By Michael Pearl —
As more and more sales move online in response to pandemic-related retail store closures, jewelers should beware of the potential for cyberattacks and other e-commerce-related risks.
Theft-in-transit claims are also on the rise as jewelers ship these online jewelry purchases to buyers, making them susceptible to “porch pirates” since common carriers are often using contactless delivery to avoid potential exposure to Covid-19.
Jewelry store employees working from home because of Covid-19-related business closures also are vulnerable to cyberattacks because their personal computers and cell phones are typically not as secure as company IT systems that are protected with firewalls and encryption.
In response to these e-commerce risks, the Jewelers’ Security Alliance has issued a special security alert about the risks associated with conducting business online during the pandemic.
A recent study from Forter shows fraud attacks increased by 19% from 2018 to 2019 across the online retail landscape. These attacks range from return abuse and shipping fraud to account takeovers, identity theft and other emerging threats.
Online retailers are especially prone to cyberattacks because their websites and web applications must be freely accessible to the public to sell their products. This includes hackers and other types of fraudsters, like buyers using stolen credit cards to make online jewelry purchases.
To protect against e-commerce risks, jewelry retailers should properly vet buyers to make sure they are legitimate, monitor repeat buyers to ensure they are not selling to a scammer, and partner with companies that check and validate buyers and their credit card information.
Jewelry businesses that have relied on their brick-and-mortar stores for sales have not traditionally been active on the web. That’s why it’s important they’re aware of new cyber risks stemming from e-commerce, including:
- Denial-of-service attacks where robotic hackers bombard IT systems and cause them to crash.
- Data breaches involving customers’ accounts, which contain valuable personal information.
- Ransomware attacks where cyber criminals seize control of IT systems and then demand payment to release them.
- Social engineering scams in which cyber criminals masquerade as company officers and order payments or fund transfers to bank accounts that they control.
Fortunately, cyber insurance can reimburse for such losses as:
- Damage to property and/or products linked to a cyberattack.
- Lost income and expenses incurred due to network disruption or inability to access a computer system.
- Storage costs if products cannot be delivered.
- Lost income or expenses incurred if a business partner is hacked.
- Expenses and payments (including ransom) to a third party to avert potential damage.
- Costs associated with replacement of a computer system impacted by security compromise.
- Cost of audits by a Qualified Security Assessor to certify Payment Card Industry (PCI) compliance following a security breach.
- PCI assessments levied in the wake of a breach involving credit cardholder information.
- Breach response costs including:
- Hiring a crisis public relations consultant to mitigate reputational damage.
- Bringing in IT forensics experts to isolate and contain a cyberattack.
- Notifying customers, providing credit monitoring and covering costs to meet legal requirements.
- Paying for regulatory investigations and fines levied for violations of privacy laws.
- Defending any lawsuits filed by affected businesses or individuals seeking to recover damages.
In addition to purchasing cyber insurance, jewelers should consider buying additional protection for other types of losses that might occur in connection with online sales, such as theft-in-transit. While most Jewelers’ Block policies have coverage for small package shipments, it may not be sufficient to cover high-value shipments.