As major retailers across the country announce the recruitment of additional security staff to safeguard shoppers on Black Friday, it is also time for online businesses to ramp up their security in anticipation of escalated sales around 28th November including Cyber Monday on 30th November.
Last year an estimated £810 million was spent on Black Friday, a date when stores offer massive discounts to kick start a Christmas shopping frenzy. Originating in the United States the phenomenon has been gaining popularity in the UK since 2010 and many businesses are already predicting that Black Friday 2015 will be the busiest shopping day in UK history.
It is not just competitive fellow shoppers that present a danger, however. Those shopping online will also be in need of additional protection. In recent weeks there have been multiple warnings about large spam and phishing campaigns where goods that are paid for will never be delivered.
Mobile phones are now also particularly vulnerable as cyber criminals have shifted their focus. American statistics show that 1.3 per cent of all phone-based sales are fraudulent, which is twice the 0.8 per cent on PCs and nearly three times the 0.5 per cent on tablets. Companies wishing to make the mobile shopping experience as frictionless as possible are, it is claimed, putting fewer checks in place and criminals are exploiting this loophole.
Unfortunately, cyber security breaches tend not to be instantly visible, particularly where client side injected malware (CSIM) is concerned. CSIM presents a significant threat to sales, profit and brand reputation by injecting unwanted advertising and malware directly onto the consumer’s browser or device. Once installed the attackers can use it to lure customers to alternative sites, sometimes persuading them to give away personal data and payment information.
It is estimated that currently one in three devices in the UK is infected with CSIM. IOS (Apple) devices are particularly at risk, with infection numbers having risen from five percent to 20 per cent over the last year.
Responsible retailers should consider a number of precautionary tactics. In anticipation of higher transaction volumes they must be vigilant, and prepare for a potential attack. Testing and patching should therefore be a priority at this time of year, although of course it is an ongoing process made more effective by a scheduled programme of activity. Those following PCI DSS and ISO 27001 guidelines will be in the strongest position to defend their customers’ data.
In the event of a breach, however, an incident response plan will ameliorate some of the impact of criminal activity. Early action with the help of specialist support will help to mitigate damage. Effective safeguarding is best undertaken with expert input in a measured a prescribed manner but it is not too late to put in place some effective defences before the biggest day in retail spending arrives.