It’s happened – maybe you aren’t sure why or how yet, but your Shopify customer data has been compromised. You’ve just found out and you have to make a game plan for how to handle the situation. Truth be told, one should have already been in place, but you (like many other Shopify owners) never thought this would happen to them.
Or maybe you just received an email from an unhappy customer. They just looked at their monthly credit card statement and realized that an unfamiliar charge was placed on their account from your store, though they’ve never even visited or bought anything from you in the past. Why did you take their money? What’s going on here?
Fraud and data breaches are two common forms of theft on the Internet, and both directly affect customers. In one instance, their information is stolen from them and may be used at a later date. In the other scenario, their data has already been compromised and has led to a direct hit to their bank account or credit card.
It’s important to look at both scenarios from a customer’s perspective – of course you and your store are affected to, but the biggest victims are your customers. Because this is the case, it’s important you know the best ways to react to either scenario.
The most important thing to remember in a scenario like this is to not panic. As nervous, anxious or afraid as you feel, the real targets of this hack are your customers and they have to be warned. As a small business owner, you have to handle this situation delicately. Large chains like Target often have data hacks happen within their systems, but their businesses are staples – yours likely isn’t. This means incorrectly handling a data breach can cost you customers very easily.
Don’t hide the breach. Keep consumers informed in the most level way possible and don’t panic them. Tell your customers that it would be wise to change their passwords and keep an eye on their credit card bills and bank statements in the case that suspicious charges show up.
From there, try to find better ways to keep their data safe. For instance, our Rewind vault is completely secure so you never have to worry about hackers getting to your customer data via our services.
Typically fraud isn’t in any way your initial responsibility – this means that while a data breach is something you have direct control over, credit card theft from another source is something you can only react to, not research and stop. When a customer alerts you to fraud then the ball is officially in your court.
Suggest that the customer goes through their credit card company or their bank first in order to report the theft and settle the situation through their channels. From her you can offer information that the person who made the purchase used, like the shipping address for the goods, and turn this over to their bank or the authorities. As much information as you can deliver is preferable.
As an added bonus, apologize for the inconvenience. You may not have done anything wrong, but a sincere “I’m sorry” and a promotional coupon offer can turn an angry customer service email into a sales lead.