Data Security

For every $100 in fraudulent transactions, retailers incurred a “true” cost of $230, according to a new study released by LexisNexis Risk Solutions. According to the study, retail merchants and financial institutions reported an overall decline in fraud rates and transactions while total retail sales rose.

More details have emerged of an e-commerce software flaw linked to the theft of credit card information from numerous websites. A security flaw in osCommerce, an open source e-commerce package, created a means for criminals to compromise 90,000 web pages with redirection scripts that ultimately directed surfers towards a site serving up an exploit toolkit designed to compromise visitors' PCs.

Nearly 70 percent of e-commerce merchants said they've tightened credit card data security in order to protect their brand, not to avoid fines for non-compliance with the Payment Card Industry Data Security Standard, according to a survey by Visa’s CyberSource unit and Trustwave.

Findings from a new survey of e-commerce merchants released by CyberSource show that nearly 70 percent of respondents cited the need to "protect the brand" as the primary driver for tightening controls against hackers and other payment security risks.

As larger retailers adopt state-of-the-art fraud prevention and identification solutions as part of their payments infrastructure, smaller local chains and independent outlets are being left exposed as the soft underbelly of a very lucrative target.

Criminals who infect websites are making the internet much riskier for small business owners. Since early June, one gang has been using a uniquely insidious type of automated attack to inject malicious code on some 20,000 to 30,000 sites, many of them small businesses that rely on the internet to reach customers, says Wayne Huang, chief technical officer at website security firm Armorize.

While bad news around the economy continues to pile up — a plunging stock market, troublesome unemployment, a soft housing market, national debt that's out of control — the e-commerce industry seems unaffected. E-commerce sales are steadily rising and for many cross-channel retailers the channel is a bright spot in an otherwise dark place. This mood was certainly reflected at IRCE, where people were upbeat with where they were at and optimistic about their future.

After announcing PIN pads in some of its U.S. stores showed signs of tampering last month, Michaels was hit with lawsuits seeking class-action status. Three customers from Northern Illinois filed suits against the arts and crafts retailer claiming the company failed to take reasonable measures to protect its customers.

I often check the clickthough rates of our daily e-newsletter of aggregated and orignal content, ROI Report, to gauge what our audience of cross-channel retailers are interested in and concerned about. Lately, the clickthrough rates for articles about hackers and scammers targeting retailers and shoppers are through the roof

Michaels has removed the PIN pad tampering threat from its U.S. stores and believes it's identified the time frame that customer information was exposed. Based on the latest information available, exposed PIN pad transactions occurred from Feb. 8 through May 6, the date Michaels disabled the tampered devices.