Feeds:
Posts
Comments

Posts Tagged ‘online security’

Report Reveals that Smaller Merchants Face the Biggest Security Threats

Posted in Click Fraud, Ecommerce, General News / Technology, Online Shopping, tagged , , , , , on May 19, 2011 | Leave a Comment »

E-commerce payment systems accounted for a sizable chunk of credit card fraud instances in 2010, with smaller merchants and retailers representing the biggest targets for criminals intent on stealing debit and credit card information according to a new report from Trustwave.

The web security firm’s report “Payment Card Trends and Risks for Small Merchants” says that 90 percent of all card-security compromises in e-commerce last year involved Level 4 merchants, which comprise the smallest of the four designations given to retailers by the likes of Visa and MasterCard.

“Taken at face value, this might surprise most readers,” says the report.  “Though there are attacks that target large, well-known businesses, many attackers look for vulnerable systems.  These attackers are often able to find common and easy-to-exploit vulnerabilities in the systems of Level 4 merchants because small businesses generally have devoted few resources to protecting those vulnerable assets.”

Level 4 retailers typically process less than 1 million total payment card transactions each year and less than 20,000 e-commerce transactions annually.

Trustwave’s report doesn’t provide any specific guidelines for how retailers can improve their security.  However, it does point out numerous failures on the part of smaller merchants to comply with the Payment Card Industry Data Security Standard, the industry’s collection of data security rules.

The report, for example, says that 98 percent of small merchants both fail to maintain the firewalls that are designed to protect payment information AND fail to regularly test how secure their card-protection systems are. Furthermore, 75 percent don’t protect that payment data that they store.

These failures, either on their own or collectively, most certainly heighten the chances that a smaller retailer can be the victim of cyber crime.

Overall, e-commerce payment systems accounted for 9 percent of the total security compromises in 2010.  Point-of-sale software used by brick and mortar merchants accounted for 75 percent of the compromises.  Employee workstations (11 percent) and ATMs (2 percent) were also part of the equation.

The lesson is quite clear though.  Smaller and mid-sized retailers must devote as much time and resources to payment system security as the big boys.  Consumers these days are more often than not looking for the best price available and will consider both large and small merchants as they do their research without the knowledge that the security protocols in place often differ between the two.

Leave us your comments below!

Read Full Post »

New Report Reveals Serious Flaws in Electronic Payment Systems

Posted in Ecommerce, General News / Technology, Merchant Tips, Online Shopping, tagged , , , , , , on April 15, 2011 | 2 Comments »

A new study out this week by researchers at Indiana University casts some serious doubts over the security protocols  used by many leading online payment systems and e-commerce sites, raising concerns that the industry could be facing a dangerous fraud threat in the very near future as a result.

The report, “How to Shop for Free Online: Security Analysis of Cashier-as-a-Service Based Web Stores,” was authored by Indiana University doctoral student Rui Wang, with help from associate professor XiaoFeng Wang and representatives from Microsoft as well.  It specifically cites quite a few reputable online shopping sites and payment services—Google Checkout, Amazon, PayPal, Buy.com, just to name a few—as having serious security flaws that could easily be exploited for fraudulent purposes.

Research focused wholly on the CAAS (‘cashier-as-a-service’) payment systems that are widely employed online and the team discovered that the gaping security flaws at play are largely the result of integration problems between payment systems and e-commerce platforms.

These integration issues have created an environment where criminals can trick the systems in a number of ways—from confirming payments to fraudulent or illegitimate sites, to actually changing the amounts paid for online purchases or receiving orders at no cost at all.

“Our analysis revealed the logic complexity in CaaS-based checkout mechanisms, and the effort required to verify their security properly when developing and testing these systems,” Rui Wang said.  “We believe this study takes the first step in the new security problem space that hybrid web applications bring.”

The team concludes that the study’s findings could be just the beginning of what may grow into a much broader problem with online payment systems.  And since the group really only studied what it calls the simplest of “trilateral interactions” between parties, they also conclude that more research is necessary to delve into some of the more complex payment tools available out there.

