Tag: heartbleed

New security mandates could improve the e-commerce space

| April 10, 2015

PCI Security Standards Council releases new security mandates that e-commerce enterprises must follow

E-commerce enterprises could be penalized if they do not abandon their outdated security protocols. The PCI Security Standards Council has released mandates that businesses must follow, requiring retailers to move away from Secure Sockets Layer (SSL) and embrace Transport Layer Security (TLS) protocols. SSL is a standard security technology that establishes an encrypted connection between a server and those accessing it, but this technology is beginning to grow outdated, especially as cyber attacks become more sophisticated.

Digital attacks are becoming a major threat for the e-commerce world

The PCI Security Standards Council has introduced new security mandates as a response to recent, high-profile digital threats, such as Heartbleed and Shellshock. These threats have caused significant turmoil in the digital space, and e-commerce enterprises may be exposed to risks that have yet to be detected. The organization is now urging e-commerce companies to make changes to their web servers so that they are compatible with TLS protocols. These companies are also being tasked with abandoning SSL support.

Security standards may have an impact on the mobile commerce space as well

Security - e-commerce and mobile commerceThese new security mandates will also affect the mobile commerce space. The mobile space has become a valuable target for malicious groups that aim to exploit financial information. Commerce applications are still relatively new, and the companies responsible for these apps are not yet versed in the various risks that exist in the digital space. As such, many apps lack the security they need to find mainstream success and adoption. New security standards could help solve this problem, offering consumers peace of mind when they participate in mobile commerce.

Many companies are still not fully compliant with security standards from the PCI Security Standards Council

Notably, many companies still fail to comply with security mandates issued by the PCI Security Standards Council. According to a recent survey from Verizon, 28% of companies are not fully compliant with security standards nearly a year after they received validation for their security protocols. This could become problematic, as these companies may be unnecessarily exposing themselves to digital risks.

M-commerce isn’t as secure as 82 percent of the British would like

| August 12, 2014

A recent survey has shown that consumers from the U.K. don’t feel safe shopping or paying with their smartphones.

While the promise of m-commerce and mobile payments has been a large one, recent events in digital security have caused a considerable amount of harm to the confidence that consumers in the United Kingdom are feeling toward the safety of the technology.

The Heartbleed security flaw had a particularly damaging impact on consumer trust in mobile shopping.

Recent research from a firm called Intercede has revealed that following the Heartbleed online and mobile security issue, only 18 percent of consumers in the United Kingdom feel confident that their use of m-commerce and smartphone based payments are actually secure. The same survey showed that more than half – 53 percent – of shoppers in the U.K. say that they would never use mobile banking services, while many among them avoid using any form of financial services over their smartphones – including money transfer apps, shopping sites, and PayPal.

Twenty four percent of the surveyed consumers would not feel safe shopping over m-commerce.

UK mobile commerce - not as secureOver half are already avoiding using mobile apps for money transfer, and 75 percent of those who stated that they were worried about experiencing data loss in case they should ever have their smartphone stolen, said that identity theft was their largest concern.

According to the Intercede CEO, Richard Parris, “Nearly every week we read about another high-profile hacking story in the news.” He added that “From major attacks such as Heartbleed to eBay’s recent data breach, it’s not surprising that consumers just don’t trust mobile security. This is throttling the mobile economy. But with the mobile device boom set to continue, it’s clear that security needs a radical revamp.”

The survey results were quite interesting when looking at the responses given from the various age groups. While it was expected that those in the age bracket of 18 to 24 might be those that were most likely to be comfortable with m-commerce and payments, concerns over mobile security of financial and personal information spanned all of the age groups. As a whole, 54 percent expressed concern regarding the security of their smartphones. That said, it was the 13 to 24 years old age group that were the most distrustful when it came to smartphone based banking and financial services.