Posts

9 Cloud Storage Services with Encryption

As businesses move their sensitive data to the cloud, security becomes an increasing concern. However, many cloud storage platforms now offer sophisticated encryption features for minimal cost.

Here is a list of secure cloud storage platforms. All of these offer encryption and additional security features to prevent breaches and foil ransomware. Several offer free plans.

IDrive

Home page of IDrive

IDrive

IDrive is a secure storage service with helpful features. Transfer and store files with 256-bit Advanced Encryption Standard (AES) “zero-knowledge” encryption with a user-defined key that is not stored anywhere on the servers. Back up unlimited PCs, Macs, iPhones, iPads, and Android devices into a single account. Files and folders will be synced in real-time across all the devices that you link using IDrive. Snapshots provide a historical view of data for point-in-time recovery and help protect against ransomware. IDrive retains up to 30 previous versions of all files backed up to your account. Price: Free plan offers 5 GB. Personal plan is $52.12 for the first year for 5 TB. Business plans start at $149.62 for the first year for unlimited computers.

SpiderOak

Home page of SpiderOak

SpiderOak

SpiderOak is based on a zero-trust architecture where, by default, nobody is trusted either inside or outside of the infrastructure. SpiderOak provides a suite of security services for secure storage, access, group collaboration, and communication. SpiderOak encrypts using 2048-bit RSA (a widely-used, public key cryptosystem) and 256-bit AES. Data is encrypted locally, uploaded encrypted, stored encrypted, and sent back to a user’s registered device encrypted. No trace of your original password is ever uploaded to SpiderOak with your stored data. Use the “Share Room” feature to share files securely with others through a web-based interface. Create temporary, self-destructing links to single files in your backup. Sync your data between all your devices, regardless of your operating system. Price: One Backup plans start at $6 per month.

MEGA

Home page of MEGA

MEGA

MEGA offers lots of secure space with a promotional 50 GB for creating an account. MEGA features zero-knowledge end-to-end encryption, two-factor authentication for an additional security layer, and file versioning and recovery features to counter ransomware attacks. Share files and folders with anyone effortlessly and in real-time across all your devices — even if they don’t have a MEGA account. Set keyed links with an additional password and a link expiry date. MEGA is compatible with Windows, macOS, and Linux, including syncing among platforms. Price: Free plan offers 15 GB. Premium plans start at $6.01 per month for 400 GB.

pCloud

Home page of pCloud

pCloud

pCloud lets you save your files on your laptop, phone, or the web. pCloud encrypts using 4096-bit RSA for users’ private keys and 256-bit AES for per-file and per-folder keys. Organize employees in teams and set group permissions or give individual access levels where needed. Have all of your account activity recorded in detailed logs and access previous versions of your files. Offers zero-knowledge so that no service provider has access to your files. pCloud has annual and lifetime plans. Price: Free plan offers 10 GB for signup. Paid plans start at $47.88 per year for 500 GB.

Sync.com

Home page of Sync.com

Sync.com

Sync.com offers ample secure storage for a low price. It features end-to-end zero-knowledge encryption and TLS protocol (a successor to SSL) for optimal protection, real-time backup and sync, 365-day file history and recovery, and more. Multiple users can work from the same set of folders. File requests, password protection, notifications, expiry dates, and permissions ensure that you’re always in control. Backup your files automatically in one centralized location and keep them synced across all of your computers and devices. Price: Free plan offers 5 GB. Premium plans start at $8 per month for 2 TB.

Egnyte

Home page of Egnyte

Egnyte

Egnyte is a solution for content collaboration, protection, compliance, and threat prevention. Share files easily and securely while controlling the use of future data or resharing. Egnyte uses the standard 256-bit encryption and TLS protocol. Keep data on your servers for more control over your environment. Access company files via secure web, desktop, tablet, and mobile apps, as well as within third-party cloud services such as Slack, Salesforce, Gmail, and Teams. Price: Plans start at $10 per month for 1 TB.

Tresorit

Home page of Tresorit

Tresorit

Tresorit is an end-to-end encrypted storage service for businesses. Tresorit encrypts every file and relevant metadata on your devices with unique randomly generated encryption keys. Create end-to-end encrypted links to share with and receive files from anyone. Add download limits, expiration dates, and passwords for additional security. Enforce 2-step verification for increased security. Accessing files is only possible with a user’s unique decryption key. Tresorit is available across all devices and on all browsers. Price: Plans start at $10.42 per month for 500 GB.

