The Lurking Perils of Online Transactions

CRM News: E-Commerce: The Lurking Perils of Online Transactions
By Jeremiah Grossman

Hundred of millions of people use Web mail, which is why in many ways e-mail is more important to keep secure than your bank account. Many people have important online accounts tied to a single Web mail address. If anyone gained access to your e-mail account, all accounts associated with it could be compromised as well.

E-commerce has been part of the retail world for
more than a decade, and today’s consumers seem to assume that because
of this longevity, their transactions are secure. Beyond this, the
average online shoppers are convinced their credit card numbers and
other sensitive information are out of reach of attackers with a
firewall and antivirus program, combined with shopping at brand-name
retail sites.

However, the average
consumers don’t scan the Internet for Web hack news. If they did, they
would find a constant stream of stories about malicious hacks affecting
the modern consumer.

TJX was one of the largest, but we can’t forget about the more recent attacks on the Rivkin online auction, QVC
or the Colorado Rockies ticket site. One incident like this can cost
corporations thousands of dollars in remediation costs, and can cause
irreparable damage to their brand image. The consumers? Their Social
Security numbers can go out the browser window and into the black
market.


Most Intense Hacks

If you haven’t had time to translate the Web security jargon, allow me
a minute to break down some of the Web’s most recent, most intense
hacks, in e-commerce and beyond, for you:

  • The MySpace Samy Worm. What was the hack?
    Cross-site scripting (XSS). What’s that? The injection of malicious
    code into otherwise secure Web site code. So what? In less than 24
    hours, self-propagating JavaScript malware Webroot AntiSpyware 30-Day Free Trial. Click here. infected more than 1 million user profiles and one of the Web’s largest properties experienced more than a day of downtime.
  • CardSystems. What was the hack? SQL injection.
    What’s that? The insertion of malicious code into the database layer of
    a Web site. So what? Hackers stole 263,000 credit card
    numbers and exposed 40 million more. Several million dollars worth of
    fraudulent credit/debit card purchases were made with these counterfeit
    cards.
  • Free Macworld 2007 VIP passes. What was the
    hack? Exploitation of a business logic flaw. What’s that? A number of
    attack methods that result in Web site code operating not as intended.
    So what? Several people discovered how to obtain free Platinum Passes
    (a $1,695 value). By viewing the source code of the sign-up Web page,
    they found hidden priority codes freely usable during registration.


Safety Measures

So, if you aren’t an expert in computer security, here are some top tips for a safer online experience:

  • Switch your Web browsers to Firefox, Mozilla, Safari, or anything else besides Internet Explorer.
    This is probably the single most important thing you can do to protect
    yourself online. You think you’re fine because a new patch is being
    released soon — to bring IE light years ahead of all other browsers?
    Sorry, that will get you nowhere, because a patch like that is like a
    glittery target for malicious hackers.

    With browsers, the best way to remain secure is by staying out of
    the line of fire, and Internet Explorer is well known for being in the
    crosshairs of viruses, spyware, and adware. If a Web site really does
    need IE and you really need to use the Web site, make sure the site is
    legitimate, then it’s reasonably safe to fire up IE.

  • Add more security to your Web browser.
    No matter what browser you choose, the Web is a hostile place and all
    Web surfing tools need a little help to defend themselves. Try NoScript
    for Firefox, the Netcraft Anti-Phishing Toolbar, the eBay Toolbar, or
    the Google Toolbar.

    All of these add-ons help identify phishing Web sites, prevent your
    computer from being hacked, and your passwords from falling into the
    wrong hands. Most people will only need the first two add-ons, but if
    you are an eBay buyer, using theirs is essential as well.

  • Don’t click on links in e-mail, almost ever.
    Whenever possible try NOT to click on any links in e-mail, especially
    since links themselves are dangerous and the latest phishing e-mails
    are difficult to detect. An ounce of paranoia is worth a pound of
    patches. If I’m unsure if an e-mail is real, one thing I do is manually
    type the domain name into the Web browser location bar.

    This way I know I’m on the real Web site. If an organization asks
    me to verify my account information by “clicking here,” instead I type
    in the organization’s URL then proceed to login. If a company you’re
    doing business with really wanted to verify your account information,
    they would ask at the point of login.

    With that said, some e-mail links are safer to click on than others.
    Like those sent in response to an action (account registration,
    password reset, order confirmation, etc.) you might have performed on
    the Web site within the last several minutes.

  • Defend your Web mail. Hundred of
    millions of people use Web mail, which is why in many ways e-mail is
    more important to keep secure than your bank account. Many people have
    important online accounts tied to a single Web mail address. If anyone
    gained access to your e-mail account, all accounts associated with it
    could be compromised as well. The best thing you can do is use
    unguessable passwords, change them every six months or so, and don’t
    use that password anywhere else. Bonus points for deleting e-mails with
    any sensitive information.
  • Use a single credit card for online purchases. In
    light of recent events, chances are the credit card numbers we use
    online are going to be stolen at some point. For that reason it’s best
    to try and limit any potential damage. Using a single credit card with
    just enough of a limit to conduct your online transactions makes it
    easier to monitor statements for any strange charges. Plus, any fraud
    is isolated to that one card. Also, refrain from using a debit card
    online since they don’t carry the same consumer legal protections as
    credit cards.

Normally, this is the part of the discussion where the experts start
talking about SSL (secure sockets layer) and telling you to check for
the lock symbol. In my experience just about every legitimate Web site
accepting credit cards is now SSL-enabled. So the better advice is to
make sure you’re actually on the one Web site you think you are on.
Otherwise SSL isn’t going to matter much anyway.

Scared? You should be. Oh, but happy shopping.

Technorati Tags: ,

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • del.icio.us
  • Slashdot
  • Technorati
  • StumbleUpon
  • Google
  • Facebook
Posted in NetSuite |

2 Responses

  1. lostlink Says:
    January 28th, 2008 at 1:27 pm

    Just to add to all that scary stuff. Any and all information you enter on the internet (e.g. credit card #’s, address, any personal info) will be stored and can possibly be hacked into, no matter what site, trusted or not. Just watch it because someone else might watch it for you.

  2. Michigan Credit Card Processing » The Lurking Perils of Online Transactions Says:
    March 3rd, 2008 at 10:27 am

    [...] unknownnHBeyond this, the code online shoppers are destined their assign bill art and added angry aggregation are conceive of fulfill of attackers with a firewall and antivirus program, compounded with shopping at brand-name retail sites. … [...]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.