Mobile eCommerce: Tips for Protecting Your Purchases and Sales

12/20/2013 11:33 am ET | Updated Feb 19, 2014

2013 was the year mobile commerce made a statement. Case in point: Cyber Monday showed record-breaking numbers in mobile purchases. While online sales in general were up more than 20 percent compared to 2012, IBM found that mobile sales exceeded 17 percent of total online sales - an increase of 55.4 percent compared to last year.

It's no wonder that mobile ecommerce is becoming more common. More than half of the U.S. adult population has a smart phone, the Pew Internet & American Life Project reports, and 25 percent of Americans older than 15 own a tablet. It's easier than ever to hit the "buy" button to purchase goods and services on the go. But mobile ecommerce also comes with some serious security worries.

For one, mobile malware has plagued smartphones more frequently this year, particularly Android devices, causing potential credential threats. According to the latest F-Secure Mobile Threat Report, the number of mobile malware threats rose 16 percent during the third quarter of 2013. Mobile malware can give cyber criminals access to your login credentials and other sensitive information on your phone or email. There is also the simple matter of losing your mobile device and all the information saved on it. On average, people lose their smartphone once per year.

These are just two of many established risks associated with mobile ecommerce. How can businesses and customers work together to ensure security while making a purchase on their mobile device? I've put together a list of tips for businesses and consumers to keep in mind.

Tips for shoppers:

  • Buy over secure Wi-Fi: Make sure your phone does not auto-connect to free Wi-Fi spots when you are making purchases in public. Cyber criminals can use public Wi-Fi networks to intercept data. Use a VPN, secure Wi-Fi or your phone's data plan to make purchases.

  • Enable multi-factor authentication: Take extra precautions by turning on multi-factor authentication, if and when possible. Requiring an email, text message, or security question before logging into a retail or banking site can help prevent cyber criminals from accessing your personal financial information.

  • Secure your mobile device with a passcode: This one is simple and should be done on every phone regardless of whether you make online purchases or not. Your phone hosts a treasure trove of personal information about you, from pictures to email to family phone numbers. Requiring a passcode to access your device can mean the difference between a secure identity and identity theft in the event you lose your phone or tablet.

Tips for businesses:

  • Businesses - don't collect information you cannot protect: Do you absolutely need a customer's Social Security Number? What about their credit card number on file? We have a saying here at CSID - don't collect it if you can't protect it. Data breaches are expensive and happening more frequently as cyber criminals become savvier.

  • Businesses - require strong passwords: Insist that customers create a long alphanumeric password with punctuation. It takes a hacker, on average, 11 minutes to crack a password with numbers and letters. However, when you add punctuation, it can potentially take a hacker years to guess.

  • Businesses - monitor customer information: Use a monitoring system to scour the dark web for stolen credentials so you know when your weak links are compromised and can notify customers to change login credentials as soon as possible.

Mobile purchasing habits will only continue to increase. IDC estimates that up to 22 percent of mobile users will buy products online in 2017. To ensure that cyber criminals keep their hands off of personal information, businesses and consumers can work together to create safer, more secure mobile shopping habits.