As I'm sure you are all aware, today is Black Friday, the busiest shopping day of the year with deals in abundance.
With hackers trying all avenues of attack at such a busy time, what can retailers and shoppers do to protect personal information? Matthew Aldridge, Solutions Architect at cybersecurity firm Webroot offers five pieces of advice.
- Regular password changes
Amazon has hit the nail on the head with this initiative and retailers and consumers should be following suit by ensuring account passwords are changed around every three months. When doing this, it is important to ensure that resets are validated via the users’ email account and that they are encrypted and never stored as plain text. From a consumer point of view, advice can also be given about the importance of not using the same password for banking and other online accounts as if a hacker has access to it then direct access to bank accounts is far easier.
- PoS updates
PoS machines are at risk because of their location and in most cases, low level of physical security, which makes it easier for hackers to plant malware or even switch the machine all together. Obviously they need to stay in this location but regular virus checks should be run on the system to ensure they are not infected and, where possible, they should not be left unattended for long periods of time.
The uptake of Near Field Communication (NFC) has added another level of risk because of the lack of authentication when approving a payment. This makes it particularly important that PoS software is up-to-date and machines support CHIP cards as this will stop most forms of malware scraping card details.
- Two-factor authentication
Where possible, users’ accounts should require two forms of login – a traditional password and another form of authentication (the second factor), such as a passphrase, PIN, SMS or security token like most banks now use. Amazon has introduced this in the USA, resulting in users’ accounts being far more secure and we can expect UK retailers to follow suit.
- Avoid phishing campaigns
Phishing campaigns have been on the rise recently and are set to continue in 2016. Cybercriminals have found this technique to be very effective because of the trust most consumers place in big-name brands, so many fraudulent emails are trusted by the party receiving them. Banking is a commonly impersonated sector, along with big name brands such as Apple and Microsoft, so consumers should be made aware of this and of what to look out for to confirm that an email or website is legitimate.
- CVV numbers should be used for every transaction
Simply asking for users’ CVV numbers for online transactions will greatly reduce the risk of fraudulent cards being used. However, these details should never be stored. Instead, to add another level of security, the customer should be asked during every transaction.