One thing the team does know?  Better cooperation between payment providers and e-commerce companies is necessary to reverse course:

“Payment service providers have a responsibility to make it clear how to safely use the service they provide, and merchants need to do their due diligence to operate these services properly,” Wang said.

Leave us your thoughts and comments and have a wonderful weekend!

Read Full Post »

Beware the “12 Scams of Christmas”

Posted in Ecommerce, General News / Technology, Online Shopping, tagged , , , , , , on November 15, 2010 | 1 Comment »

Preparing yourself for the holiday shopping season isn’t simply a matter of looking for bargains and deals or discovering the next “it” thing in online or mobile shopping.  No, to be fully ready to cash in on all the benefits of the internet during the holidays, one needs to be in the know about the threats and potential dangers that are out there and how to avoid them.  That’s not just limited to the world of e-commerce either.

Security leader McAfee is doing its part to help educate the public on the safest ways to navigate the online landscape during the holidays, today releasing the “Twelve Scams of Christmas,” a comprehensive list of a dozen of the most dangerous online scams out there that all computer users and online visitors need to be cautious of during the holiday season.

“Scams continue to be big business for cyber criminals who have their sights set on capitalizing on open hearts and wallets this holiday season,” said Dave Marcus, director of security research for McAfee Labs. “As people jump online to look for deals on gifts and travel, it’s important to recognize common scams to safeguard against theft during the busy season ahead.”

In no particular order, here’s McAfee’s list.

1) iPad Offer Scams: McAfee Labs found that in the spam version of the scam consumers are asked to purchase other products and provide their credit card number to get the free iPad. Of course, victims never receive the iPad or the other items, just the headache of reporting a stolen credit card number. There’s also a social media version of the scam, where users take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality they are signed up for a cell phone scam that costs $10 a week.

2) “Help! I’ve Been Robbed” Scam: sends phony distress messages to family and friends requesting that money be wired or transferred so that they can get home.

3) Fake Gift Cards: cybercrooks use social media to promote fake gift card offers with the goal of stealing consumers’ information and money, which is then sold to marketers or used for ID theft.

4) Holiday Job Offers: with many people looking for extra cash during the holidays, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.

5) “Smishing”: smishing refers to spam texting. These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets.

6) Suspicious Holiday Rentals: during peak travel times when consumers often look online for affordable holiday rentals, cybercrooks post fake holiday rental sites that ask for down payments on properties by credit card or wire transfer.

7) Recession Scams Continue: scammers target vulnerable consumers with recession- related scams such as pay-in-advance credit schemes.  McAfee Labs has seen a significant number of spam emails advertising prequalified, low-interest loans and credit cards if the recipient pays a processing fee, which goes directly into the scammer’s pocket.

8)  Grinch-like Greetings: E-cards are enormously popular and good for the environment, but cybercriminals load fake versions of them with links to computer viruses and other malware instead. Infected computers may start displaying obscene images, pop-up ads, or even start sending cards to contacts that appear to come from you.

9) Low Price Traps: shoppers should be cautious of products offered at prices far below competitors. Cyber scammers use auction sites and fake websites to offer too-good-to-be-true deals with the goal of stealing your money and information.

10) Charity Scams: the holidays have always been a prime time for charity scams.  Common ploys include phone calls and spam e-mails asking you to donate to veterans’ charities, children’s causes and relief funds for the latest catastrophe.

11) Dangerous Holiday Downloads: holiday-themed screen savers, jingles and animations are an easy way for scammers to spread viruses and other computer threats especially when links come from an email or IM that appears to be from a friend.

12) Hotel and Airport Wi-fi: with hotel and airport usage up during the holidays, it’s a tempting time for thieves to hack into unsecured networks hoping to find opportunities for theft.

Most of this is common sense but for those web users still learning the ins and outs of cyber security, McAfee’s list offers a good blueprint to follow to ensure a safe holiday season for you and your computer!

Leave us your thoughts and comments!

