Best Practices for Securing PII in Ecommerce and Delivery Services

The last thing that customers ever want to experience is an order error from Postmates. Meal delivery services such as DoorDash, Postmates and Uber Eats are  easy targets for spoofing attacks. They consist of an immense amount of personally identifiable information (PII) and payment information. Based on a study conducted by Experian, 64% of consumers believe that they would be discouraged by companies who neglect their services after a breach within their data system.

Overall, it’s crucial to secure PII towards e-commerce and delivery services due to their huge success and recognition with consumers. 

How Cyber Security Impacts Ecommerce and Delivery Services

It’s crucial that these food delivery companies take increasingly drastic measures in improving their anti-phishing and email security technology. Because information from delivery service databases are valuable, it’s likely that ecommerce and delivery services are prone to phishing that can compromise the entire system as well as a customer’s personally identifiable information.

Case Studies of Delivery System Breaches

  • Uber Breach
    In 2016, Uber paid a settlement of $148 million due to claims of the company’s cover-up of a data breach. Hackers had stolen PII of 25 million ridesharing users and drivers, which led to Uber paying them off for $100,000.
  • Instacart Breach
    Instacart recently went through two security breaches in their system as of this year. Two employees through a third-party tech support vendor had gained access to shopper profiles. This led to Instacart notifying almost 3,000 shoppers about the incident, which led to a major threat of personal identifiable information of Instacart shoppers.
  • DoorDash Breach
    4.9 million customers have been affected by a DoorDash breach that took place in September of 2019. This occurred when hackers stole PII of merchants, delivery workers and customers. Personally identifiable information stolen from this breach were information from driver’s licenses, home addresses, emails, and bank account numbers. During this time, DoorDash still could not provide an explanation behind the security breach.
  • UberEATS Breach
    Probably the most disturbing breaches from UberEATS was this data breach that affected hundreds of UberEATS users. This led to information of delivery drivers, partners and customers compromised by unknown hackers who then exposed it to the dark web.


How good are your employees at identifying phishing attacks and what impact do these results have on organizations? 

Download our "2020 End User Phishing Report" to learn more.

What Ecommerce and Delivery Services Can Do to Keep Users Safe

The best solution to keeping users safe on ecommerce and delivery services is to know the signs of a good phishing attack. Although tricky, phishing scams can occur when you least expect it. Phishing attacks are bound to happen if a message carries out a sense of urgency within its tone and persuades a user for the sake of a better offer for their order. Overall, it’s important to protect yourself from these types of cyberattacks.

Below are a few solutions that can help improve cyber security within ecommerce and delivery services.

  • Create a comprehensive security policy
    Security policies are essential in improving your data system, especially for ecommerce businesses who offer delivery services since PII has become an accessory for potentially fraudulent activity. Establishing a comprehensive security policy will allow easy identification of risks and conforms to any legal requirements.
  • Control access to devices
    Entrusting a number of employees to have access to IoT devices will decrease the chances of PII being compromised. The less people who have access, the better. For instance, trusting staff from a specific department to gain access to devices can increase the likelihood of a data breach.
  • Frequently monitor your access and keep software up to date
    Software should always be kept up to date. ecommerce and delivery services should remember that new software updates must be compatible in order to monitor PII and other sensitive information effectively. Another tip to consider is frequently monitoring the activity that occurs on all of your devices.
  • Train employees and contractors on security awareness
    Everyone should be on the same page when it comes to security awareness. Train contractors and employees to know the protocols and regulations when it comes to improving security for your ecommerce or delivery service business. Your employees should take the first line of defense when a cyber-attack happens.
  • Secure networks
    The biggest practice that will effectively contribute to securing PII on delivery service platforms and ecommerce businesses is to secure the network itself. Consider installing VPN software into your network to protect confidential user information. When you secure your network, you’re just one step ahead of other businesses that lack security to their platforms. It’s best to avoid as many breaches as possible and keep a good relationship between users and your business.

Help Users Make Better Decisions When
It Comes to the Inbox


For the sake of PII and compliance, the next steps to consider before improving the security of personally identifiable information is to take a look into the different strategies that can protect the facilitation of your business’s customer experience and streamline communication. When doing so, establish the habit of encrypting PII for the ultimate security. However, don’t let that stop you from leaning towards more options. Check out four simple ways to effectively protect personally identifiable information (PII).

4 Ways to Protect Personally Identifiable Information (PII)

  1. Change Your Passwords Often
    Creating the habit of using various passwords will keep PII secure. Lazy security practices increase the chances of ecommerce and delivery services being exposed. With the constant change of passwords, PII will become more difficult to get to and lessen the chances of being involved in a data breach.
  2. Freeze Your Credit Report
    This type of strategy can help as an extra security measure for your credit score. As a part of PII, your bank account is deemed confidential information that should be protected from any credit fraud.
  3. Set up Credit Monitoring
    Setting up a service that can track credit reports on a daily will lessen your chances of a PII getting stolen. Receiving updates about transactions can help you track down potentially fraudulent activities and get to the bottom of the issue sooner.
  4. Use Caution Before Sharing PII
    It’s best to share this type of information at a minimum. In fact, it would be better if you never shared PII at all. However, because PII can be useful information, being cautious about who personally identifiable information will go to is a major concern.

Final Thoughts

As an overall consideration, ecommerce and delivery services must be protected with beefed up security practices. This is an effective strategy to avoid any data breaches since ecommerce and delivery services have become the common targets of fraud. It’s best that companies think about what to prioritize in regard to a user’s PII since the true state of an e-commerce and delivery service business is at risk.

Find out more ways to keep your organization, employees and users safe with our user education solution. Your employees can be your best defense against cyberattacks and illegal use of personal information. Arm them with the information they need to know and act.

Get Your FREE Email Threat Assessment

Learn what advanced threats are currently getting through your existing email security and into your end users’ mailboxes.