The importance of offering safe online shopping as a UK SME

Having an online shop (or e-commerce store) as a small business opens you up to a world of potential new customers and the possibility of more sales. But it can also make your business more vulnerable to hackers and expose your business to scammers from all over the world.

So it’s no surprise that global e-commerce fraud has been on the rise since the pandemic. According to Statistica, in 2022, global e-commerce stores lost an estimated 41 billion US dollars to online payment fraud, and this figure is expected to rise by the end of 2023.

That’s a lot of profit falling into the hands of scammers instead of hard-working business owners. But is there anything you can do to prevent it?

As we head into the gift-giving season, ensuring your online store is safe for customers is one way you can reduce the likelihood of a successful attack. And clueing up on hacker tactics could just stop a scammer from getting lucky with your online profits.

But first, let’s dig into why your small business should have an online store if you haven’t set up one already.

30 second summary:

• UK small business owners are missing out if they don't offer an online shopping experience for customers.
• The benefits of offering an online store include wider reach, targeted marketing, and cost savings
• Those who do invest in an online store should be responsible for ensuring a safe online shopping experience and consider - a secure website, strong authentication, and protected payment gateways
• Online small businesses are at risk of cyberattacks. The most common online threats to businesses include phishing, ransomware, DDoS attacks, and Man-in-the-Middle attacks
• Practising secure, online trade provides safety for the customer and the business but also offers other benefits including enhanced customer loyalty and correct legal compliance

What is online shopping?

The act of online shopping is simply buying goods or services over the internet. Customers are now using all sorts of devices with an internet connection to shop digitally, including smartphones, tablets, laptops and computers. Not to mention voice-controlled AI assistants like Amazon Alexa or Google Assistant. 

Online shopping is generally considered safe for customers, but as a business owner and an online seller, you should always make sure your customers can shop your store safely. 

Why should your business have an online store?

Every business that sells goods or services should have an online presence of some kind. For example, you could have a social media page or Google Business Profile if you own a brick-and-mortar business —  but most businesses should also invest in an online store. 

The amount of people making online purchases has been on the rise in the UK since the birth of the first e-commerce store back in 1995. According to Statista, over 80% of UK consumers make purchases online, with four in five people being digital buyers. 

So if your customers can’t buy your goods or services online, you’re missing out on sales.

What are the benefits of selling online for businesses?

There are many benefits for businesses that sell their products online, here are a few:

Wider reach

Because most UK consumers shop online, putting your products on the net gives them a better chance of being found. The internet gives small businesses unlimited access to digital marketplaces to sell products for a wider reach. For example, you can put products on a dedicated website or other online retailers like Amazon, eBay or Etsy. 

Having an online shop opens up the door to new buyers who aren’t local and can’t visit a physical store. Many consumers use Google to search for specific things they want to buy online — so if you have a niche product, you could get more new customers in front of your products.

Targeted marketing

An online store comes with the opportunity for targeted marketing. This is when you target a specific type of audience. You probably know what type of customers walk into your physical store, but your online customers could be different, or you could have several target markets. 

When you set up an online store with Shopify, for example, you gain access to analytic data about your customers, including demographics like age, gender and location. You can even link Google Analytics to your website to get even more detailed information about who your customers are, including their interests — you might find some surprising information about your online customers! With this information, you can provide more personalised marketing material that appeals to your target audience. 

Cost-savings

While you will have some initial and ongoing costs, setting up shop online is likely to be cheaper than running a physical store. You won’t need as much cash in the bank to get started, and you might not need to get a commercial mortgage for a premises.  

If you run your business online, you may have warehouse costs, but you could cut these with drop shipping. This is where you outsource the process of storing and sending an order to a customer for a fee. 

While this often lowers overheads, it’s not always the best option for a great customer experience or service, as you have little contact with the customer after the initial purchase.

What can you sell online?

As a business owner, you could have a physical product, a digital product or offer a service - all of these can be sold online, one way or another. Let’s break them down.

