The merchant is always responsible for security of the Internet-connected PC where customer details are handled. Virus protection and a firewall are the minimum requirements.
Phishing, the hacking technique of mass-mailing malicious email to trick people into clicking on malware links or disclosing private information, is on the rise. Countless other mass phishing emails were blocked by anti-spam filters and so were not counted. Spam filters can catch many, but not all, mass phishing attacks.
However, spam filters are generally helpless in the face of more targeted attacks like spear phishing. Spear Phishing Spear phishing is a more dangerous variant of phishing that targets specific victims with emails purporting to be from friends and colleagues.
For instance, many e-commerce companies reply on multiple independent entities, such as fulfillment houses, payment card processors and call centers. These companies may also employ contractors like work-at-home customer service representatives. It is difficult for an employee at one entity to know for sure if an email sender is actually affiliated with one of the other links in the e-commerce chain.
Here are some examples of how a spear phishing attack can take place in e-commerce: Don runs a department in an e-commerce company. Perhaps Don gets an email from Sally explaining that she needs to send her a list of employee social security numbers so the IT department can test a new HR system right now, so it can go live immediately!
However, the Excel document is a vector for malware injection. The Indonesian supplier is fake. There is no new HR system. These are all possible ways that a spear phishing attack can gain access to confidential information or funds.
Business Impact The potential business impacts from spear phishing in e-commerce are quite serious. Breaches of customer data are costly and embarrassing. There are notifications that must be made, identity protection services offered and potential lawsuits to be dealt with. Outright theft is a risk too.
Hackers often use customer information to fraudulently order merchandise from the very e-commerce company they stole the information from!
Additional risks of business disruption and reputation damage: Massive losses of potential revenue for slow or broken sites.
Damage to the e-commerce brand due. Hacked companies that are bound by PCI policy face potential fines for data breaches… even if they are completely compliant. The costs can run into tens of millions of dollars. Phishing and Spear Phishing Solutions The biggest challenge in defending against phishing and spear phishing is that standard email security software like spam filters is not generally effective against the threat.
If a phishing message contains a URL, it may appear benign.
After the URL has been through the filter at the email server level, however, the hacker may redirect it to malware — making the recipient vulnerable. Vade Retro is pioneering a new type of anti-phishing countermeasure that can protect e-commerce businesses.
Vade Retro employs heuristic analysis to spot spear phishing emails, protecting employees from threats even when the threat is literally inside the firewall on the email server.
It has created numerous rules using this kind of artificial intelligence to screen inbound messages. Vade Retro also looks at each URL included in an email the instant an employee clicks on the link, safely exploring it in a remote sandboxed environment to see if it contains any malware or malicious code.Electronic Commerce: The Issues and Challenges to Creating Trust and a Positive Image in Consumer Sales on the World Wide Web I will also examine the issues of trust and image in e-commerce.
It is not possible to separate the issues of technology, security, and trust. The security of e-commerce decreases as its functionality . The E-Commerce Phishing Threat. Two of the most serious e-commerce security issues are phishing and spear phishing.
Phishing, the hacking technique of mass-mailing malicious email to trick people into clicking on malware links or disclosing private information, is on the rise.
Regardless, technology is not the final solution. Because security issues in e-commerce threaten to derail a sunrise industry, developers, business owners, governments, payment processors, and users must participate in making the Internet more secure. Definition: Ecommerce security is a set of protocols that safely guide ecommerce transactions.
Stringent security requirements must be in place to protect companies from threats like credit card fraud, or they risk jeopardizing revenue and customer trust, due to .
In this paper, the different types of security issues facing e-commerce systems will be presented and categorized, in addition, general guidelines and measures on how to deal with these security issues to protect e-commerce systems will be presented and discussed.
1. The merchant is always responsible for security of the Internet-connected PC where customer details are handled. Virus protection and a firewall are the minimum requirements. To be absolutely safe, sensitive information and customer details should be stored on pendrives or a physically separate PC.