In Cyber Monday's wake, enthusiasm about mobile shopping – and warnings on POS security

Australians may not celebrate the Thanksgiving holiday like their American counterparts, but they have proved just as ready to drain their wallets – and, according to many security vendors' warnings, expose themselves to security risks through online and mobile shopping.

As the orgy of online shopping – bookended by the Black Friday and Cyber Monday sales that were unabashedly adopted by everything from gadget retailers to airlines – rolls to a close, key financial and security firms are conducting their post-mortems and finding mobility, in particular, was a defining trend this year.

The use of PayPal mobile payments increased by 39 percent this year compared with the Cyber Monday sales in 2013, that company said on the back of figures suggesting Black Friday online sales volumes had surged by 62 percent over the previous year.

Separately, ComScore fiures suggested that online retail sales were up 32% on Thanksgiving Day and 26% on Black Friday.

With the PayPal Australia Christmas Study suggesting that 21 percent of Australians were planning to use their smartphones during their Christmas shopping, PayPal Australia spokesperson Adrian Christie said online shopping during the pre-Christmas period was continuing to explode – including from the sale of Australian products to customers in other countries.

“We're seeing that more international consumers are recognising the great talent pool of online goods and services in Australia,” Christie said, noting that PayPal had been working with over 110,000 Australian businesses “to embrace cross border trade.... local retailers are reaping the benefits.”

Despite the surge in sales, however, the rising use of mobiles for sensitive financial transactions has other observers concerned about the heightened potential for fraud, as well as theft of personal information.

Yet despite their potential exploitation, shopping in person isn't necessarily safer: in the wake of major point-of-sale (POS) attacks hitting the likes of Target and Home Depot earlier this year, in-person sales now represent an equally problematic issue for holiday shoppers.

More than 100 million credit card numbers were stolen through POS attacks between 2013 and 2014, according to figures from Symantec, which recently published an analysis of the growing POS threat and found that prebuilt POS malware kits can be purchased online for as little as $US2000 ($A2360).

Given the growing threat – and the heightened appeal of financial targets to hackers – Symantec recommends that retailers undergo a range of measures to boost their POS security.

These include the installation of firewalls to facilitate network segmentation; changing default system passwords and other security parameters; encrypting transmission of cardholder data across open, public networks; encrypting stored primary account numbers and not storing sensitive authentication data; maintaining security policies and implementing regular training for all staff; implementing multi-layered protections; increasing network segmentation, reducing pathways, and maintaining strict auditing of connections between consumer data and other networks. Two-factor authentication is recommended for all system configuration changes, while system and integrity and monitoring software is recommended to leverage features such as system lockdown, application control, or whitelisting.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersblack fridaypaypalCSO AustraliaChristmasPOS securityComScoreEnex TestLabCyber MondaysymantecThanksgiving holidaymobility

More about CSOEnex TestLabHome DepotmobilesPayPalSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts