UK consumers are expected to spend £3.3bn on the internet
over the Christmas period, but security glitches on the websites of
Argos and B&Q last week highlighted the potential risks faced
by online retailers if they do not address basic security
issues.
Argos and B&Q have admitted that users of their websites could
access parts of other customers' accounts by guessing the login
name and answering a simple security question.
Neither site exposed customers' credit card details but Phil
Walker, general manager for direct selling at B&Q, said the
site's design made it too easy for someone to guess the answers to
password reminder questions.
"People could keep going with the reminder question until they got
it right," he said.
"It did not affect more than one or two people, but we have taken
the password hint service off the site." Password reminders will be
now be sent via e-mail, he added.
Argos, which said no credit card information is contained on its
site, also removed the potential vulnerability last week.
James Roper, chief executive of the Interactive Media in Retail
Group, the industry body for internet retailers, urged his members
to boost their security precautions.
"Issues such as distributed denial-of-service attacks, website
stability and viruses are serious," he said.
He urged retailers to "throw resources at security and be very
vigilant".
The Interactive Media in Retail Group has estimated that UK online
sales for November and December will reach £3.3bn.
It has set up a real-time security database to allow online
retailers to share information about security problems, including
potential fraudsters.
"There are already several hundred thousand addresses of fraudsters
on the security database," said Roper.
www.imrg.org/security-alert