Online shopping security

Jan 07, 2015

Stephen Hancock

BBC Radio Cambridge

Stephen Hancock, information security expert at 7Safe's technical security practice is interviewed on BBC Radio Cambridge. Stephen discusses the potential security vulnerabilities when consumers shop online.

Stephen is asked whether online shoppers should be worried about hacking. Stephen explains: "Most online merchants do take payment security very seriously. Any company that takes credit card payments has to meet rigorous data security standards, which are mandated by the big credit card brands such as Visa and MasterCard. This is called the Payment Card Industry Data Security Standard."

Stephen goes on to explain: “At the point you are asked to input card data, many shops will pass customers on to a page provided by the payments service provider. These are often owned by credit card companies and banks themselves, so this provides more confidence in security and is often used by smaller companies.

Stephen is then asked what shoppers can do to protect themelves: “There are some practical steps we can take. The first thing to do is, whenever you are putting card details into a webpage, ensure that the address at the top of the page starts with HTTPS. There should also be an image with a padlock or the web address bar itself will go green. These are all suggestions that this is a genuine and secure site to put your data into. One thing to never do is to click through to payments sites from an email you have received, as you can’t be sure the website is genuine as the email could be a scam.

Finally, Stephen is asked if the battle with hackers will ever be won: “I think the battle will continue. While we do hear about breaches from time to time, it is interesting to note that some of the biggest breaches of credit card data haven’t come through online services but have come through card data taken at tills in shops. This data is also going into computer systems. Although many merchants don’t store this card data, if they do it is a requirement that it is encrypted.”

To find out more about our thinking and insights on cyber security, contact us.