Read Full Post »

Bad News Continues as Q2 Click Fraud Rates are Released

Posted in Click Fraud, tagged , , , , , on July 8, 2010 | Leave a Comment »

Even we admit that we’re starting to sound like a broken record here at Junkie when the topic of click fraud comes up.  But don’t blame us for being repetitive!  Even though we’re always thinking positive thoughts and hoping for the best, click fraud data continues to disappoint every three months or so.

The second quarter of 2010 isn’t any different.  In fact, it’s now to the point where the leading click fraud trends are consistently heading in the WRONG direction when analyzed in the big picture, offering no relief in sight for beleaguered web advertisers and marketers.

Anchor Intelligence, our most-trusted source for comprehensive data on click fraud, reports that second quarter fraud actually moderately decreased, down to 28.9 percent from 29.2 percent in the first three months of 2010.

We’d suggest a celebration for this 0.3 percent reduction, except for one glaring problem:  the Q2 rate actually represents a 26 percent increase in fraud compared to the same quarter just a year ago.

What’s happened in 12 short months that makes this possible?  As usual, Anchor cites the “dramatic” growth of botnets in both scale and volume around the globe as the main culprits.  The “exploitation by malicious hosts” of security vulnerabilities in the Internet infrastructure of many countries is also to blame.

Vietnam (37.3 percent), Australia (36.4 percent) and the U.S. (34 percent) continue to lead the rankings around the world for the highest attempted click fraud rates.  But India isn’t far off, after recording a dramatic jump in click fraud from 21.8 percent in Q1 to 31.7 percent in the second quarter.

“Click fraud attempts are not going to go away any time soon.  Cybercriminals will simply reallocate their attempts from well protected ad networks and search engines to those that do not have a fortified line of defense,” says Ken Miller, CEO of Anchor Intelligence.  “Fraudsters are efficient.  Once they stop receiving payments from one set of targets, they’ll simply find another set that is likely to pay out.”

Talk about doom and gloom! Is there anything good to take away from Anchor’s quarterly report?

Anchor did report that search engines and advertising networks that process more than 1 million daily ad clicks were experiencing some decreases in click fraud in the second quarter, attributed mostly to their partnerships with networks that have amped up click fraud defenses and/or don’t bill for fraudulent clicks.  Firm numbers on those decreases aren’t available, however.

We’ve been reporting that same rough news about click fraud every quarter for quite awhile now. So it’s time for you, our readers, to have a say.   Give us your ideas and thoughts on how to turn this click fraud mess around.  What drastic strategic steps do you think need to be implemented? Or is it just a lost cause?  Leave a comment and let’s get an open discussion going here!

Read Full Post »

Consumers Beware! New E-commerce Fraud Threatens Your Confidential Information

Posted in Ecommerce, Online Shopping, tagged , , , , , , , on February 12, 2010 | 2 Comments »

Those who read Junkie on a regular basis know all too well our position on click fraud and the devastating effect it can have on internet retail operations.  But today we’re going to review a new type of fraudulent activity that is starting to rear its ugly head; one that targets consumers and serves as a reminder just how important it is to be careful when shopping online.

We’ve been hearing rumblings from friends and colleagues in the industry about an increase in the number of active online shoppers reporting fraudulent charges on their credit cards.  Of course, this can sometimes be the result of an advanced version of click fraud that we reported on  about a month ago.  But it’s also likely that people are seeing these unauthorized charges as a result of this new scam to collect consumer credit card information under the guise of an ecommerce store.

How does it work?  A new wave of cyber criminals has discovered a way to build disposable websites in order to compile data from shoppers who assume they’re using a reputable online store. These sites look and operate like a regular online shopping destination, complete with products descriptions and images as well as full shopping cart capabilities, totally able to process transactions complete with sensitive financial information.

The thieves capture credit card information during the check-out process and naturally, the shopper never receives any merchandise, only the charge for the fake item plus whatever else the scammers have decided to charge with the card.   It gets worse.  Some of these cyber crime rings are taking the credit card numbers they steal from consumers and using them to set up online advertising packages with comparison sites and search engines.  These ads bring in even more customers, more fraudulent sales and thus, more stolen credit card information.

