Consumers ignore security when snapping up online bargains
Both consumers and retailers are demonstrating a lack of awareness when it comes to the online security of their financial information, a new study has found.
The potential to snare a bargain means consumers frequently fail to check the security of the website they are considering purchasing from, according to a study from WhiteHat Security. More than a quarter of UK and US consumers would complete a heavily discounted purchase before checking if the website is secure, the survey found.
US consumers displayed riskier behaviour than their UK counterparts, with more than one in three US respondents conceding that they would not check the site’s security before buying.
The survey found that a further third of UK and US respondents did not know how to identify whether or not a website is secure. WhiteHat called this “worrying” in light of the declared intention from many consumers to use credit or debit cards over the Black Friday weekend.
But the security firm found that retailers also exhibit several risky behaviours, with security vulnerabilities on their sites that could be considered serious in comparison to the online risks faced by other industries.
WhiteHat said the most commonly occurring “critical vulnerability classes” facing the retail industry were insufficient transport layer protection, cross-site scripting, information leakage, brute force attacks and cross-site request forgery.
Sites had a 64 per cent likelihood to be affected by insufficient transport layer protection, which leaves payment details and personal information exposed to attackers when there are not sufficient measures to authenticate, encrypt and protect network traffic.
57 per cent of sites were also found to be potentially vulnerable to cross-site scripting, where attackers can use a vulnerable website to deliver malicious instructions to a victim’s browser, while 54 per cent were likely to leak sensitive information surrounding the target web application, hosting network and users.
38 per cent of sites were also likely to be vulnerable to brute force attacks and 29 per cent to cross-site request forgery.
“This research suggests that when it comes to website security awareness, not only is there still some way to go on the part of the consumer, but the retailers themselves could benefit from re-assessing their security measures – particularly when considering the volume and nature of customer information that will pass through their websites this Cyber Monday,” said WhiteHat’s founder Jeremiah Grossman.
Grossman advised consumers to look out for websites that ask them to complete transactions or disclose personal information via HTTP links rather than encrypted HTTPS web pages, use ad-blockers in conjunction with up-to-date browsers or trusted apps, remain wary of public WiFi, use secure passwords and visit websites directly rather than through email links.