|
How tight is your security?
"You cannot get away from the security in the e-commerce world, Nor can you get away with skimping on it as an online merchant." As technology becomes increasingly sophisticated, so do ‘e-criminals’ in their attempts to hack into systems or steal identities. We examine the importance of website security for e-commerce companies.
|
|
The familiarity of consumers with spam in their email boxes inviting them to give their account or password details to a series of banks, online auction companies, or payment schemes means most regular e-commerce users are to some degree, security-savvy. However, their awareness of such ‘phishing’ threats is often overridden by their ‘need for speed’ in using a web service. Ease of use, convenience and time-savings are the key drivers for today’s online consumer. The rocketing revenues from online e-commerce last Christmas may mask the concern, but there is little doubt that consumer confidence in the security of their online transactions is somewhat shaky. As a result of the growth of phishing related fraud and identity theft, IT and e-commerce analyst group Gartner believes shoppers are starting to curtail their online purchases. According to Gartner, 73 million adults who use the Internet received a ‘phishing’ e-mail between May 2004 and May 2005, and 2.4 million online shoppers lost money as a direct result. Many are now worried, dismayed and frightened over the threats to their bills, and their bank accounts. Unless e-commerce companies take steps to combat ‘phishing’, Gartner says, they will not be able to rely upon online selling and e-mail as methods to draw customers. Indeed, there is evidence now that the very awareness of consumers with spammed ‘phishing’ emails, is prompting ever-more sophisticated methods of attack by organised crime that rely on so-called ‘social engineering’. For example, while you might be suspicious of a ‘phishing’ e-mail supposedly from a bank, what about a purported e-mail from your boss looking for information, or from someone in your company’s HR team? Would you ignore that? But perhaps the most insidious current security problem is spyware, which is malicious software finagled on to a user’s machine without their knowledge or authorisation. It usually arrives surreptitiously from an innocent visit to a website, and furtively logs users’ keystrokes to steal passwords and other sensitive information. Another increasing concern is the theft or loss of personal or financial information in large measures, which puts consumers’ finances at risk. Sometimes the incidents are the result of carelessness or accidental loss: the Marriott hotel chain admitted late last year that back-up computer tapes containing data on some 206,000 customers went missing from a company in Florida. In other cases, data theft may have been well planned, often by insiders within e-commerce companies. Cosmos Group IT director Alister Beveridge believes internal fraud is a much under-regarded threat. “Companies have to be aware of the propensity for internal fraud, and yes, I’ve seen it happen in organisations,” he says. “Staff are usually familiar with all the systems, and anyone who’s disaffected may see a small loophole and take advantage of it. Countering it is mainly down to having effective internal policies and procedure which you have to get over to staff training. Best practices for securing e-commerce data
|
Use your website to educate customers about fraudulent sites. Warn them about ‘phishing’ schemes that you know about and instruct them not to click on links provided in e-mails that purport to be from your company. Advise them to type your address directly into their browsers to get to your site.Other related searches |
|---|