A Summary of E-Commerce News and Topics on Compliance and Privacy
We gather together and archive topics for E-Commerce
To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.
Main eCommerce News page |
Archives: (oldest)
1
(most recent)
Two-factor technology opens new e-markets
UK businesses should soon be able to conduct trade electronically with their counterparts in Macedonia and with other states that have until now been deemed too great an e-commerce risk, thanks to an initiative between security techology firm VeriSign and the US Agency for International Development.
Banks in Macedonia, part of the former Yugoslavia, are poised to issue their customers with two-factor authentication devices to turn around the country's reputation as a risky trading partner for e-commerce.
Until now, the country has in effect been blacklisted by major e-commerce sites such as eBay and PayPal, stifling the ability of Macedonian firms to trade online.
The US Agency for International Development has partnered with VeriSign to provide Macedonia's banks with the smart tokens that will allow the country's citizens and businesses to trade securely online.
Read the full article in ComputerWeekly.com
Phishing reaches record numbers
Protecting the integrity of a brand is a top priority for all business. The damage caused to a brand due to a phishing attack can be far more severe than the funds or credentials compromised by the criminal groups perpetrating these acts. In July of this year the Anti-Phishing Working Group (APWG) reported a record number of legitimate "brands" hijacked. This group is reporting that 154 banks, financial companies, electronic retailers, or other organizations had their brands hijacked through phishing in July 2006 - a new record.
Security Focus goes on to say:
... They also report to have found 23,670 total phishing websites used to commit identity theft, fraud and other malicious activity in July 2006. This number is second only to the record 28,571 phishing sites found in June 2006, and is nearly double the 14,135 phishing sites found in July 2005. Of these sites, 14,191 are considered "new" phishing sites, compared to just 4,564 new sites found one year prior, in July 2005.
There is a full report available for download.
Read the full article at Security Focus
High Assurance SSL
Apart from the actual security provided by digital certificates in a Web environment, in terms of encryption of data and authentication of participants, they are meant to be a confidence-boosting measure.
That little lock icon in the browser and the "https" in the address tell the user that the communications are secure. Users can also click through some dialog boxes linked from the icon to see specifics of the certificates for the site they are viewing and make a decision about the authenticity of that site. Of course, 99% of users never do any such thing, and probably very few even notice the relatively obscure lock icon.
Even the value of the lock icon has been diminished lately. There have been recent examples of scammers obtaining a certain kind of SSL certificate, called a domain-authenticated SSL certificate, that can be obtained with very little in the way of verification of the bona fides of the applicant. Even if the user takes care to look for the lock symbol, he or she can be fooled by such a certificate.
A new standard hopes to address this situation with a new class of certificate. Some reports indicate that the final official name for these certificates will be "Extended Validation," but they are more widely known as "High Assurance" SSL certificates.
Read the full article in IIS Zone
A New Type of SSL Certificate Is on the Way
Web businesses face a crisis in confidence. Consumer trust in the security of sites is declining, and in increasing numbers they are scaling back online transactions - or opting out entirely. According to Forrester Research on December 8, 2005, an astonishing 24% of Internet users reported that they would not be shopping online that holiday season because they did not feel safe. A full 61% reported that they had at least reduced online purchases for the same reason. This phenomenon has been masked by the overall increase in online activities like shopping, banking, trading securities, and filing taxes. The fact remains, however, that these online businesses are less effective than they should be, and are leaving money on the table.
Starting early in 2007, Web sites will be able to definitively demonstrate their identity to customers—and customers will be able to confirm identity before trusting sites. This opportunity comes thanks to the greatest development in the Web's secure backbone in over ten years. 2007 will see the introduction of a new kind of SSL Certificate, the first since the technology's origin over a decade ago.
These new certificates will be called Extended Validation SSL Certificates, and they represent over a year's effort by an industry consortium called the CA/Browser Forum. Starting early in 2007 the CA/Browser Forum intends to make these new certificates available for the benefit of Web businesses and site visitors alike. These certificates can facilitate online commerce in all its forms by increasing visitor confidence in legitimate sites and greatly reducing the effectiveness of phishing attacks.
Read the Article
Can IE 7 kill off phishing?
Phishing could soon be a thing of the past and the credit may have to go to Microsoft. That's according to a leading web security expert who says functionality built into Internet Explore 7 could shutter fraudulent websites within 18 months.
Tim Callan, a director at VeriSign, said anti-phishing guards in IE 7 - which will warn users off malicious websites where they may be asked to submit personal information such as bank or credit cards details - will help restore badly damaged consumer confidence.
Callan said: "Consumer confidence is falling and the biggest reason for that is fear, pure and simple. People fear that something bad is going to happen to them."