By bringing those advertising entities into the mix, this scam has the potential to cast a much wider net than others that preceded it, preying on web partners that aren’t diligent about double-checking their advertisers and thus, attracting unsuspecting consumers who believe they’re shopping with reputable merchants.  There is no accurate measure for how often this type of fraud is being perpetrated, nor any reliable estimate on the amount of money it is costing consumers but it’s definitely out there, and that alone is reason enough to reinforce some important security tips for online shopping.

You should always be on the lookout for merchant certifications when browsing on comparison shopping sites, which we covered with another recent posting recently.  These designations, earned by retailers who meet or exceed the highest standards of quality as established by the hosting website, ensure that you’re buying from a trusted source.  Some scammers will affix certification logos or buttons on their fraudulent sites but they’re almost always just images that don’t link to any certification page.  As such, you should not only look for these designations on retails sites and comparison shopping pages, you must click on them to make sure they really are legit.

Another way to research a particular merchant is to look for customer reviews on the web and on specific shopping sites.  Relying on other consumers and their experiences with retailers is quick, easy and free.  You can also check with the Better Business Bureau, particularly for local and regional merchants.   Finally, trust your gut.  If you come across a shopping page where something…anything…seems a bit off, go elsewhere.  Chances are, if a deal sounds too good to be true, it is.

We’ll keep tracking this new fraud activity and report any updates we come across.

Read Full Post »

Merchant Tips: Establishing Trust and Security

Posted in Ecommerce, tagged , , , , , , , , , , on April 16, 2009 | Leave a Comment »

Build trust with your shoppers

Building trust with your shoppers

Let’s face it: people who still have hang-ups about online shopping more often than not cite safety and security as the chief reasons why. The prospect of identity theft and a general fear of online shopping has kept a sizeable chunk of people, 10 percent of the market by some estimates, off the internet for shopping.

As a merchant, your goal should be finding a way to get that 10 percent of the population online and shopping on your site.  Your inventory, prices and customer service will all play a role in that process but only by establishing a sense of safety with these customers will you ensure that they feel comfortable enough to utilize your website.

Here are 5 easy steps you can take to give jittery customers and first-time online shoppers the peace of mind they need to keep coming back:

Beef Up Security: this one’s a no-brainer but you should be operating on SSL (secure sockets layer) technology to ensure that the pages on your site that require sensitive customer data are run through an encrypted link. Furthermore, it’s important to promote and even flaunt your security system throughout the site to assure customers that they can trust doing business with you.

Provide Clear Methods of Contact: don’t make customers search endlessly for your contact information. Place your phone numbers, email addresses and physical addresses in highly visible sections of your site. In addition to traditional customer service phone numbers, explore adding live chat or online support features as well. Remember that communication is the key to any relationship. If shoppers can easily reach your staff when they have questions or concerns, they’ll feel much better about utilizing your company.

Keep it Private: make it clear to customers that you value their privacy and that you will not engage in selling or making available their private information to outside entities. Post a clear, concise and easy-to-understand privacy policy in a prominent position on your site so they know that whatever information they provide you with in the course of a transaction is going to stay with you and only you.

Update, Update, Update: be diligent about keeping every facet of your website current. This goes not only for product pages, which should be updated frequently to reflect inventory and pricing, but every other section as well, from customer service to FAQ sections and contact pages. If a shopper finds something outdated on your site, it reflects a lack of commitment on your part.

Align Yourself with Reliable Third Parties: join your local chamber of commerce as well as any applicable trade associations and promote these relationships on your site. If you’re listing products on comparison shopping engines, do whatever it takes to earn special recognition with them that highlights your commitment to quality business practices, such as Sortprice.com’s Certified Merchant Program.  Don’t be shy about promoting these relationships that prove to customers that you’re dedicated to quality.

Read Full Post »

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: