This week, Britain’s shoppers are expected to spend a record ?1.145 billion online, the biggest e-sales week this country has ever seen. According to the Interactive Media in Retail Group, internet sales yesterday were set to exceed ?180 million in a single day, an all time high and 40% higher than last year’s peak of about ?131m, on 12 December 2005.
Christmas is the most significant event in the UK’s retail calendar with some shops making up to 60% of their annual turnover at this time. This applies to e-retailers too, as Verdict, the UK’s leading authority on retailing, has announced that 4.5 per cent of the total spent on Christmas in December alone, will be done online. IMRG predicts that December online sales will top the ?3.55 billion mark.
There has been a huge increase in consumer confidence when it comes to online shopping. And, experts believe, online shopping will continue to grow as British consumers opt to avoid crowded shopping centres and become more and more educated in how to use retail outlets online, safely and securely. It is vitally important, however, that the retailer takes all the steps necessary to ensure a secure online shopping environment. E-commerce is booming – but we have already seen instances where the failure to take care of consumer data has had truly dire consequences; damaging both to the consumer and retailer alike. In the US, a database hacker broke into CreditCardSystems, a credit card handling firm supporting online activity, and stole 40 million customer records. More recently, in the UK, Glasgow police estimated that 10% of call centres in the area had been infiltrated by criminal gangs, intent on stealing sensitive customer data.
Secerno, an innovator in database assurance, says that a consumer’s confidence in online retail outlets will continue to grow until it becomes the victim of a high-profile malicious attack. Paul Davie, CEO of Secerno, says ‘”Why do we always lock the stable door after the horse has bolted in this country? We have heard enough horror stories so far this year to remind us to be extra vigilant when shopping online. We suffer as one of the top-three countries in the world to be attacked online by spyware, viruses and Trojans. Attacks by hackers are increasingly targeted and sophisticated with financial gain becoming an increasingly key motivator in their perpetration. Criminal gangs are becoming increasingly involved in exploiting loopholes in database security.”
The e-retailer is under mounting pressure to provide fast and efficient service at this time of year so that the consumer has a favourable buying experience and deadlines for Christmas purchases are met. It is no surprise, therefore, that there is a great temptation for the e-retailer to cut corners in order to satisfy demand, hit targets and remain competitive. Unfortunately, as e-retailers turn their undivided attention to responding to purchases online quickly and efficiently, they often neglect the most important parts of the proceedings – the transaction, where credit card details are provided, and the security of the database where they are then held.
As the e-retailer receives ever more visitors and as orders amass, its systems are put under increasing strain. Those responsible for the website’s upkeep are forced to focus on the main priority of business continuity and quality of service. When IT staff are put under such pressure, subtle, targeted attacks are much more likely to sneak through unless data systems are automatically and effectively secured.
The consumer knows that their identities can be stolen from discarded personal financial paperwork and that they must cancel their credit cards, should they be misplaced or stolen. But when they have no idea whether their confidential data is under attack, they have only the holders of their data to reassure them. According to APACS, the UK payment association, internet, phone and mail order fraud (card-not-present or CNP fraud) increased again in 2006, and with so many people now banking online in the UK, it should come as no surprise that banking fraud has increased to ?22.5million.
All of these threats ultimately target the customer data that is held in corporate database systems. Databases lie at the heart of most companies, and contain many of the most valuable assets of these organisations, and indeed of their customers. As the methods of attack on data assets become much more sophisticated and the reasons are, increasingly, for high financial gain, it is important for companies to consider the changing nature of the threats.
The consequences to their business – and to the customer’s financial well-being – of a data theft are too dire to be ignored. Retailers must put in place effective mechanisms that help them identify abnormal behaviour in terms of anyone trying to access precious customer data – and allow them to deal with targeted attacks in a timely fashion. Until now, technology to combat these types of threats simply didn’t exist. Secerno provides a new generation of security product which allows companies to protect their databases effectively from both insider abuse and targeted attacks for the first time. Secerno offers the ability to spot any unusual behaviour in terms of activity on a database – even when that activity itself originates within the company and may not seem malicious at all by understanding the patterns of normal access to each individual database. As insider threats to databases grow in their prevalence and we hear stories of malicious infiltrators working their way into datacentres to obtain key customer data by deceit, this intelligent kind of approach will play a key role.