News & Views

Holiday shopping and cyber threats

Black Friday and Cyber Monday usually mark the start of a crucial period for retailers in terms of sales. But it is also crucial for cybersecurity.  With a peak in internet traffic expected in the coming weeks, we can also expect an increase in online fraud attempts.  We ask John Gilbert, General Manager UK, Yubico (www.yubico.com) for his views.

“Online retail is a popular industry for cybercriminals because of the high volume of traffic and the number of transactions carried out.  Just as consumers are looking for the best deals, cybercriminals are simultaneously on the lookout for the opportunities to conduct attacks.”

“Common attacks include convincing scam emails or texts, and even websites.  This year we have seen a particular increase in deliver text scams (www.bbc.co.uk/news/newsbeat-57654967) where an attacker poses as a legitimate delivery company and sends a text indicating that a delivery charge needs to be paid.  Given the increase in online shopping over the past couple of years, these attack methods pose a big threat to consumers as scammers are finding points of entry at both the purchase and delivery stages. These attacks are all carried out with the aim of accessing the victim’s personal information, passwords, and security details.”

“To protect against this, the retail industry must implement multifactor authentication (MFA) for their customers to access their online accounts.  MFA requires users to set up additional authentication beyond the standard username and password.  It should be noted, however, that not all methods are created equal.  Some, such as SMS one-time passwords, are still vulnerable to attack. Setting up more advanced forms of 2FA, such as an authentication device, will provide a much higher level of security.”

“Verifying the identity of customers has become a major challenge for retail players.  Indeed, protecting consumers and their data while providing an optimal shopping experience is often considered a real burden for online sites.  However, it is not as complicated as it seems and in fact, cybersecurity is a competitive advantage.  Not to mention the fact that a compromise resulting in the loss of sensitive customer data can have a far greater impact than a few abandoned shopping carts. Customers need to know that they can trust online retailers to protect their personal information.”