Combating cybercrime during the holidays. Advice for retailers and shoppers

Online shopping, especially during the holiday period, is a massively important trading platform for many businesses. For online retailers their ability to service high customer demand and ensure the availability of their website throughout this period is crucial to their success.

The shopping frenzy has already started, with the adoption of Black Friday and Cyber Monday in many countries adding additional pressure on high street, and online retailers. In the UK and Europe, this only increased further during the holiday week and the discounts the day after Christmas. With these periods being hugely busy on the high street, an increasing number of shoppers are moving to the Internet to hunt for their bargains.

During this overwhelming period of spending, online retailers and shoppers need to be wary since this also is a lucrative period for Cybercriminals. In this article, we have highlighted a few key steps retailers and shoppers can take to keep themselves safe from cybercrime during the holidays.

Advice for Retailers:

It is without question that the availability of a retailer’s website is of significant importance when it comes to online sales during these peak periods. Even one hour of downtime can have a significant impact on a retailer’s reputation and revenue, especially during high peak seasons. The availability of a website is not only down to the capacity and reliability of the service, a number of common security issues can play a role too.

• Secure your traffic – It is highly recommended that Transport Layer Security (TLS v1.2 is recommended) is used to secure your web traffic. TLS, and its predecessor SSL (now obsolete), are encryption protocols for data in transit. All communications between your customer and your servers are protected by encryption, significantly reducing the risk of data theft. Many shoppers now look for secure sites when making purchases, and implementing TLS security will ensure that they can trust your site to protect their data.
• Patches and updates – Make sure your web servers and supported infrastructure is running the latest updates and patches. This ensures that your systems are not vulnerable to known attacks that could result in significant down time. If you use a third party to manage any part of your website, make sure they have a good maintenance program in place.
• DDoS Protection – Contact your ISP and discuss your options against Distributed Denial of Service attacks. These attacks flood websites with traffic until they are no longer able to receive genuine requests, effectively bringing the website down. There are tools available to help you monitor your web traffic, that would help you identify any spikes in demand, and there are also third party companies that offer DDoS protection services as a paid for service.
• Scan and test – If you want to be certain about the security of your website, vulnerability scans and penetration tests will determine if your website has any vulnerabilities that could be exploited by Cybercriminals.
• Have an incident response plan – To be able to deal with the worst, you will need to plan ahead. In case something happens and the website is inaccessible you need to make there is an incident response plan that includes a failover backup IP address to ensure the website is up and running in minutes.

Stay secure from cybercrime during the holiday shopping frenzy:

There are a few simple rules that can make online shopping a pleasant and stress-free experience without worrying about the security of your personal information. These are our top tips for keeping safe from cybercrime while shopping online:

• Keep it private – Never use a public computer or public access wireless networks for online shopping. Use your own computer, and connect to only to your home or other private Internet connections, especially when you plan to use your card online.
• Patches and updates – Make sure your computer has the latest updates and patches installed; don’t disable automatic updates. Most shopping websites use Adobe Flash Player and you should make sure that any updates are installed before going on an online shopping spree.
• Antivirus and malware protection – Don’t connect to the Internet without installing a reputable Anti-Virus solution. Windows devices come with Defender installed, which is often sufficient for a home user. Android devices should be protected with an antimalware product, and there are plenty on the market to choose from. There are antimalware solutions available for OS X and iOS as well. It’s important to keep anti-virus solutions up to date; enable automatic updates and let them install as soon as updates are available.
• Reputation matters – Only shop from reputable retailers. Search online using your favourite search engine for reviews about the site you are planning to shop from. There are plenty of forums online where consumers share their experiences.
• Look for the padlock – Every modern web browser has a little padlock icon next to the address bar (where the URL of a website is shown) that appears to show that a webpage can be trusted. The padlock means that any data you enter into the webpage is transmitted securely, using encryption. Make sure the website you are using is making use of secure connections by checking if the padlock icon is visible and active.
• Verified by Visa and MasterCard SecureCode – Verified by Visa and MasterCard SecureCode are additional authentication processes designed to help prevent online fraud. Shopping from retailers that use these services makes it a lot harder for cybercriminals to use your card fraudulently. As an additional security step, don’t allow websites to store your card, especially if you’re making a one-off purchase.
• Click and Collect – Some websites allow you to reserve an item online and pay in-store when you collect. Sometimes, it is a lot easier just to reserve the item you need at a local store, and pay in person.

Whether paying online, over the phone or in person, it is always sensible to use a credit card, especially if you are spending €100 euro / $100 or more. The UK consumer credit act, under section 75 states that the credit card issuer is equally liable if there is something wrong with a transaction. As a consumer you do not always have the same protections from cybercrime when using a debit card or a PayPal account.

-- This is a blog post I created for Sysnet and I am reposting it here for historical purposes. This was originally posted here.