OneDrive

Home page of OneDrive

OneDrive

OneDrive is Microsoft’s cloud storage service that offers many tools for a low price. Easily store, access, and discover your individual and shared work files in Microsoft 365, including Microsoft Teams, from all your devices. Securely share files and collaborate in real-time using Word, Excel, and PowerPoint across the web, mobile, and desktop. OneDrive offers 256-bit AES encryption and two-factor authentication. However, it does not have zero-knowledge encryption. Store important files and images with an added layer of protection in OneDrive Personal Vault. Easily recover files from accidental deletes or malicious attacks; administrators can manage security policies to keep your information safe. Price: Free plan offers 5 GB. Paid plans start at 100 GB for just $1.99 per month.

Dropbox

Home page of Dropbox

Dropbox

Dropbox is a secure storage service for content collaboration. Create, store, and share cloud content from Google Docs, Google Sheets, Google Slides, Microsoft Office files, and Dropbox Paper alongside traditional files in Dropbox. Keep your team’s files and the conversations about them in the same place. Dropbox uses 256-bit encryption and TLS protocol. It also features single admin login to manage multiple teams, an admin console and audit log, and granular sharing permissions. Price: Free basic plan offers 2 GB. Business plans start at $15 per month for 5 TB.

Porch Piracy Is Growing

Porch piracy is on the rise, with 43 percent of American consumers surveyed saying they had an ecommerce delivery pilfered from their front porch in 2020, according to a recent report.

C+R Research asked 2,000 self-reporting shoppers about delivery theft in November 2020. Some 58 percent of the respondents resided in single-family dwellings, 29 percent lived in apartments, and condos or other living arrangements made up the balance.

The survey was conducted on Amazon’s Mechanical Turk, so the results might not be as accurate as a phone survey, other online survey tools, or a review of retailer data, given that Mechanical Turk respondents are paid and more likely to use Amazon and Amazon Prime than U.S. consumers generally. Nonetheless, the survey may be an indicator of a growing problem.

C+R has used a similar questionnaire for the past few years, and the reports of delivery theft have risen. In 2018, 31 percent of the shoppers who C+R surveyed reported having at least one package stolen as it lay waiting outside of their front door. In 2019, that percentage had risen to 36 percent, and, as mentioned above, in 2020 43 percent of folks asked said a crook had taken a package from their front step.

Similar reports or surveys from Canary (a home security company), Security.org, and others put the number of American shoppers who have had a package taken from their front door between 18 percent and 40 percent. Most published surveys that I’ve reviewed report theft of this type is increasing.

More Porch Pirates

Many factors could be contributing to the rise in ecommerce package theft from Americans’ front steps. These factors include significant growth in ecommerce volume, economic conditions, delivery failures, and even so-called friendly fraud.

Ecommerce growth. Depending on who you ask, U.S. retail ecommerce sales rose somewhere between 20-and-40 percent in 2020. For example, The United Census Bureau said that third-quarter ecommerce sales in 2020 increased 36.7 percent over the same quarter of 2019.

Thus doorstep theft could simply be rising with the number of packages delivered.

Economic conditions. The pandemic-driven recession might also be a factor.

A 2007 study found that a relatively lower rate of property crime in the 1990s may have been related to the positive consumer sentiment. If the converse is also true, the current recession might be related to more porch privacy. A 2012 United Nations report, which did not include data from the United States, identified an apparent relationship between economic crises and crime.

Perhaps the Covid recession is contributing to package theft.

Delivery failures. Some of the growth in porch piracy could be related to delivery problems. A customer may assume a package was stolen when, in fact, it was delivered to the wrong address. The retailer says it was shipped. The carrier says it was delivered. But in reality, the box is two doors down or two streets over.

Friendly fraud. Some reports of porch privacy could actually be refund fraud.

“Refund fraud is an easy path for a customer to take if they want to have their cake and eat it too (or, have their watch/shoes/game/etc. and keep the money too),” wrote Shoshana Maraney, content and communications director at fraud prevention firm Identiq.

“They can simply claim that the parcel never arrived (porch pirates are a scourge these days) or that it was broken on arrival. Retailers who aren’t accommodating about refunds tend to receive chargebacks.”

