Share this e-Alert:

Polsinelli - Privacy and Data Security Polsinelli - Privacy and Data Security


May 2015


Four Security Gaps Cybercriminals Exploit in Your Business's Digital Storefront







For more information about this alert, please contact:


Jay E. Heidrick



Email | Bio


Joseph D. McClendon



Email | Bio


Privacy and Data Security Leaders:


Daniel L. Farris

Practice Area Co-Chair


Email | Bio


Gregory M. Kratofil, Jr.

Practice Area Co-Chair


Email | Bio



To view a full list of Polsinelli's Privacy and Data Security Professionals, click here.


For current Intelligence, or to learn more about Polsinelli's Privacy and Data Security practice, click here.



View Polsinelli documents on JD Supra  


LinkedIn Twitter Facebook Polsinelli Podcast

Symantec, the American IT security company, recently released its 2015 Internet Security Threat Report that summarizes the number and types of threats and vulnerabilities seen in 2014. The report also analyzes trends and provides insights from security experts about what we can expect from an Internet security standpoint moving forward in to 2015. The conclusion: online retailers must take proactive and preventative measures to safeguard their customers' personal information.

Data Breach Trends from 2012 to 2014

Even though the number of "mega breaches" (defined as more than 10 million identities disclosed) decreased from 2013 to 2014, the total number of reported breaches increased during the same period of time. The number of reported breaches has increased from 156 in 2012 to 312 in 2014, an increase of 100 percent in just three years. Even though healthcare is the most attacked sector with 37 percent of the total number of reported incidents in 2014, due to the enormous amount of personal information and health information health care providers collect and store on behalf of their patients, other sectors must remain vigilant in their efforts to protect customer information.

The retail sector reported 11 percent of the cyber incidents in 2014 but alarmingly, over 59 percent of identities exposed during the same period; percentages that likely will continue to increase as more retailers sell their goods online and more security vulnerabilities are found in e-commerce and associated shopping cart software solutions. With this in mind, businesses that sell products online and deal with customer financial data must employ basic safeguards to improve the protection of their customers' personal information.

Gaps in Online Retail Security

1. Not Confirming Transactions. Asking a customer if he or she wants to proceed with the transaction can help minimize the number of accidental or inadvertent purchases made through an online store or app. If your company sells product(s) through an app, consider requiring your customers to type their account password to confirm the transaction before the transaction is processed.

2. Not Sending E-mail or SMS Receipts. Following up with your customers after a transaction has been processed helps customers keep track of the purchases made using their accounts. A confirmation e-mail or text message sent to the customer's registered e-mail address or mobile number will provide the customer notification for both authorized and fraudulent transactions. These notifications must be sent contemporaneously with the transaction (or shortly after it is completed) to enable the customer to fight back against fraud the moment it happens.

3. Not Requiring Strong Passwords. Not requiring customers to register their accounts with strong passwords provides a big gap in cybersecurity upon which hackers can quickly capitalize. While a business can't stop customers from recycling passwords they have used for other, unassociated accounts, a business can control the content and complexity of the password they use for its website or app. A minimum number of characters with requirements for uppercase and lowercase letters, numbers, and special characters can provide additional security for its customers' personal information. Also requiring customers to periodically change their password helps protect against breaches.

4. Complacency. Applying the industry's best practices and staying attuned to emerging threats will help protect a business's online store and its customers' personal information. Being aware of hackers' latest efforts to steal personal data, patching vulnerabilities when they are discovered, and using the recommended type and amount of encryption are just a few examples of how you can proactively help protect your customers' personal information.

Summary and Takeaways

  • Requiring that customers to confirm the transaction before it is completed can minimize accidental or unintended purchases
  • Sending e-mail and/or text receipts for the transaction will help customers fight fraudulent transactions
  • Strong password policies help protect customer accounts
  • Keep up to date with industry best practices and apply that knowledge to your online store or app

For More Information

Polsinelli attorneys understand how important protecting customer personal information should be to a business. For more information, please contact the authors, a member of the Privacy and Data Security practice, or your Polsinelli attorney.












Atlanta  Chattanooga  Chicago  Dallas  Denver  Edwardsville  Kansas City  Los Angeles  Nashville  New York
Overland Park  Phoenix  Raleigh  St. Joseph  St. Louis  San Francisco  Springfield  Washington, D.C.  Wilmington








real challenges. real answers.SM  
Polsinelli is an Am Law 100 firm with more than 740 attorneys in 19 offices, serving corporations, institutions, entrepreneurs and individuals nationally. Ranked in the top five percent of law firms for client service and top five percent of firms for innovating new and valuable services*, the firm has risen more than 100 spots in Am Law's annual firm ranking over the past six years. Polsinelli attorneys provide practical legal counsel infused with business insight, and focus on health care, financial services, real estate, life sciences and technology, and business litigation. Polsinelli attorneys have depth of experience in 100 service areas and 70 industries. The firm can be found online at Polsinelli PC. In California, Polsinelli LLP.

* BTI Client Service A-Team 2015 and BTI Brand Elite 2015








Polsinelli provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. The choice of a lawyer is an important decision and should not be based solely upon advertisements.

Copyright © 2015 Polsinelli PC.

Connect with us on LinkedIn. Connection with us on Twitter. Connect with us on Facebook. Privacy and Data Security Polsinelli Privacy and Data Security