Happy Cyber Monday. If you are a business that has an e-commerce store front, I hope you have a successful day and holiday season. I also hope that you are able to keep your customers safe from cybercrime this season. I’m sure you know that you have your work cut out for you in that area. Of course, it isn’t just online retailers that have to increase focus on cybersecurity. If you are using any kind of Point of Sale (PoS) system that connects to the Internet, you’re at risk.
However, it is one thing to talk about cybersecurity and another to actually have a solid, working cybersecurity solution in place. According to SecurityScorecard’s 2015 Retail & eCommerce Security Report, too many businesses aren’t doing enough to keep customer data secure.
The biggest problem facing retailers is legacy software systems that are extremely vulnerable to infiltration by hackers. Plus, hackers are finding their way into networks via third-party vendors (remember the Target hack?).
In this particular study, SecurityScorecard looked specifically at the top and bottom 10 percent of retailers collected from its industry data. It found that, while all retailers have problems with Web applications, the top retailers are doing a better job at overall security efforts, including patching practices and less malware. The bottom 10 percent, however, overwhelmingly struggle to follow basic security protocols. As Aleksandr Yampolskiy, CEO and co-founder, SecurityScorecard, said in a prepared statement:
For bottom performing retailers, we noticed issues in the frequency of fixing vulnerabilities, so companies need to put robust and rapid patching policies in place in their security programs. We also found too many instances of corporate login and password credentials found on the underground, so retailers need to improve security awareness training for employees.
Speaking of security awareness, this is the first holiday that American consumers and companies will be using the new chip credit card system. Well, if you can find retailers who are using them, because the rollout has been slow, and it certainly has not been perfect. At the same time, consumers have never been truly brought up to speed on the EMV standard and the security behind the cards. A new study by CA Technologies found that the majority of consumers lack knowledge and education about the new cards. On this Cyber Monday, this may be the most concerning statistic: 77 percent believe the cards will protect them from online fraud. In a statement, Carol Alexander, marketing director for CA Technologies payment security business, warned that we should be concerned about something else:
The fact is a more secure point-of-sale solution, which the chip cards are supposed to offer, will spark an increase in online, card-not-present fraud. We saw this phenomena in Europe and other regions who have adopted chip card technology. The strength of the U.S. e-commerce market makes card-not-present fraud an equally important security issue that card issuers and merchants need to consider in the shift to chip cards for point-of-sale transactions.
Is it the responsibility of online retailers to alert customers about the protections (or lack thereof) in the EMV standard? The short answer is no, credit card issuers need to do a much better job of that. However, it couldn’t hurt to put a reminder out there as folks make their online purchase.
After all, at this time of year, any helpfulness when it comes to improving security of the customers will go a long way in keeping those same customers happy and returning at other times of the year.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba