PayThink

Static security isn't keeping up with e-commerce data

Register now

The recent 7-Eleven hack in Japan reflects another trend that has facilitated the growth in e-commerce attacks: The amount of data companies are now encouraging customers to provide creates risk.

The growth of store-specific credit cards, loyalty points and gift cards mean there are multiple avenues a threat actor can use to break into a network, and greater financial incentives for those willing to do so.

Hackers were able to make off with more than $500,000 from customers of 7-Eleven Japan convenience stores. The Japanese company had launched a cashless payment service just days before, which made the theft easy because it had an insecure password-reset process.
However, these kinds of incidents are not purely a result of e-commerce trends; they also stem from changes in how cybercrime operates. As ever, the influence of the dark web looms large. There are millions (or perhaps billions) of stolen credentials available for purchase. When combined with two decades of poor password hygiene and an ever-growing cybercriminal ecosystem, the economics for a threat actor are simple.

The monetary upside vastly outweighs the cost of credential acquisition, meaning a relatively small investment on the part of the cybercriminals can yield a significant profit.

The changes that e-commerce have ushered in are here to stay. So much of the global consumer economy now operates online that we wouldn’t be able to turn back the tide, even if we wanted to.

The unrivaled convenience and speed e-commerce affords us means we need to make it a safe space for business and consumers.

Given this reality, retailers and other e-commerce sites must shore up their web and mobile applications with more advanced security measures. Failure to do so will simply ensure that these tactics remain profitable, and therefore popular attack vectors that threat actors can utilize.

Online fraud has existed for almost as long as the internet itself has. Whether it is the "Nigerian Prince" scams of the 1990s or the phishing scams that still see 1.5 million new sites registered a month, fraud online is fluid, constantly in flux and highly adaptable to online trends.

E-commerce fraud is related to that trend. It is estimated that there will be 1.92 billion global digital buyers in 2019, jumping to 2.14 billion in 2021.

This trend means cybercriminals hoping to commit fraud online have had to adapt.

According to this year’s Verizon Data Breach report, the growth of e-commerce is driving more fraud to the digital world and away from physical locations.

The report found that there was an increase in retail web application breaches from 5% of all breaches in 2014 to 63% in 2018, and a decrease in attacks on point-of-sale systems over the same period (from 63% in 2014 to 6% in 2018). This means that cybercriminals have realigned their methods in line with industry trends, the same way any profit-seeking venture would do.

For reprint and licensing requests for this article, click here.