And he said phishing is the major cause of concern.
Read What Callan says at Silicon.com, then tell us if IE7 will reassure you
Most Security Professionals fail to check for secure shopping
In our long running survey on user security awareness when shopping, which we opened in June 2006 and closed after four months, the results showed a sad lack, even in a security aware readership, of knowledge of basic aspects of online self protection.
The current results are astounding . They show a cavalier disregard for even the most basic security precautions when buying online. And this is by educated users!
See the results
Korean Government to Mandate SSL Certificates
Starting January 1, 2007, any businesses in Korea collecting personal information on-line or conducting e-commerce transactions will be mandated to run SSL certificates in the server side. While the client certificates mainly for personal Internet banking and on-line purchases by individuals have been widely and almost ubiquitously used as already mandated by the government, there have been very little adoptions of server certificates meaning this new legislation will be a major shift in the government policy in Korea to drive major adoptions of server certificates. With this legislation, the Korean Government expects on-line businesses in Korea to have 10K new certificates installed by the end of this year and additional 40K within Year 2007.
Read The Article. As we learn more this will be updated.
VeriSign Announces Plan to Further Enhance .com and .net Constellation with Regional Internet Resolution Site in Bulgaria
Distributed Infrastructure to Provide Even Greater Security and Stability for Growing Number of Bulgarian Internet Users
VeriSign announced on 4th July 2006 a plan to enhance its global constellation of geographically-dispersed Internet Resolution Sites by installing and operating a Regional Internet Resolution Site in Sofia, Bulgaria. The announcement is another important step in VeriSign's effort to expand critical Internet infrastructure in regions of emerging growth. Once fully implemented, the site will improve Internet performance for the over 2 million Internet users in Bulgaria.
UK Information Commissioner Enforces against B4usearch.com
Web business b4usearch.com has fallen foul of the wrath of Richard Thomas, the United Kingdom Information Commissioner over the processing of personal data on their website. The Information Commissioner's Office (ICO) has ordered the website b4usearch.com to stop using personal information from electoral registers published before 2002, after finding the site in breach of the Data Protection Act. B4U is a company based in Birmingham in the UK.
Mick Gorrill, Head of Regulatory Action at the ICO, said: “We take breaches of the Data Protection Act very seriously. As this case demonstrates, we will take action against organisations that don't process personal information in line with the requirements of the Act and cause significant concern to individuals. People have an important right under the Data Protection Act to know that their personal information is sufficiently protected.”
Read the article
Are you broadcasting personal data?
Hundreds of thousands of businesses, large and small, world-wide now use Wi-Fi to connect PCs to their network. Millions of homes have Wi-Fi to connect their PCs to the Internet and, of course, millions more use laptops, with Wi-Fi in public places the length and breadth of virtually every country. From where I'm sitting, writing this right now I have no less than nine wireless networks I could connect to.
So, what's the problem?
Wi-Fi uses an easily interceptible frequency to transmit/receive data to and from a PC - if it didn't it wouldn't work without huge antennae. So anyone could easily intercept whatever you send or receive to or from your PC. Secondly when you connect to a network via Wi-Fi you are then dependent on the security of that network to protect you from anyone trying to access your PC. In your office or at home the chance are you have a Firewall between your PC and the network (a Firewall is a device or software that only allows certain very limited types of data through and in theory prevents someone “hi-jacking” or loading viruses onto your PC or extracting data from it).
Read what the FBI say:
Where should security be applied to prevent Identity theft?
By Mike Davies of VeriSign
What a wonderful place the internet is, only today I registered for free at 10 online sites.
I now have a new email address, will be alerted about the latest holidays, electrical goods or jobs that interest me, am a registered user at a major political party's website, have a brochure from a healthcare provider being posted to me, gained access to a computing magazine's website as well as a national newspaper, and will be attending a talk on aromatherapy.
The information I provided to register varied by site but included name, email and physical address, mothers maiden name, salary, political persuasion, preferred holiday dates (when my house will be empty), gender, date of birth, employer's name, mobile telephone number and job title.
At no point during any of the registrations was the personal data I entered secured. This worries me and it should worry you too.
Click Here for the full article
Improving online consumer confidence through mutual authentication
When the first cars were produced it is a pretty safe bet that they weren't fitted with an alarm, immobiliser or tracking device. Such advances in car security were introduced in response to escalating car crime.
Almost daily online security threats emerge, threats which are eroding already fragile consumer confidence.
Without consumer confidence the cost effective and efficient online channel could well become marginalised.
But this is only one side of the story. The growing fraud losses that online service providers such as banks or merchants suffer could render their business model void.