Preventing Piracy

Shoppers can do a lot to stop the theft of ecommerce orders, but they should not have to do it alone. Retailers can help.

For example, retailers can communicate with customers. In 2019, The New York Times ran an article saying that 90,000 packages a day disappear in New York City. If an order comes in from Manhattan, a retailer might send an automatic email describing what a consumer can do to prevent theft. This message could encourage the shopper to meet the package at their door, use an alternative shipping destination such as an office, or have the package held with the carrier for pick up.

Besides communicating with the shopper, a retailer might offer free or low-cost theft insurance or ship items in discrete packages that conceal brand names. It may also be possible with some carriers to schedule delivery only for when a shopper is home and can answer a door.

Online Fraud in 2021 Is Booming

Fraud-prevention expert Uri Arad will give an exclusive, live-stream presentation to the CommerceCo by Practical Ecommerce peer-to-peer community on Thursday, January 21, at 2:00 p.m. Eastern Time.

Arad is co-founder of Identiq, a privacy-protecting, network-based service that helps merchants identify legitimate consumers the first time they shop. It’s critical, as fraudsters are increasingly sophisticated and can look like a regular shopper.

Uri Arad with Identiq

Uri Arad

During the presentation, CommerceCo members will learn what potential fraud threats could harm their businesses in 2021 and what options they may have to protect their companies.

The presentation is exclusive to the CommerceCo by Practical Ecommerce community, which is made up of experienced professionals from retailers and brands. Membership in the community is paid, meaning only serious ecommerce pros participate. Members can discover products and techniques to improve their companies, network with peers to advance their careers, and learn skills to better themselves.

Ecommerce Booms, Fraud Looms

Ecommerce sales dramatically increased in 2020. Unfortunately, with the boom came a commensurate increase in card-not-present fraud.

Retail ecommerce sales in the United States grew by 20-to-40 percent in 2020, depending on one’s source.

The United Census Bureau, for example, reported on November 19, 2020, that “the third quarter 2020 ecommerce estimate increased 36.7 percent from the third quarter of 2019 while total retail sales increased 7.0 percent in the same period. Ecommerce sales in the third quarter of 2020 accounted for 14.3 percent of total sales.”

“We’ve seen ecommerce accelerate in ways that didn’t seem possible last spring, given the extent of the economic crisis,” said Andrew Lipsman, eMarketer principal analyst. “While much of the shift has been led by essential categories like grocery, there has been surprising strength in discretionary categories like consumer electronics and home furnishings that benefited from pandemic-driven lifestyle needs.”

eMarketer estimated that U.S. ecommerce sales were up 34.2 percent in 2020 compared to 2019. And the list could go on with estimates from dozens of other surveys, all saying the pandemic drove more sales online.

Fraud Opportunities

The shift to ecommerce has opened the door for crime. With retailers processing more orders, offering new channels like curbside pick-up, or adding ecommerce for the first time, fraudsters had new opportunities for attack.

Writing on the Identiq blog, Shoshana Maraney, Identiq’s content and communications director, described three of the many fraud trends that could impact merchants in 2021: buy-online-pick-up-in-store fraud, refund fraud, and account takeovers.

Maraney wrote, “The reason that refund fraud has taken off like a rocket recently — to the extent that few businesses have really caught up yet with quite how much money they’re losing — is that this has become a winning business model for fraudsters.”

“Criminals now offer refund fraud services. All the customer has to do is place the order, and the fraudster will take care of the rest. The customer will get to keep their order for free, paying the fraudster a small percentage of the cost of the item. The retailer bears the cost.”

Logo: CommerceCo by Practical Ecommerce

Arad’s presentation will describe the state-of-the-art methods for preventing card-not-present fraud in its many forms. What’s more, CommerceCo presentations are not just another webinar. Members can speak directly with Arad, asking him their own questions and even appearing on screen with Arad, if they like. I will be the moderator.

Finally, as with all weekly CommerceCo presentations, the video recording will be available to members.

Share Customer Data Anonymously to Combat Fraud

Ecommerce fraud prevention depends on good data. That data can come from payment card providers, credit bureaus, address listings, and, more recently, other merchants.

A few years ago, a shoplifter stole products at a D&B Supply store in Caldwell, Idaho. Then a couple of days later, he robbed the chain’s store in Meridian, Idaho, some 20 miles away. The retailer’s vice president of operations notified several of the other large retailers in the area, sharing surveillance images of the thief and details of each crime.

