Ecommerce sites leaving customer data exposed

Online commerce sites are failing to encrypt financial transaction data despite an increase in security threats, a government report has revealed.

According to the Department of Trade and Industry's (DTI) biennial Information Security Breaches Survey less than 66 per cent of web sites are encrypting customer data that they receive.

Smaller ecommerce firms are the worst culprits in terms of lax security, with less than a third of sites encrypting payment card and other financial information entered by customers when making a purchase.

Larger websites took a more responsible approach with 78 per cent protecting the data that they received, according to the survey carried out by a consortium led by PricewaterhouseCoopers (PWC).

'Clearly it is important that companies review the controls they have in place and ensure sensitive information is protected and encrypted,' said Andrew Beard director at PWC. 'Somewhat worryingly, the number of attacks on web sites is rising and half of the attacks reported by respondents were described as serious.'

However, the survey of 1,000 UK businesses did reveal that IT departments are reviewing their security policies due to a growing concern among internet shoppers about identity fraud.

Ed Gibson, UK chief security advisor at Microsoft warned that firms needed to do more to protect their business from internet criminals.

'Ecommerce provides infinite opportunities for UK businesses, but also provides opportunities to criminals targeting business networks for financial gain,' said Gibson.
What do you think? Email us at: mailto:feedback@computing.co.uk