Click Here for the full article
VeriSign's Sclavos: "enable and protect interaction"
A slogan of the multinational VeriSign is: "enable and protect interaction." To this end, the company focuses on security and authentication, but also on guaranteeing the stability of the Web domain system. According to its president, Stratton Sclavos, "It is unclear how governments are evolving on issues of identification." In an interview with Navegante, Sclavos explained his new universal identification system for the Web, called VIP. This comes at a time when Spain is betting on the Internet with its new electronic NID (National Identification Document).
Stratton Sclavos outlines VeriSign's approach to threats, solutions and the ICANN Domain names comntroversy in a major interview for Spain on 29th March 2006
Click Here for the full interview
New Denial of Service Attacks Worry Security Industry
There is a new kind of denial-of-service (DoS) attack hitting the Internet these days, and it has the internet security industry very worried.
The unusually powerful attacks strike at the basic structure of the Net, exploiting the computers that manage online traffic and using them to overwhelm Web sites. The effects are similar to more traditional DoS attacks, but the newer technique by hackers is far more potent because it launches using fewer hacked computers and the ensuing attack is easily amplified to be far more overwhelming.
Click Here for the full article
Where Has All the Trust Gone?
By Elizabeth Glagowski, Managing Editor
Reprinted with permission from 1to1 Media , a division of Carlson Marketing Worldwide. © Carlson Marketing Worldwide . All Rights Reserved.
It's one thing to say trust is important to customer relationships, it's another to have the numbers to back it up. A new report from Datamonitor pinpoints where companies have lost ground, and offers suggestions on how to win trust back.
According to the report, "Building and Profiting from Consumer Trust," 86 percent of the 3,200 U.S. and European consumers surveyed said that they have become more distrustful of corporations within the past five years. The report also shows that companies are aware of this drop, with 64 percent of industry leaders agreeing that consumer trust in brands has decreased in the past two years.
Click Here for the full article
What's the Deal With Seals?
By Don Peppers and Martha Rogers, Ph.D.
Reprinted with permission from 1to1 Media , a division of Carlson Marketing Worldwide. © Carlson Marketing Worldwide . All Rights Reserved.
In the nascent days of the Web, consumers jumped from destination to destination with little concern about privacy. Yet even before the media alerted the masses to the twin scourges of identity theft and information brokering, TRUSTe was on the case with its Web privacy seal. Nine years later the firm is working on the tenth iteration of its standards agreement.
One question remains, however: Do consumers truly pay attention to such seals? And if so, does the absence of a seal make consumers think twice about entering their personal data or ordering a product?
Click Here for the full article
VeriSign Announces Fraud Detection Service, Acquires Snapcentric
VeriSign, the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today (10 February 2006) announced the VeriSign Fraud Detection Service, a new solution that forms part of VeriSign's overall layered authentication solution targeted at preventing online identity theft. In support of this new service, VeriSign has also reached a definitive agreement to acquire Snapcentric, Inc , a provider of online fraud detection solutions using advanced anomaly detection technology. The newly acquired technology will be a key addition to VeriSign's suite of authentication solutions, providing an invisible layer of protection against online fraud.
Click Here for the full article
Inspiring Consumer Confidence: Know the scams
Shopping online offers immediate gratification for customers looking for ease and convenience - especially during the holidays. But just as e-commerce is growing year after year, your customers are also growing increasingly wary of Internet scams. By educating customers on the latest scams, and establishing your site as a trustworthy business, you can help inspire your potential customers to shop at your site with confidence.
Click Here for the full article
Password-stealing keyloggers skyrocket
Hackers are on target to release more than 6,000 keystroke loggers in 2005, a 65 per cent increase from the 3,753 keyloggers released last year, according to security intelligence organisation iDefense.
Click Here for the full article
Liberty Alliance to Speed Wide-Scale Adoption of Strong Authentication Solutions
The Liberty Alliance Project announced the formation of a global, cross-organizational expert group focused on developing open specifications for interoperable strong authentication. Liberty's new Strong Authentication Expert Group has been created to speed the worldwide deployment of interoperable strong authentication and to help organizations meet new industry-wide demands for universal strong authentication solutions.
Click Here for the full article
Protecting your personal information ranked as a top issue
Protecting personal information is now ranked as one of the top three most socially important issues, according to new research published by the Information Commissioner, Richard Thomas, on 16th November 2005.
Click Here for the full article
New study finds fear of identity theft holding back e-commerce
A rapidly growing fear of identity theft and other online fraud is eroding confidence in e-commerce, newly published research has warned, leading to fears that e-commerce growth may soon halt.
The survey, was undertaken in Germany , France , the United Kingdom and the United States by Momentum Research for RSA Security. It shows that, while consumers generally in each of these nations are spending more online, a significant minority is actively reducing its investment.
Click Here for the full article
