Dedicated To The Handheld Hardware Sector, Featuring News, Press Releases, IT Directory & Links
BEWARE THE CYBER SHOPLIFTERS WARNS NTA MONITOR
Published 5th December 2008
5.12.08 As the recession starts to bite, the threat from ‘cyber shoplifting’ will increase for online retailers, warns leading IT security consultancy, NTA Monitor.
The majority of online retailers use a payment provider to process payments by simply verifying the card details and checking against the billing address rather than the entire transaction. NTA has found that by manipulating form variables on an online retail site or on the back-end payment gateway, cyber shoplifters may change the amount debited from their account or change the currency with which goods are purchased, both resulting in paying less for the items in their shopping basket.
The payment provider will just take the amount logged on the card against purchases made and the online retailer is left to pick up the difference.
Of those retailers who sell online, 85 per cent have experienced internet fraud in the year to April 08 and 64 per cent said internet fraud had increased*. Roy Hills, technical director at NTA Monitor comments: “As a PCI DSS Council Approved Scanning Vendor, we know only too well the serious situations that a company with significant security vulnerabilities can find itself in. Internet fraud is on the increase and ‘cyber shrinkage’ looks set to get worse in the lead up to Christmas unless retailers get their shop in order.”
NTA Monitor has three wise tips for online retailers over the Christmas season:
• Put procedures in place to check items against the amount paid and currency before they are dispatched. Anything sent by the browser should not be trusted and should, therefore, be verified before the item is dispatched and with all user data being received by the server validated on the server side.
• Perform input validation on all client input using character white lists to limit common problems such as XSS & SQL injection.
• Prevention is better than cure, so perform high level testing of online applications to identify weaknesses within the ‘business logic’ in addition to regular PCI and OWASP testing.
• British Retail Consortium’s (BRC) Retail Crime Survey 2008
-ends-
About NTA Monitor
NTA Monitor, www.nta-monitor.com, is a market leading, innovative IT security testing, auditing and consultancy company that helps to protect its 600+ customers from loss of revenue and reputation.
The company provides a range of security services including vulnerability testing, web application testing, wireless infrastructure testing, BlackBerry and laptop security testing, IT risk assessments, security policy and procedure reviews and network architecture auditing in order to help prevent unauthorised access to organisation’s networks and data. NTA regularly finds new vulnerabilities through its test projects and research and development programmes.
NTA is a founder member of the CESG 'CHECK' scheme and the newly-founded CREST (Council for Registered Ethical Security Testers). NTA is also an Approved Scanning Vendor (ASV) under the Payment Card Industry Data Security Standard (PCI DSS).
For further information, please contact:
Jacqui Delbaere or Elaine Calvert, Delbaere Public Relations
Email: jacqui.delbaere@btinternet.com or Tel: 0560 2496237 / 07770 828791
Email: elaine.calvert1@talktalk.net or Tel: 07764 614113