Story image

Securing ecommerce in 2011

01 Feb 11

The world is now finally finding an escape from the purchasing drought of the recent GFC. Consumers are flexing their wallets via the internet to satisfy their shopping needs.
The increasing use of smartphones, tablets and other mobile technology, coupled with the introduction of Wi-Fi capable areas, is in the line of sight of cyber criminals looking to siphon your personal data. In 2011, new and resolute Trojans and other malicious software are on the horizon. Consumers need the education that simple authentication isn’t complete security when transacting online. Precautions need to be taken to secure exposure to the global epidemic of compromised ecommerce.
Mobile use continues to grow
The advancement of smartphone technology, from Androids to iPhones, provides a valuable opportunity for cyber criminals. The prevalent use of this technology poses a growing risk to enterprises and end-users, many whom do not have the tools or knowledge of real-time security to address these potential risks.
The exponential short-term growth of mobile banking and shopping has seen limited security offerings available, making them more susceptible to attack. To combat the lack of security on mobile devices, ensure your computer has the latest internet security suite updates and firewall installed, that it has them switched on and that the latest operating system updates are installed. This includes your PC, Mac, iPad or mobile device including iPhone, Android, Nokia Phone or Windows Phone and even the set top box at home, such as Xbox or Wii, as most are connected to the internet these days.
During a transaction, beware that if you pay via debit card rather than credit card, you should be conscious your funds may not be protected if compromised. However, if your details are compromised when using your credit card and you do lose money, you have greater protection through your credit card provider, bringing a greater chance of your money being returned.
Be aware when on the go
As Wi-Fi capable areas increase in urban hot spots such as your local coffee shop, consumers are finding more convenient locations to transact online. However, when making transactions via public Wi-Fi, you should be wary these transactions could be potentially dangerous if those sites were exposed to hacking or data manipulation by criminals. Sending personal details via any public Wi-Fi site is unsafe and can put you, your device and your personal details at risk. In addition when connecting to a closed Wi-Fi site, check you are connected to the correct portal and SSL is enabled on your browser otherwise you can still be susceptible to an attack.
For further protection, check the certificate of the website. EV-SSL certs (Extended Validation Certificates) make it easier to do this because the browser will show the owner of the certificate and the Certificate Authority alternating.
Most transactions will send you a follow up email. Be aware that if you use the default settings of Microsoft Outlook, your email password is sent in clear text and can be seen by anyone sniffing your connection in a public Wi-Fi network.
Adept trojans increase in sophistication
Malware today has developed some very sophisticated capabilities and techniques to enable it to evade detection and be able to manipulate computer users’ private and personal details.
Some forms of malware may not actually exist as a physical application, but run in your computer memory as a virtual application. This form of attack is designed to send personal and private data collected via various means to a third party in real-time, which in turn manipulates an unsuspecting consumer’s details for unscrupulous means. This is often an automated procedure and often reaps massive reward for the criminals.
Criminals may use social engineering to trick consumers into giving personal and private details. They inject additional fields into a genuine website to gain further key personal and private details. These practices employed by criminals are often referred to as phishing or pharming.
One of the most popular threats is ‘cross site scripting’ that enables malicious attackers to inject client-side script into web pages viewed by consumers. All types of information can be gained via this method, from personal information, to credit card numbers, to gaining access to a remote web server. Pages of the online shopping portal could be changed or faked to retrieve this kind of information.
Trojans like Carberp or Zeus will modify the Online Banking page in real-time while being served from the secure banking application. Online shopping portals can and will be attacked in the same way as online banking sites. No SSL or EV-SSL will prevent this attack because the magic happens after the content has been decrypted.
Authentication isn’t complete security
We often come across authentication logins, questions and passwords on a variety of transactional and online shopping websites. This can range from paying a bill, transferring money or even buying a bunch of flowers online. However the vast majority of online authentication does not provide complete security to the user.
A few simple reminders are to never give out private details like birth date, mother’s maiden name, and bank account details to a website, especially retail websites or untrusted websites. Never use the same password for shopping sites as you do with online banking (especially sites of a less known reputation).
If making purchases where your identity or the gift recipient’s details are requested, you should check the privacy policy of the website. Ask yourself what the website owners intend to do with your personal or private information? Where are the details stored? Is the online business or online shop Payment Card Industry Data Security Standard (PCI DSS compliant)?
In the end we are now in a world where security is vital, but with adequate protection and precautions we can all enjoy online innovation.  Always remember though, if an offer sounds too good to be true, it most probably is!

DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.