The local Fred Meyer grocery store was hit next. It shared what it learned, and before long, a network of retailers was able to provide police with a complete picture of the crook, including the make of this car and a license plate number. An arrest followed.

In this example, a few stores shared information about a criminal and, by so doing, helped to protect their local community. What if ecommerce merchants could also share customer actions and, thereby, reduce the risk of ecommerce fraud?

Trusted Transactions

“One of the things I have realized working in this domain for so many years … is the advantages and disadvantages of artificial intelligence and machine learning and, also, the reliance on having good data sources,” said Uri Arad, vice president of product and research and co-founder of Identiq, which provides a peer-to-peer trust network for retailers and other consumer-facing businesses.

That so much of modern ecommerce fraud prevention is dependent on data and patterns of data “is especially important when you have to manage risk against an unknown,” Arad said. “An unknown may be a user that you haven’t seen before, a credit card that you haven’t seen before, or a significant change in behavior. So all of those things introduce new patterns and new data.”

“Combined with the increasing sophistication on the side of the bad guys … telling good from bad is becoming a harder problem to solve,” Arad continued.

For card-not-present transactions, telling a good customer from a bad one is becoming more difficult.

For card-not-present transactions, telling a good customer from a bad one is becoming more difficult. Photo: Bermix Studio.

Solving this problem is important because trusted transactions are a linchpin of ecommerce retailing.

The customer has to trust that the merchant has accurately described and presented the product and that the company will ship that product as promised.

The merchant has to trust that the customer is a genuine buyer presenting his own payment card information and not planning fraud.

Many merchants use fraud prevention tools to sort out safe and trustworthy transactions from questionable ones.

Introducing Friction

When a mid-sized or enterprise ecommerce business encounters a new customer, a customer whose information has changed, or a shopper exhibiting new behaviors, that merchant will often introduce friction into the transaction.

This friction may take one or many forms. Some of these steps will be invisible to customers. Others will impact the shopping experience or even kill the transaction.

For example, many automated fraud-prevention tools will respond to the sorts of unknowns Arad described in one of three ways.

  • Decline the transaction.
  • Hold the transaction.
  • Flag the transaction.

In the two latter cases — hold or flag — someone at the merchant will take manual action, such as reviewing the order or calling the customer to verify.

But the first case — declining the transaction — may be the most damaging when it is wrong, as the merchant would be turning away a real, trustworthy customer. It’s called a “false positive.”

“False positives are a result of the inability to properly quantify the level of fraud risk in a transaction. The true results of false positives can be tough to measure, but lost sales are a direct impact,” wrote the authors of an ebook, “The Silent Sales Killer: False Positives,” from Kount, a leading fraud-prevention provider.

“Too often, false positives go unnoticed as online businesses perceive them as successfully thwarted fraud instead of foregone sales. Yet false positives harm online businesses financially in four fundamental ways,” the ebook continued.

  • Immediate revenue loss. Every order wrongly turned down is revenue not realized.”
  • Lost customer lifetime value. Lifetime customer value is the total profit anticipated from all future purchases by a customer. Legitimate customers who are wrongly rejected will often stop buying from that merchant permanently.”
  • Wasted acquisition spend.” All of your company’s marketing and advertising is wasted on a false positive.
  • Degraded brand image. In today’s connected world of social media and viral posts, one shopper’s experience with a false positive can suddenly reach thousands of customers and potential customers. While difficult to quantify, the impact of negative publicity is nonetheless real.”

Various Approaches

Fraud prevention businesses take different approaches to address actual card-not-present fraud and avoid revenue-damaging false positives.

Many use artificial intelligence, which is software with algorithms and pattern recognition to accomplish a task that would usually require humans. But Identiq is noteworthy for its peer-to-peer approach.

When an Identiq member, a company with millions of customers, encounters a new buyer, it can ask other members on the network about their experience with the shopper, if any. This is done anonymously so that each individual’s privacy is protected in accordance with the General Data Protection Regulation in the European Union and the California Consumer Privacy Act.

The idea is that while a new customer may be unknown to a specific merchant, another retailer or a popular paid app has likely experienced that same shopper.

Just about every fraud prevention software provider and financial institution is trying to improve ecommerce fraud detection while avoiding false positives. As Arad said, in the end, it depends on the data. Thus sharing customer experiences could help all participating merchants.