It’s that time of year when email inboxes are flooded with messages from scores of retailers looking to capture sales during the critical holiday shopping season. Consumers are overwhelmed with both the volume of email and the intricacies of the glut of different offers to sort through. And then there are the receipts for the items that have been purchased along with shipping documentation and other correspondence.
With all of the clutter in the inbox from recognizable, friendly brands, even the most vigilant email users can fall prey to fraud. Sophisticated phishing scams trade on brand familiarity, and if a customer has browsed a brand’s website or made a recent purchase, a fraudulent email seemingly sent by that retailer won’t seem out of the ordinary. The open rates for transactional emails hover at around 40% – about twice the rate for marketing emails. And, because these emails are expected and opened at substantially higher rates, fraud perpetrators frequently use a mocked up transactional email to hook their phish. When an email user receives the fraudulent transactional email, opens it, and clicks on a link or provides “verification” around transactional details, the damage is done.
When you consider the quantity of emails typically associated with a single transaction – the “we received your order,” the “your order has shipped,” and of course the receipt – there are plenty of opportunities for customers to get fooled into opening and clicking on what they reasonably believe is an email from a trusted brand. Furthermore, if a hacker is able to view receipts or shipping information in the email content, the details revealed can make it easier to forge that information the next time, or may even reveal to thieves the best time to find a package unattended on someone’s front porch.
While it’s impossible for retailers to fully protect customers from these elaborate phishing schemes, there are measures that should be in place to ensure that emails containing sensitive information and attachments are delivered securely. For retailers conducting online transactions, the ability to send receipts, shipping information and other sensitive information is critically important. And it’s not just online transactions that need protection – for customers shopping in-store that request an electronic receipt, delivering the document safely and securely is the retailer’s responsibility.
Often, encryption is the first thing that comes to mind when considering how to secure an electronic receipt or other document. Websites use encrypted protocols to protect the transaction in real time, so why not encrypt the email as well? The problem with most email encryption programs is that they’re difficult and cumbersome to use, and many require that the customer receiving the email download software to access the file. Because it’s so complicated, it’s highly likely that the customer won’t go through all the necessary steps to access the document.
By contrast, cloud-based secure document delivery solutions eliminate the need to download software and leverage those same website protocols to protect the transmission. Customers are provided a passcode to access their document safely and securely from the cloud. The message is separated from the passcode-protected document – so, if the email were to get intercepted, the hacker would not be able to access the attachment. No technique is entirely foolproof, but if the customer has been informed of what to expect, segregating the confidential information in this way provides an extra layer of defense.
With so much correspondence occurring between retailers and their customers via email, it’s critically important to have both the protocols and tools in place around secure document delivery. While customers might not fully understand the danger and consequences around email security breach, it’s the retailer’s responsibility to proactively protect them from fraud. Secure document delivery is a retail industry-wide cost of doing business, and putting it on the back burner is no longer an option.