• Tangible products — A tangible product, in simple terms, refers to an actual, physical product that can be delivered to the customer — like a candle or plant, for example. These could be products you have manufactured yourself, but they could also be products from other brands that you sell on your website.
• Digital products and services — Digital products are what they say on the tin - they exist digitally, so they can only be used through a device like a computer, laptop or smartphone. Consultants, marketing agencies or small businesses that offer training courses can sell these online through a website. Buyers can download your product, enquire for a demo of your software or request a discovery call to learn more about your services.
• Bespoke products — The wide reach of the internet means more people can find niche products. This opens up the door to many personalised products. Customers can order bespoke furniture for their living rooms or buy a personalised notebook as a gift. Small business owners can offer these types of services on websites like eBay, Etsy or a simple e-commerce website on Shopify or WordPress with a plug-in like Woocommerce.

What are some best practices for safe online shopping?

If you are offering your products or services online — as a seller —  it’s your responsibility to ensure the customer has a safe online shopping experience. Educating yourself on some simple best practices will make sure you don’t run into any issues like customer card details being stolen or delivery addresses falling into the wrong hands.

Secure website connection

When launching an online website for your small business, make sure it has a secure connection. The easiest way to do this is to make sure your site is Hypertext Transfer Protocol Secure (HTTPS). This is when a website has a security certificate, and it’s the standard needed to have a secure internet connection. To get one, you need to buy a Secure Socket Layer (SLL) certificate and renew it every year to keep your website secure.

Strong authentication processes

Authentication refers to confirming someone’s identity, and you want to make sure anyone who is using your website, creating an account, or downloading digital software is a legitimate buyer. You might think a simple username and password is enough to keep anyone with false intentions out - but this isn’t the case. 

If you want top-notch security, then you need a stronger authentication process. This can be done through a common three-step process:

1. Password — The customer creates a unique set of letters, numbers and symbols and inputs their email to log in to their account.
2. Possession — A confirmation email or code is sent to the registered email address or phone number. The customer creating the account has to input the code or activate the email link to authenticate their account. 
3. Access  — After the first two steps are complete and the customer’s identity is confirmed, the customer can log in and access their account - and make a purchase!

Secure payment gateways

If you have a website where customers can make purchases — your payment method should be secure. This means that it’s unlikely hackers can access customer information, including card payment details, order history and other sensitive information. 

Third-party payment gateways allow you to take payments from your customers without having to store their card information. This protects the customer by reducing the risk that any information could be stolen in the unfortunate event that your database gets hacked. 

Data encryption

This is a technique where data is encoded or ‘scrambled’, so it doesn’t make sense to anyone but the party who authorised it. This means if data does fall into the wrong hands, the hacker is unlikely to make any sense of it because all they will see are lines of symbols. This allows for another layer of data protection, keeping your customers' information secure.

Anti-malware and anti-virus protection

If you’re selling online and accessing your website on a laptop or computer, you need to make sure that the device is protected from hackers. If your device is left unprotected, it’s vulnerable to viruses, malware and hackers who could destroy or steal customer data stored on your device.

The easiest way to protect it is by installing professional anti-malware and anti-virus software, and your business laptops and devices may have this built-in. If not, you can install software like McAfee. Programs like these are designed to prevent, detect and remove viruses and malware from computers as part of cybersecurity protection. And they are affordable, too, McAfee charges £64.99 for a yearly subscription (price as of November 2023). 

How can you show that your site is legitimate?

There isn’t one foolproof way to check if a website is real, but savvy customers are smart, and they aren’t going to purchase from a website that doesn’t look legitimate. So how do you make sure yours looks the real deal?

• Use a branded website domain — When creating a website, you want a domain (the website address) that is the same as or closely linked to your brand name. This helps create a sense of authority and trust in the buyer. For example, if you own a flower shop called Flora’s Flowers, then aim to create a domain name called www.florasflowers.co.uk.
• Ensure HTTPS is implemented — Like mentioned above, this certificate sends a signal to search engines that proves your website is secure to browse. Customers expect to see this on trusting websites, so make sure you buy one. 
• Maintain a social media presence — If a potential customer comes across your brand for the first time, they will look for signs to see if it’s legitimate - even checking social media accounts. If your accounts haven’t been updated recently, or worse, you don’t have any, this can make potential customers sceptical about your business. Setting up business socials is easy, read more in our guide to small business social media marketing here.
• Encourage customer reviews — Customer reviews and testimonials allow happy customers to champion your business online. Potential customers might head to TrustPilot or Yotpo or look at reviews on eBay to see what previous buyers say about your service. If you don’t have any - this can be a red flag for potential customers. Try to encourage your customers to write great reviews about your business by talking to them in person or sending them emails with incentives (if you have marketing consent to do so).

