Advertisement
11/14/2013

Avoid the Cyber Monday Meltdown and Losses of $3.4M an Hour

During the holiday shopping season, retailers must secure their e-commerce websites and keep customers loyal. On Cyber Monday, shoppers can boost sales significantly, however an average of $3.4 million is what reputation and brand damage can cost as a result of the loss of customers in just one hour of downtime, according to a recently published report by Ponemon Institute, "The 2013 eCommerce Cyber Crime Report: Safeguarding Brand and Revenue this Holiday Season."
 
Detection of fraud is difficult due to the lack of real-time visibility. More than half of respondents say their organization does not have real-time visibility into its website to detect the presence of a criminal, while only 36% say their organizations use automated forensic tools that detect business logic abuses.
 
Many retailers make significant investments in website marketing, only to realize losses if they are not ready to deal with the potential threat of attacks on Cyber Monday. Understanding the cost of downtime and more importantly, the cost of reputation and brand can help make the business case for investing in the resources necessary to stop fraud and preserve the integrity of customer-facing websites. Here are the top nine attacks to be aware of this holiday season:
  • Botnet and DoS. When a cyber criminal targets a botnet against a company and this results in a denial of service attack that ultimately brings down its websites. 83% say it is more likely to occur on high traffic days and 72% say it would be difficult to detect.
     
  • Mobile app store fraud. Companies that are vulnerable have an app store/marketplace that provides access to products and instant rebates. Criminals concealed as merchants and buyers manipulate the open platform for financial gain, cashing in on rebates and earning points from credit card incentive programs. 78% say it is more likely to occur on Cyber Monday than other times and 71% say it would be difficult to detect.
     
  • Mobility use case. Cyber criminals infiltrate a mobility platform that allows customers to access websites using smartphones and mobile devices with malware that captures customers' account access credentials. The criminals harvest this information to takeover accounts using a laptop or desktop computer. 66% say it is more likely to occur and a higher percentage (70%) say it would be difficult to detect.
     
  • Click fraud. An agency is pad on a "per click" basis to conduct an online advertising campaign, many "clicks" are not authentic and do not involve an interested customer. 66% say it is more likely to occur and 74% say it is difficult to detect.
  • Testing stolen credit cards. Cyber criminals steal hundreds of credit card numbers and use a company's credit or debit card payments function to validate active credit cards. 64% say this is more likely to happen and 66% say it is difficult to detect.
     
  • E-Coupons. Frauds do an "end-run" around a company's pricing policy, then select a heavily discounted item and place it in the shopping cart. They delay the checkout in order to obtain and apply an e-coupon to the final purchase price, obtaining the item well below company cost. 64% say this is more likely to happen and 70% say it is difficult to detect.
     
  • Account hijacking. Cyber criminals obtain the user names and passwords of customers through a phishing scam. Customer account information is leaked through what appears as a legitimate internal company e-mail communication. 61% say it is more likely to occur and 72% say it is difficult to detect.
     
  • Electronic wallet. Hackers identify sites that have recently added internet payment processes such as PayPal, Google Wallet or Amazon Checkout, and exploits the lack of fully implemented security controls. 60% say this is more likely to happen during the high traffic period and 81% say it is difficult to detect.
     
  • Mass registration. Imitation websites are created to lure loyal and perspective customers, which then asks them to provide personal information to register for a promotion or offer. This results in the theft of sensitive information. 50% say it is more likely to occur but 71% say it is difficult to detect.
Especially during the holiday season, it is important that companies think of this issue broadly. When considering an investment in web security, be sure to also consider the economic loss from reputation damage that may occur.