After several years of fighting off persistent attacks from hackers, e-commerce companies may finally be turning the tide with their security initiatives, although industry experts say that much remains to be done.
"Companies have woken up to the fact that, in many cases, applications created to offer functionality to customers were exposing attack points to hackers," said Peter Lindstrom, research director at Spire Security, Malvern, Pa. "As authentication systems like registration were de-emphasized, we did see an upturn in attacks."
Lindstrom said that efforts to make sites more user-friendly often make them more hacker-friendly as well. But he is optimistic that things have gradually turned in favor of e-tailers, as businesses have gotten more careful in formulating security strategies.
One of the tactics that is showing success is breaking up the online transaction process into different pieces, Lindstrom said. By compartmentalizing functions such as validation and credit card encryption, e-tailers can keep damaging effects to a minimum. Another anti-hacker technique that is growing in popularity is increased "scrubbing" of transaction data, a technique that effectively erases traces of information that hackers could use to their advantage.
Another area of concern that is being addressed is security around the applications that e-commerce companies use to build and operate their sites, said Jonathan Gaw, a research manager at International
"In the high-profile cases we've seen, it's not the technology failing, it's the systems implementation that leads to failing," Gaw said. "The solution to this isn't buying better technology; it's making better use of what you've got."
Gaw said that, for larger e-tailers such as Seattle-based Amazon.com, this hasn't been as big of an issue, but for small and midsized e-commerce businesses, keeping up to date with platform and infrastructure weaknesses can be a daunting task. "Once a flaw gets exposed, every hacker in the world is out there trying to see who hasn't found out about it yet," he said.
Even when an e-tailer has sufficiently protected its customers from online fraud, convincing users that its business is secure is an entirely different matter, said James Van Dyke, principal analyst at Javelin Strategy and Research, San Francisco."We advise merchants that you cannot overdo the security message," said VanDyke. "For consumers, there's more confusion than anything else; the illusion of security or privacy problems are just as strong as the reality."
FOR MORE INFORMATION: