This week, UK shoppers are expected to spend a record £1.145 billion online, the biggest e-sales week this country has ever seen.
According to the Interactive Media in Retail Group, internet sales this week were set to exceed £180 million in a single day, an all time high and 40% higher than last year’s peak of about £131m, on 12 December 2005.
Christmas is the most significant event in the UK’s retail calendar with some shops making up to 60% of their annual turnover at this time. This applies to e-retailers too, as Verdict, the UK’s leading authority on retailing, has announced that 4.5% of the total spent on Christmas in December alone, will be done online. IMRG predicts that December online sales will top the £3.55bn mark.
But, as online shopping hits an all time high, IT security experts are reminding e-retailers to keep their customers’ financial data secure, despite the pressure to increase sales.
In the US, a database hacker broke into CreditCardSystems, a credit card handling firm supporting online activity, and stole 40 million customer records. And more recently, Glasgow police estimated that 10% of call centres in the area had been infiltrated by criminal gangs, intent on stealing sensitive customer data.
Secerno, a database assurance technology vendor, said the key to avoiding bust after the boom is securing not just the website perimeter, but applying the same vigilance to internal systems, in order to maintain consumer confidence and assure as big a boom week for pre-Christmas sales next year.
Paul Davie, Secerno chief executive told CIO UK: “When the throughput on the business side is at its highest, it’s natural for the IT manager to concentrate on logistics like availability and speed. But they must not neglect security.
“It takes a high degree of vigilance to spot a hacking attempt, particularly those targeting the database with SQL injection attacks, for instance. And that doesn’t protect you from internal fraud. ‘Whitelists’ for fraudulent online sales are also very difficult to maintain.”
Davie advocated adding database monitoring tools to the online security arsenal to monitor, identify and stop any unusual traffic coming into or out of the database, whether internal or external.