In Cyber Monday's wake, enthusiasm about mobile shopping – and warnings on POS security

Australians may not celebrate the Thanksgiving holiday like their American counterparts, but they have proved just as ready to drain their wallets – and, according to many security vendors' warnings, expose themselves to security risks through online and mobile shopping.

As the orgy of online shopping – bookended by the Black Friday and Cyber Monday sales that were unabashedly adopted by everything from gadget retailers to airlines – rolls to a close, key financial and security firms are conducting their post-mortems and finding mobility, in particular, was a defining trend this year.

The use of PayPal mobile payments increased by 39 percent this year compared with the Cyber Monday sales in 2013, that company said on the back of figures suggesting Black Friday online sales volumes had surged by 62 percent over the previous year.

Separately, ComScore fiures suggested that online retail sales were up 32% on Thanksgiving Day and 26% on Black Friday.

With the PayPal Australia Christmas Study suggesting that 21 percent of Australians were planning to use their smartphones during their Christmas shopping, PayPal Australia spokesperson Adrian Christie said online shopping during the pre-Christmas period was continuing to explode – including from the sale of Australian products to customers in other countries.

“We're seeing that more international consumers are recognising the great talent pool of online goods and services in Australia,” Christie said, noting that PayPal had been working with over 110,000 Australian businesses “to embrace cross border trade.... local retailers are reaping the benefits.”

Despite the surge in sales, however, the rising use of mobiles for sensitive financial transactions has other observers concerned about the heightened potential for fraud, as well as theft of personal information.

Yet despite their potential exploitation, shopping in person isn't necessarily safer: in the wake of major point-of-sale (POS) attacks hitting the likes of Target and Home Depot earlier this year, in-person sales now represent an equally problematic issue for holiday shoppers.

More than 100 million credit card numbers were stolen through POS attacks between 2013 and 2014, according to figures from Symantec, which recently published an analysis of the growing POS threat and found that prebuilt POS malware kits can be purchased online for as little as $US2000 ($A2360).

Given the growing threat – and the heightened appeal of financial targets to hackers – Symantec recommends that retailers undergo a range of measures to boost their POS security.

These include the installation of firewalls to facilitate network segmentation; changing default system passwords and other security parameters; encrypting transmission of cardholder data across open, public networks; encrypting stored primary account numbers and not storing sensitive authentication data; maintaining security policies and implementing regular training for all staff; implementing multi-layered protections; increasing network segmentation, reducing pathways, and maintaining strict auditing of connections between consumer data and other networks. Two-factor authentication is recommended for all system configuration changes, while system and integrity and monitoring software is recommended to leverage features such as system lockdown, application control, or whitelisting.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today

Tags Enex TestLabChristmassymantecpaypalComScoreblack fridayCyber MondayCSO AustraliaThanksgiving holidayPOS security

Show Comments