NAED Technology Informer

On November 2, 2010, the Center for Internet Security (CIS) announced an update for its CIS Metrics, the first metrics for the information security industry. The update will add eight new metrics for a total of 28 definitions. New definitions include Incident Impact and Configuration Compliance. The metrics are intended to aid security professionals in justifying their investment decisions, by clearly showing what will work and what won’t. More than 150 experts from the corporate, government, and academic worlds contributed to the new system.However, even with new technology, you might not be as protected as you think. TechNewsWorld identified four e-commerce issues that still plague many online companies, despite advances in technology and security. That’s not to say these problems don’t have solutionsrather, that many people are unaware that they exist. With e-commerce continuing to grow worldwide (5.5 in 2009), it’s imperative that companies are aware of these dangers so that they and their customers can be protected.The first security issue is “Detecting Fraud Beyond the Authorization,” meaning that credit card authorization is far from a company’s only tool for noticing illegal use of accounts. Purchase habits and shopping patterns should also enter into the equation so companies can put the kibosh on criminals before the transaction goes through. This can be done by automated transactional risk scoring, which assigns a fraud risk for each transaction. The higher the risk, the more reason there is for a company to be suspicious of the transaction.The second issue is the hidden costs associated with fraud. Publicized fraudulent transactions can and will decrease users’ trust in a company, also altering their shopping patterns, especially for the victims themselves. LexisNexis, the database service and electronic research unit founded in 1977, reported that one in four fraud victims spent less money after the fact, approximately one in three switched payment methods, and 36 avoided the original merchant (along with others). Companies should be aware of their chargeback practices, as excessive chargebacks are an indicator of fraud.The third issue named is PCI Compliance. PCI refers to the Payment Card Industry Data Security Standard (PCI-DSS). Companies unfamiliar with the PCI standards should consider using third-party solutions to monitor relevant data. Many new services will even improve security to beyond compliance standards, such as in end-to-end encryption (E2EE). This technology encrypts clear data at the source and informs it of its destination. The encrypted data can then travel safely through unsecured public networks to the destination. IDEA is one of the suggested algorithms for implementing E2EE.Finally, consumers should be aware of the need for “evolving prevention strategies.” As mentioned above, new technology by itself will not solve all of your e-commerce problems, but it can certainly help. The cost of preventing fraud is always less than the cost of detecting and removing it.