Security experts urge Asian e-retailers to boost authentication to protect customer data
Security experts are urging online retailers in the Asia-Pacific market to increase security authentication measures to protect consumer data in light of rising cyberattacks, according to a report by South China Morning Post.
Cybersecurity experts from ThreatMetrix, Fortinet and FireEye have all recommended that retailers invest in stronger authentication services to safeguard online transactions from increased attacks used for identity theft, as well as for validating and altering credentials of stolen identity to facilitate further online fraud.
“Small retailers can get compromised very easily, as sometimes even the usernames and passwords [of their customers] are not encrypted,” said Bryce Boland, the Asia-Pacific chief technology officer at FireEye. “Many merchants’ focus is often not on security, it’s on how they can maximise their return on investment, their margins,” he said. “But as fraud levels go up, so do credit card transaction processing fees which can eat into the margins of retailers.”
ThreatMetrix recently published a research report that found that 11.8 percent of e-commerce transactions in Asia-Pacific are comprised of fraudulent login attempts.
The report highlighted that cybercriminals often leverage patched-together stolen identities to conduct attacks on digital transactions.
ThreatMetrix chief products officer and co-founder Alisdair Faulkner said that e-commerce sites make vulnerable targets for hackers, who compile “dossiers of information” for future use.
“With your identity, [hackers] could access your medical record, insurance, even your bank accounts,” Faulkner said. “They could collect enough information, impersonate someone’s identity and apply for a loan at a bank … or commit tax fraud.”
Meanwhile, Fortinet said that online retailers ought to implement more authentication security features to reduce e-commerce fraud.
“Computer security experts agree that password-only authentication is no longer good enough, even if users make their passwords very complex,” said David Maciejak, manager of Fortinet’s Fortiguard security services. “We expect evolving technology to further reduce the friction of the authentication process. In the last few years, for example, various new authentication methods … have emerged, including fingerprint scanners on smartphones and laptops, and facial recognition technology on embedded cameras.”
Many companies will often refrain from implementing stronger security measures to ensure that transactions are more seamless for customers.
However, Network Box managing director and co-founder of Network Box Michael Gazeley, said that this approach could prove to be detrimental.
“When presented with a choice between perceived convenience and security, perceived convenience, historically, has almost always won. But with major data breaches now seemingly part of modern life, this has to change,” Gazeley said. “Maybe a better way to look at cybersecurity, is that, ultimately, it is a lot more convenient not to be compromised.”
Boland emphasized that e-retailers should not collect large amounts of data from their customers to reduce the consequences of a cybersecurity breach.
“If you don’t need to collect data about people, don’t collect it. Because by collecting it, you are implicitly taking responsibility for protecting it,” Boland said. “As soon as it’s stolen or used or abused … you’d have enabled a crime to take place.”