New technological developments, such as Internet and mobile usage and the connectivity they bring are shaping the way business is transacted today. Together they bring a sense of independence from time and location and convenience as never experienced before.
The accelerated use of the Internet and mobile has enabled a dramatic rise in online activity. The online industry in India is an $11 billion market, and is estimated to reach $20 billion by 2015, this is growing at a CAGR of 37% over 2013-15. The use and acceptance of mobile commerce for shopping, healthcare services and travel is greater than ever. It is being said that, in the next three years mobile commerce will constitute more than 25% of the total traffic in e-retailing.
This is amplified significantly in the country due to multiple factors such as enhanced 3G penetration and availability of affordable smartphones.
As Internet and mobile usage continues to rise, the threat of cyber crime also grows. Mobile malware is becoming very advanced and rapidly reaching parity with PC malware. Recent technological developments have enabled seamless integration between traditional desktops and mobile devices. Unfortunately, a majority of the users do not realise that most of the threats such as phishing attacks which they face online using traditional devices can also hound their mobile experiences.
Similar to PCs, the mobile devices can be hacked, compromised and enslaved to send spam messages and conduct other exploits. They can be exploited to extract information on where people have been, the pictures, call log details and much more. This is valuable and private data for people. Hackers operate such networks of compromised devices (PCs and smartphones); the “botnets” to attack other websites. A users device can get compromised when they visit a website which looks legitimate but is not and has a trap to infect and install a malware.
Therefore, unknowingly, the device may become a node in a botnet and the attacker gains access to and tries to control such inter-connected devices to launch spam and other forms of cyber attacks. Sophisticated cyber criminals may use botnets to launch coordinated attacks against unsuspecting web sites that are vulnerable to attack in order to steal credit card information. Credit card security is one of the most important components of online commerce security. The infamous TJX security breach disclosed in 2007 is a good example of online slots what can happen to companies that do not have the proper security measures in place.
Online fraud can hurt in multiple ways. Not only is revenue lost because the customers cannot get to your online store, but they may think twice before ever shopping there again if they know that your site is vulnerable to attack. When credit cards are stolen from ecommerce sites, it usually makes the news. When a theft reaches the headlines, both existing and potential customers tend to avoid using that website. The cyber criminals are hitting the smartphones and tablets with malware which is persistent . For instance, the malware may present itself as an Android system update and ask for permission to install in mobile devices. One way to safeguard against infection is to decline such prompts and go through smartphone settings to check for system updates.
And since the mobile devices are so ubiquitous now and a lot of these devices have access into the corporate networks, the risk is greater. Mobile devices may not be sophisticated in terms of security such as anti-viruses, patches, firmware updates and configuration settings. A compromised mobile device may provide ‘back doors’ for hackers through which they can gain access into the corporate network and create problem.
Secure online transaction is the need of the hour. Therefore, along with the investments in inventory, procurement functions, the industry should also focus on cyber security to safeguard the data and information of their customer. Adequate focus should be given to build and maintain a secure network.
For the company, it is also important to protect stored cardholder data and encrypt transmission of cardholder data across open, public networks as per popular standards such as PCI DSS. The sources of apprehension for online commerce can be minimised once the industry gives adequate focus to security issues. This is an important step so that the customer trust in online transactions is protected.
Anjali Kaushik
The writer is associate professor, information management, MDI Gurgaon
If you have an interesting article / experience / case study to share, please get in touch with us at editors@expresscomputeronline.com