By Tobias Manolo
Over the past 18 months, we’ve heard the news of many a retailer suffering data loss at the hands of hackers. In 2013, the hacker’s activities meant that over 130 million customer accounts were compromised because online security systems had failed – not happy reading for many! And it isn’t just the big retailers, like Neiman Marcus and Target, that suffered; smaller retailers have also been hit – LivingSocial, Adobe and Snapchat to name but three – and these are just the retailers that actually made the papers!
But don’t worry, all is not lost! But if you want your online security to be effective, then you can’t rely on just the faithful old password because once a hacker has this, the information held on your system is no longer safe! Andreas Baumhof, CTO at TheatMatrix, said: “Once an attacker apprehends a username and password, the possibilities for fraud are endless, especially if the same information is held across multiple accounts – such as retail, social media, and online banking accounts.”
Network security companies recommend two-layer authentication processes to improve security and reduce the threat from hackers – consumers are quite happy with it and have got used to using it via social media sites, such as LinkedIn and Twitter, but retail companies are far more hesitant as they want to keep the process of purchasing and perusing online as simple as possible for the user. So, how do you find a balance and yet still improve user protection? Baumhoff highlights three steps businesses can implement to protect the theft of passwords:
1. Share intelligence networks accurately so that up-to-date information is always available as to whether an online user is a threat attack or a customer. Shared networks are able to analyse and assess login history, payments, attempts at remote access and registration of new accounts.
2. Integrate payment and login screening via a single view so that risk levels can be determined. Automated systems aren’t common on most websites and integrating these processes can aid building risk profiles.
3. Implement ‘content-based authentication’, i.e. ‘tag’ a device that has allowed users to successfully authenticate their details previously using a two-factor authentication process. This will mean that when the user logs on using that device, a simpler and easier authentication process can be used.
Something’s has got to turn the tide against the hackers as we don’t want repeats of last year’s retail theft fiascos, and these steps may well be the way forward.