Although Willie Sutton denied having said it, we’ve all heard the quote attributed to him about why he robbed banks: “Because that’s where the money is.” Nowadays, money can be found in lots of places other than banks, including the burgeoning e-commerce market. With online shopping estimated to exceed $1.5-$2 trillion once the year’s receipts are tallied, the e-commerce sector is an attractive target for cyberthieves.
There’s more than money to be had by breaching e-commerce sites, of course. These sites often store payment card numbers and other sensitive customer data. Information of that type can be sold as another route to getting money, or used for other criminal purposes, including identity theft.
Complicating the challenges of securing e-commerce sites is their proliferation combined with the variety of ways in which they’re used. Even if the sites themselves have strong security protections, the devices accessing them and the networks carrying e-commerce often don’t. For example, individual stores have created their own apps, which can be easily compromised if they’re not securely designed.
Most notable from a security perspective, however, is the increased use of mobile devices for online shopping. During 2016, 60 percent of transactions confirmed as fraudulent originated from a mobile device, according to security firm RSA.
With mobile transactions expected to outpace Web transactions for the first time during 2017, RSA also expects to see fraud to grow rapidly. The fact that many users access e-commerce sites over free and unsecured Wi-Fi networks introduces another point of vulnerability in these online transactions.
Helping to counter the increasing mobility risk will be a combination of biometric authentication technologies on mobile devices, along with risk-based transaction monitoring solutions. For better protection against rogue Wi-Fi networks, customers can also turn to solutions such as those offered by third party vendors.
Beyond mobility-specific security controls, the portfolio of security technologies continues to grow larger and become more sophisticated. Among the most important tools now available to e-commerce site operators are security information and event management (SIEM) systems and advanced threat and incident management (ATIM) systems and services.
Given the volume of traffic and transactions at many e-commerce sites, there’s no way human security analysts can monitor all of the events and activities occurring in real time. ATIM solutions can scan huge volumes of data looking for indicators of compromise as well as for multi-stage tactics, techniques and procedures. If they integrated ATIM outputs with SEIM systems, organizations could automate not just the identification of cyberthreats, but also the initial response to help counter them.
E-commerce is too established and too popular to do anything but continue to grow. E-commerce sites will continue to attract the attention of cyberthieves and hackers, meaning that site operators should be among the most aggressive when it comes to deploying multi-layered and cutting-edge security protections.
Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post.