Following these simple steps can go a long way in ensuring your business website looks real and trustworthy. But that doesn’t mean it’s 100% safe from hackers, so it’s worth brushing up on the types of cyberattacks your business could fall victim to in the worst-case scenario.

What are the most common cyber threats faced by online retailers?

Here are some of the most common cyber attacks that small business owners should be aware of:

Phishing attacks 

These are attacks where a scammer uses emails to encourage victims to share their personal information. Phishing emails are designed to appear as though they've been sent from a trusted company, just like yours. These types of attacks are carefully planned and scarily realistic. Attackers could hack your systems, study your business activities and contact your customers for payment. 

Learn more about Phishing, Smishing and Vising scams in our detailed guide.

Ransomware

Ransomware is a type of malicious software — also known as malware — and is usually spread through clicking links and downloading files or USB drives. The malware works by installing on a device and can steal your customer data, delete important files, and infect other computers or networks. It can stop you from fulfilling online orders, leaving you with big financial pains. 

Read more about how to spot a ransomware attack and keep your business safe.

DDoS attack

DDoS attacks are no joke, they’re targeted attempts to shut down your website infrastructure and could ground your online trade to a halt. An attack works by deliberately overworking web servers, networks or websites until they freeze or shut down completely. These attacks can be carried out by competitors, unhappy customers or a hacker just trying to get lucky — at your expense.

Read more about DDoS attacks and how to prevent them in our detailed guide.

Man-in-the-middle (MitM) attack 

Man-in-the-middle (MitM) attacks are the most common type of WiFi security threats. Hackers get into data packages that travel between victims, usually through eavesdropping. This is where attackers will intercept messages between users who believe they’re only speaking to each other. For example, if you have a chatbot function on your website, a hacker could impersonate the chatbot and ask the customer for payment information or other sensitive information directly. 

Read more in our complete guide to Internet security. 

Watch to learn five easy ways you can tell if your business has been hacked

Read more about the effects of online attacks on small businesses with our guide.

What are the long-term benefits of investing in online security for SMEs?

The most obvious benefit of investing in online security is safety —  for your customers, employees and your business operations. But you’ll be surprised to find there are other reasons why you should invest in online cybersecurity measures.

Enhanced customer loyalty

One way to encourage repeat customers is to offer a safe online shopping experience again and again. If a customer knows their data and card details are safe with your online store, they’re likely to purchase again. 

On the other hand, if you don’t invest in any card payment protection measures and your customer details get leaked into the wrong hands, this erodes trust. Not only can you lose repeat customers and sales, but it can badly damage your reputation in the market. And this applies to any business that sells online, no matter the trade.

Compliance with legal and regulatory standards

UK businesses should keep their customer data safe online and offline. By law, you can only share personal information with another organisation for a valid reason, and it must comply with data protection law (GDPR). So if you accidentally share customer card details, home addresses or order information because you got hacked - you are breaking this law. 

You could be issued a warning by the ICO ((Information Commissioner’s Office), or worse - fined 4% of your global turnover. Investing in proper cyber security measures will reduce the chance of this happening, keeping your small business out of trouble.

Protection against financial losses

Many scam attacks result in financial losses for small businesses, either directly through a successful scam or indirectly because of hacked networks, system shutdowns or fines for non-compliance. But that’s not the only risk — your customers could also get money taken from their bank accounts if card details are stolen, which could be devastating for them and your business.

Proper cybersecurity can help prevent this from happening, protecting your online trade and your customers.

How Bionic can help keep your business and customers safe

Any business with an online store could be susceptible to an attack, but targeted SME cyber attacks are becoming increasingly common. Educating yourself and your employees on safe online trade has never been so important. 

Want to read more? Check out our connectivity guides for more tips on keeping your business safe. We also offer help with finding your next business broadband deal with a trusted provider and help set up secure VoIP systems for your business. Speak with a member of the Bionic team today for advice.