Cyber Monday, on Dec. 1 this year, is the day when online shopping is typically at its highest. But with the boost in Web transactions, cybercriminals are on the prowl for confidential information they can snatch from unsuspecting shoppers, according to one expert.
The increase in the volume of transactions as consumers ramp up online purchases for the holiday season will draw attention from cybercriminals, hoping to steal personal information like credit card numbers, said Dale Masi, IT Consultant with Skokie, Ill.-based IT consultancy Forsythe Technology Inc. “With the amount of transactions going through right now, it definitely makes a retailer or a company more valuable to a potential hacker because they know there will be a healthy string of business going through.”
Even with the economic downturn causing sales numbers to be lower, Masi said retailers who operate online are certainly not being lax when it comes to Web security and protecting consumer information. “More than ever, they are under more regulation and compliance initiatives to make sure that is a safe avenue for them to be able to perform their business,” he said.
While online shopping, and consumerism in general, has been hard hit by the tough economic times, Masi said the volume of purchase transactions remains substantial. For large retailers especially, whose e-commerce component can represent a large portion of their business, he said, ensuring security of Web purchases means “throwing the appropriate resources at it and paying attention to the right initiatives that are out there today.”
This heightened level of cyber risk, according to Masi, will continue through January and February. And while fraudulent activity is happening right now, “usually, it lags the start of the holiday season by a month or two because it takes time for the criminals to gather information and sell it off.”
Last month, a report by Cupertino, Calif.-based Symantec Corp. entitled Report on the Underground Economy, detailed a thriving ecosystem of cybercriminals fuelling supply and demand for stolen information like credit card numbers and financial accounts. Credit card information, the report said, is the most advertised category of underground goods and services, with data available anywhere from 10 cents to $25.
Masi said that online retailers and consumers today are certainly more aware of cybercrime, and have attempted to protect themselves by being compliant with PCI (Payment Card Industry) and the red flag rules for fraud prevention.
However, with the holiday season’s boost in Web transactions, Masi, while acknowledging ample attention to PCI standards, said he hasn’t really observed retailers taking extra precautions besides that. “But that’s not to say they’re resting on their laurels,” he said.
One security challenge Forsythe’s customers typically face, said Masi, is securing their myriad data entry points and ensuring that data is compartmentalized and visible to individuals only on a need-to-know basis.
Masi offers some advice to online retailers in light of prowling cybercrooks. From a system standpoint, if a business hasn’t run an assessment to ensure PCI compliancy, then at the very least, they should do a high-level review. It will by no means suffice for a PCI engagement, said Masi, “but at least just getting a confirmation that ‘we don’t have any significant holes in our infrastructure and identify where there might be some possible leaks.’”
And, from a process and procedure standpoint, Masi said retailers should know how and where their transaction data is being processed, and how it’s getting there. If the answers to those questions are not evident, “then that raises a red flag that they don’t have a good handle on their environment and they really don’t know what’s going on.”