Online retailers warned of fraud increase during Christmas period

UK consumers are expected to spend £3.3bn on the internet over the Christmas period, but security glitches on the websites of...

UK consumers are expected to spend £3.3bn on the internet over the Christmas period, but security glitches on the websites of Argos and B&Q last week highlighted the potential risks faced by online retailers if they do not address basic security issues.

Argos and B&Q have admitted that users of their websites could access parts of other customers' accounts by guessing the login name and answering a simple security question.

Neither site exposed customers' credit card details but Phil Walker, general manager for direct selling at B&Q, said the site's design made it too easy for someone to guess the answers to password reminder questions.

"People could keep going with the reminder question until they got it right," he said.

"It did not affect more than one or two people, but we have taken the password hint service off the site." Password reminders will be now be sent via e-mail, he added.

Argos, which said no credit card information is contained on its site, also removed the potential vulnerability last week.

James Roper, chief executive of the Interactive Media in Retail Group, the industry body for internet retailers, urged his members to boost their security precautions.

"Issues such as distributed denial-of-service attacks, website stability and viruses are serious," he said.

He urged retailers to "throw resources at security and be very vigilant".

The Interactive Media in Retail Group has estimated that UK online sales for November and December will reach £3.3bn.

It has set up a real-time security database to allow online retailers to share information about security problems, including potential fraudsters.

"There are already several hundred thousand addresses of fraudsters on the security database," said Roper.

www.imrg.org/security-alert

Read more on E-commerce technology

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close