Security shortfall undermines DTI campaign

In the week that the Department of Trade and Industry launched a campaign to bolster online Christmas shopping, popular sites...

In the week that the Department of Trade and Industry launched a campaign to bolster online Christmas shopping, popular sites have been found to contain IT oversights that could compromise security.

Security firm ProCheckUp was commissioned by, the Computer Weekly Web site to examine 20 popular sites with its ProCheckNet system.

The software ran across the Internet using publicly accessible information on servers to check firewall set-ups, Web software configuration and the strength of encryption.

A number of sites, including music retailer HMV and gift retailer Past Times, were classed as "medium risk" and found to contain flaws that could present a risk.

Richard Brain, technical director at ProCheckUp, said, "It would seem that Web administrators are not showing due diligence. [Some are not] following the latest security guidelines from the manufacturers to ensure that their systems are up-to-date." He said that companies should minimise Internet risks by closing as many firewall ports as possible.

The ProCheckNet tool found potential issues with the number of firewall ports open at HMV.

Commenting on the security of the HMV site Stuart Rowe, e-commerce director at HMV Europe, said the company maintained its systems internally and runs internal audits, looking at loss potential.

"Our security is one of the fortes of the site." The UK site uses IBM's AS/400 hardware, a server that "nobody hacks," Rowe said.

ProCheckNet reported that the Past Times site was using 56-bit encryption. E-commerce sites generally use stronger, 128-bit encryption to give higher levels of security.

A spokeswoman for Past Times said, "We keep our Web site as fully up to date as we can with regard to security bug fixes, patches, updating when they are released and we have the highest level of security that we can [use]."

A Mori poll for the DTI showed that the Internet is still regarded with suspicion. About 47% of the 2,000 respondents were concerned about credit card fraud, with 32% reluctant to give out personal information.

Splash out for Christmas in the wake of a survey which revealed that nearly 50% of Internet users are still concerned about credit card fraud, actress Linda Robson is fronting a government campaign to boost confidence in e-commerce in the run-up to Christmas. The DTI campaign reminds consumers that credit card companies must refund them if their card is used fraudulently, and that consumer rights in the high street apply online. The campaign is backed by a number of industry bodies, including the British Retail Consortium, the Consumers Association and the Trading Standards Institute.

Further information:
Read's findings in full >>
Visit the DTI's Consumer Gateway >>

Read more on IT risk management