E-Commerce Merchant’s Liabilities Towards Hacking and Fraud

In recent years, much of consumer retail consumption has transitioned to the online marketplace. So, many of us engage in e-commerce, especially when shopping for the upcoming holiday season. While e-commerce is convenient and easy, consumers are becoming more aware of the risks posed by hackers that commit online fraud. Merchants who administer websites for online shopping must take measures to assure that their sites are protected from online hackers and fraud. Online merchants may be held liable for online fraud if the proper steps are not taken to prevent it. Are you an online merchant? Are you worried about protecting the sensitive information of your customers? If so, then you must take certain steps to prevent fraud and unauthorized access (i.e., hacking).

How Does Online Fraud Occur?

Online fraud is fraud that is committed using the Internet. This type of fraud typically comes in two forms: (i) financial fraud; and (ii) identity theft. Financial fraud often occurs when a hacker collects a consumer’s financial information to steal money.  Identity theft usually occurs when a hacker collects a consumer’s information, and then uses it to open bank, mortgage, or credit card accounts. Many times the two types of fraud happen concurrently. Hackers often target e-commerce websites because consumers are constantly offering their credit card and personal information through these websites. Online merchants must take precautions to prevent hacking that leads to this kind of fraud.

What Is An Online Merchant’s Liability If There Is Online Fraud?

An online merchant is a person or business who accepts payment, usually credit cards, in exchange for goods and/or services through an online website. An online merchant may be held liable from a customer’s loss due to online fraud occurring through the merchant’s website. Often a financial institution (e.g., bank issuing credit cards) will bring an action against a merchant for failure to protect customer data from unauthorized access that led to the fraudulent use of that information. If the institution and/or customer can show that the loss was directly caused by the merchant’s lack of protection, then the merchant will be held liable. Therefore, online merchants must take reasonable steps to protect customer data. Merchants can and should take the following measures to protect against hackers committing online fraud. For example, choose a secure e-commerce platform with sophisticated programming language that ensures a secure connection during checkout. Use a system that verifies customer credit card and address information, and do not store this data longer than necessary. Require that customers utilize strong passwords, and track all their orders by number. Set up alerts when suspicious activity occurs. Train your employees in security measures and layer those measures for additional security. Closely monitor your website with regular scans to detect vulnerabilities. Make sure your systems are always updated. Think about using the cloud to reduce the need for hardware and protecting it, and invest in a fraud management service that reduces merchant liability when a customer suffers a data loss. Lastly, back up the data on your website, so that you do not lose important customer information.

These steps will greatly reduce the opportunity for a hacker to access sensitive customer information to commit fraud. If you are an online merchant and want to take steps to reduce your liability from online fraud, you may contact us to speak to an attorney.