel stays to attract people, but when every casino is offering the same basic perks, people expect more. Casinos have attempted to build long term relationships with their customers through customized loyalty programs that offer tailored rewards based on demographic data. Casinos also divide their loyalty programs up by tiers, and offer different rewards based on how much and how often people spend. The study found that elite loyalty program members, who represent about 11% of the overall casino market, spend more nights each year at casino hotels. Elite loyalty program members also tend to fill out comment cards and give high marks regarding the helpfulness of hotel staff. Elite loyalty program members engage more with the casino and its offerings. With loyalty programs, casinos can also keep customers coming back to their hotels.

In addition, casino loyalty programs have been useful during times of recession, when people cut down on how much they spend on leisure, entertainment, and tourism. Another study by the University of Nevada examined MGM Resorts International’s new customer loyalty program, which was created in response to the past recession. The new customer loyalty program, called the M Life Players Club, consists of four tier levels, and offers players exclusive access to all 15 of MGM’s properties. MGM customers who are members of the highest tier of the loyalty program are able to accumulate points and benefits the fastest. Benefits include room discounts, priority access to dining and entertainment, VIP seating at shows, private chef dinners, and backstage tours. Customers receive benefits through personalized offers based on previous purchases. The goal of the loyalty reward program, according to MGM Resorts’ Chief Marketing Officer Bill Hornbuckle, was to retain customers through highly personalized rewards that the customers would value. MGM’s old loyalty program involved mass mailing offers that would not appeal to everyone. Some highly personalized MGM loyalty program perks include swimming in the shark reef, and choreographing the Bellagio fountains.

According to the study by the University of San Francisco, “Casino loyalty programs typically provide a membership card that is swiped at all transactions (casino games, restaurants, stores, hotel stays). The programs use this transactional data (i.e., what games they play or what type of slot machines they prefer) plus demographics to structure offers and rewards.” Some customers might not want to sign up for a loyalty program because the process takes too long. Casinos can cut down on the time it takes to sign up for a loyalty program by automating all data intake. With card scanning technology, casinos can use information from customer IDs to sign them up for loyalty programs. With ID scanners, casinos can also use demographic data to send out highly personalized rewards to valued customers, instead of mass mailing basic rewards and hoping they’ll appeal to most people. Loyalty programs can help casinos give customers a personalized experience, which will keep them coming back.

How to Protect Customer Information from Hackers

There are a lot of different ways hackers are able to get into anyone’s account. If someone uses a weak password, or the same password across different accounts, then they are just asking to be hacked. Using public Wi-Fi makes it very easy for a novice hacker to get into your system and obtain your information. When checking out an e-commerce store and creating an account, you become vulnerable to losing your credit card information if that site ever gets breached.

Consumers should always use different passwords that utilize a multitude of different characters and symbols, and should checkout as a guest on an online e-commerce store just to be safe.

This video from Cybereason shows just how easy it is for hackers to enter your system and gain access to your information.

When it comes to enterprises and big business, there are ways to protect their own information as well as their customers’. Similarly, enterprises can unintentionally allow hackers into their systems and breach personal information about their customers, including address, credit card information, and more.

A 2015 study done by Verizon on the Payment Card Industry Data Security Standard showed that 88% of businesses are failing to be compliant with credit card security protocols, up from 67% in 2009. The Verizon report also showed that 9,700 companies detected about 43 million security incidents in 2014, an annual growth rate of 66% since 2009.

Most enterprise companies still think their systems and customer information won’t be targeted. In a study by Experian and Ponemon Institute, 43% of organizations surveyed that were breached in the past two years, and prior to that they probably thought they would never get hit, either.

Meeting credit card compliances is just one of the factors for a secure online experience for your customers. Besides not meeting these compliances, companies are still doing quite a bit wrong to secure their customers from data breaches, which costs about $3.5 million on average per company.


5 Enterprise Companies Mistakes with Customer Security

1. Not installing updates and patches to their website immediately

Hackers target sites that have not updated their servers and software, and it is very common that breached sites are found to be running old versions of their applications.

What to do: Keep systems up to date

Whether it’s a web server that hosts a WordPress or Joomla website, or a web app like Xcart or ZenCart, you should install patches and updates the same day they are released. Along with updating your applications, you should also update your firewalls and anti-virus and malware protection software on a routine basis to make sure you are up to date and safe from the newest hacks and viruses.

2. Revealing customer information in live chat or e-mail

Email, text, and live chats aren’t exactly the most secure, and can easily be hacked into. Chat logs and sessions can be used to find credential information about customers.

What to do: Never reveal sensitive information

This comes down to training your employees correctly so that they know even if a customer seems to be who they say they are, you still shouldn’t reveal any private customer data to anyone. In addition, employees should not click on links in emails and chat sessions that look to be real and safe. In reality, these are often  a phishing attempt by the hacker to get the employee to hand over sensitive information to whom they believe is the actual customer when it is not.


3. Not establishing address and card verification

By not verifying credit card of address information of a customer, you are leaving it open to hackers to ship products to wherever they want, and possibly with a stolen credit card. In the end, you take the financial loss because you gave away your product for nothing.

What to do: Always verify and authenticate

Use identity verification that authenticates that a credit card is legitimate by requiring the card verification value, or CVV, which is usually on the back of most credit cards. Another step of customer validation is to verify their billing and shipping address. This helps to reduce chargebacks, labor time and return shipping costs, which also increases your business profits.

4. Storing sensitive information

You keep your customer’s private and financial information on your records for the ease of use for when they return. Any site that has the ability to create user accounts and store financial information are easy targets for hackers as they can access all of your customer’s information in one fell swoop. What’s worse is if you are not encrypting this customer information. Encryption is an advanced layer of protection from hackers, but doesn’t keep your customer data completely safe by itself.

What to do: Put a policy in place

Your company should have a policy to not store customer credit card and personal information after it is no longer needed. There really is no reason to store this information, except for the ease of use for the customer that wants to be able to quickly fill out a shopping cart form. For those customers, a third-party form-filling tool that helps to remember their information can be used. In the unfortunate scenario your company gets hacked, your customer’s information is still protected in this case.


5. Not having secure authentication on your website

You don’t have a security certificate known as Secure Sockets Layers (SSL) that helps to secure information on your website as well as any data you are storing. It doesn’t mean you are 100% safe from all hacking, as no one is, but it does give you another layer of security.

What to do: Secure your website

Buy an SSL certificate for your website and make sure the certificate never expires. To tell if a website has an SSL, their URL should read like If there is no ‘s’ after the http, then the site likely does not have an SSL certificate and visitor traffic is not being encrypted.

Your business should do everything it can to protect customer information from a data breach, because losing millions and millions of dollars, not to mention losing customer trust and loyalty, far outweigh the costs of setting up a secure system.