With more than 40 percent of internet users in the U.S. stating they purchase items online several times per month, it’s clear the online shopping industry is booming. And, it’s only going to increase – making your business a goldmine of shopper info for cyber criminals everywhere.

With more and more transactions completed online, how do you protect your e-commerce site from being hacked and your customers’ data from being stolen?

Perhaps the most overlooked element of compliance is logging in. Whether it's an administrator or a customer, simple password-based credentials alone aren't enough to secure such valuable data like customers’ addresses, phone numbers, credit cards and more.

This isn’t a problem with an easy solution; it’s a structural weakness, which requires rebuilding and changing habits. Major network authorities such as the Department of Commerce’s National Institute of Standards and Technology (NIST) are already planning to restructure access control to evaluate the administration, enforcement, performance and support properties of all access control systems, such as customers logging in to your e-commerce website.

However, if you want to implement additional security measures — which may increase protection of customers’ data and reduce fraudulent transactions — you could face losing customers if it takes them longer to complete transactions. Traditional two-factor authentication (2FA) or multi-factor authentication (MFA), which are intended to be an extra layer of security beyond the traditional username and password, are one of the most popular authentication processes e-commerce businesses adopt.

But which one is the most secure?

For the best security, don't rely on one “best” factor — you need to implement right-factor authentication combinations. Right-factor authentication combinations eliminate the weakest link in most authentication models: the username and password pairs that can be easily hacked and phished. Instead of having your customers prove their identity with a username, they should prove it with their personal pass key or token.

When protecting your e-commerce site and customers, you need to ensure if the secure electronic identification is lost or stolen, it can be disabled and restored through a recovery process to keep all linked accounts intact.

Ready to learn how you can protect your e-commerce business and customers? Check out our e-book, “Passwords & usernames: The real bandits of your e-commerce business” here.