Canadian retailers’ concerns around security threats and online transaction fraud are rising, yet few have taken concrete steps towards alleviating those fears, according to a new study released Thursday.
Ipsos-Reid surveyed 500 retail executives in November 2004 and found one of their biggest concerns was loss and misuse of customer credit card information. Seventy five per cent saw this as a significant security threat to their businesses and customers.
“A lot of retailers and some other data storage companies in the U.S. have kept this data on servers that haven’t been protected and they’ve lost that data,” said Anthony Santilli vice-president of marketing for Soltrus Inc., a Toronto-based IT security and digital trust services firm. He cited external hacking and internal theft as two of the main reasons why this data disappears.
While concern about online commerce security breaches is growing, many tools deployed by retailers to prevent such incidents are “basic,” according to a Soltrus release on the survey.
Eighty seven per cent of respondents identified user names and passwords as their leading form of online security; firewalls and VPN solutions were employed by 64 per cent of the respondents; and 51 per cent reported using PIN numbers and static and/or dynamic passwords.
More advanced methods of defence were not deployed nearly as often. The survey found that only 20 per cent of responding merchants used disk and file encryption software; just 18 per cent used identity management software; and only 14 per cent had deployed managed public key infrastructure (MPKI) and digital certificate authority systems.
“What the business has to do…is make sure they take the proper steps to secure the data on their site,” said Santilli. “Where is that data being secured? Because the transaction can be secured but if [retailers] aren’t safely or securely storing that information on their servers, there is an alternate weak point.”
Ipsos-Reid surveyed various sizes of retailers across the country, but Santilli said that some of the biggest security problems are seen in the smaller shops.
“When we look at medium to small retailers, we’re looking at a couple of constraints: budget constraints, the understanding about security, perhaps they don’t have the staff to do the appropriate due diligence on their e-commerce infrastructure,” he said. “That is a segment of the market that lags behind large enterprises and might be vulnerable to attack, to fraud and to leaks of information if they don’t plan appropriately for their security.”