Data Security

Edgy, boundary-pushing boutique Opening Ceremony announced in a letter that "a hacker placed malicious software on our website." The letter — dated May 4 and signed by Carol Lim, CEO and co-founder of the company — says that the incident in question presumably took place on Feb. 16. While the company took security precautions and removed the questionable software after the breach was discovered on March 21, it was more than enough time for the criminals to extract customers' private information.

This year saw record-breaking security breaches against e-commerce sites. Regardless of size and IT security budget, no company is 100 percent immune from risk. Yet the reality is that many of the breaches were preventable. With the busiest online shopping period of the year in full swing, have you made sure your customers’ credit card data and personally identifiable information is as secure as it could be?

Two malls planning to test new technology designed to track shoppers' movements via cell phone signals have nixed those plans after a U.S. senator raised concerns about privacy, according to The Consumerist.

“Your friends at Etsy” sent out an email Oct. 13 alerting Etsy community members to some notable changes in its privacy policy. According to the company’s blog post, the real name change, which applies to both buyers and sellers, is supposed to clarify the difference between a person and a shop.

For every $100 in fraudulent transactions, retailers incurred a “true” cost of $230, according to a new study released by LexisNexis Risk Solutions. According to the study, retail merchants and financial institutions reported an overall decline in fraud rates and transactions while total retail sales rose.

More details have emerged of an e-commerce software flaw linked to the theft of credit card information from numerous websites. A security flaw in osCommerce, an open source e-commerce package, created a means for criminals to compromise 90,000 web pages with redirection scripts that ultimately directed surfers towards a site serving up an exploit toolkit designed to compromise visitors' PCs.

Nearly 70 percent of e-commerce merchants said they've tightened credit card data security in order to protect their brand, not to avoid fines for non-compliance with the Payment Card Industry Data Security Standard, according to a survey by Visa’s CyberSource unit and Trustwave.

Findings from a new survey of e-commerce merchants released by CyberSource show that nearly 70 percent of respondents cited the need to "protect the brand" as the primary driver for tightening controls against hackers and other payment security risks.

As larger retailers adopt state-of-the-art fraud prevention and identification solutions as part of their payments infrastructure, smaller local chains and independent outlets are being left exposed as the soft underbelly of a very lucrative target.

Criminals who infect websites are making the internet much riskier for small business owners. Since early June, one gang has been using a uniquely insidious type of automated attack to inject malicious code on some 20,000 to 30,000 sites, many of them small businesses that rely on the internet to reach customers, says Wayne Huang, chief technical officer at website security firm Armorize.