Interview • 01.03.2013

Online Shops: Secure Shopping Satisfies Customers

Interview with Sebastian Spooren, Project Leader at it-sicherheit.de

Sebastian Spooren: Certifications such as Trusted Shops or the TÜV quality...
Sebastian Spooren: 'Certifications such as Trusted Shops or the TÜV quality seal are the right way to achieve standardized and appropriate security for online shops.'

Whether it’s food, books or electrical appliances – online shops offer a very large assortment of products. At this point, Internet users in Germany are making 25 percent of purchases online. But is online shopping always secure? Online businesses and users should observe several rules when it comes to security.

Sebastian Spooren, Project Leader at it-sicherheit.de, reveals some useful tips at iXtenso about data protection and conveying trustworthiness of online shops to online customers.

Mr. Spooren, to ensure the protection of customer and company information, online businesses have to observe several safety regulations. Which of these are most important?


What is important is that sensitive customer data such as login data or account information is safely stored and adequately protected from third-party access. To prevent this, the online shop has to be regularly audited by independent IT safety experts during security audits. During these audits so-called Web penetration and intrusion detection tests are performed, which check the Web application for weak spots and bottlenecks. This may sometimes uncover several weak spots, starting with SQL injections all the way to critical weak spots in the applied services of the Web application due to outdated versions. Due to insufficient security measures, time and again customer and user information, respectively, are unintentionally made public. To limit the damage potential for the affected party, online businesses should never save user passwords in clear text, but should use so-called hash functions in conjunction with a private key (salted passwords) instead.

In addition, you need to make sure that sensitive data such as order details and payment information are exchanged securely and therefore encrypted between customer and shop owner. Otherwise, outside parties could read sensitive data. Online shoppers should therefore always make sure that sensitive information is exchanged with SSL. The online shopper is able to detect this by the “https” instead of the “http” in the Web browser’s address bar. These days, most online businesses use “https“ for secure communication, but unfortunately encryption is switched on too late in many businesses. The “https” has to be in the browser’s address bar already when you enter sensitive information such as login or registration form for example.

What criteria can convince customers about purchase security?

A customer is not able to discern whether an online shop has put adequate safety measures in place. The layperson can only look after a few security features. Outwardly visible characteristics such as the exchange of sensitive data via “https“ are easy to spot and should be met in any case. There are other options for the experienced user to examine the security of an online shop more closely by calling up the current version of the used Web service, if possible. However, whether the business has internally made adequate provisions to protect account information from third-party access for example is not clear to the user. Many online shops use seals of approval in this case to suggest enough security attention to the user. Generally, the user is not able to assess the authenticity and quality of such seals. To get a better idea of the online store, he/she should refer to experiences and reviews by other users.

What role do certifications by inspection agencies such as Trusted Shops or TÜV (Technical Inspection Authority) play?

Certifications such as Trusted Shops or the TÜV quality seal are the right way to achieve standardized and appropriate security for online shops. There is no such thing as 100% security, and the issuers of such seals can also not attest it. Oftentimes only spot checks are made before the seal of approval is being issued. Proper security is therefore not always guaranteed. In addition, one should keep in mind that the certification authority deemed the shop secure at the time of the inspection. Yet online shops usually continue to work on improvements, input updates and in doing so also possibly and unknowingly weaken the security level of the store as is shown by the example of online bookstore Libri.de. Despite the TÜV seal, after a later software update, approximately 500,000 online customer invoices could be viewed.

Online shops are often at risk from external hacker attacks. How can you protect yourself?

Aside from regular penetration tests where impartial IT security experts rate the security, regular security updates are important. The Institute for Internet Security has developed the free “securityNews“ app for this purpose, which automatically suggests security updates. Above all, the development team as well as the service staff of the online shop should be regularly sensitized on the subject of IT security. This can be implemented with presentations, pamphlets or graphic live hackings. In the latter case, company employees are shown how hackers proceed and how you can protect yourself against it. Find more information on the subject of live hacking at www.internet-sicherheit.de.

Interview conducted by Michalina Chrzanowska; iXtenso.com
First publication on EuroCIS.com

related articles:

popular articles:

Thumbnail-Photo: New German vending partner for ITL
30.11.2023   #Tech in Retail #cash management

New German vending partner for ITL

Innovative Technology (ITL) have recently announced Bernd Boddart as their latest trading partner

Bernd Boddart will be supplying their cash validation and biometric age verification solutions to the German vending market. Bernd Boddart, based in Mönchengladbach, Germany, have 30 years of experience in the field of coffee machines, table ...

Thumbnail-Photo: EuroCIS 2024 - technology special
11.12.2023   #online trading #e-commerce

EuroCIS 2024 - technology special

The latest technology solutions and trends for you and the retail sector

At EuroCIS 2022 from February 27 to 29, 2024, the Leading Trade Fair for Retail Technology, we will be looking at all the important and current topics relating to technology in retail: AI and Machine Learning, Payment, Connected Retail, Seamless Store and Smart Energy Management and many more.

Thumbnail-Photo: Toshiba Launches New ELERA™ Security Suite to Address the Industry’s...
22.09.2023   #cashpoints #customer experience

Toshiba Launches New ELERA™ Security Suite to Address the Industry’s Challenges Around Shrink

Toshiba’s A.I.-powered solution empowers retailers across the globe to better manage loss prevention and protect profits

Security Suite from Toshiba Global Commerce Solutions empowers retailers to minimize shrink...

Thumbnail-Photo: Nedap teams with Foot Locker to extend RFID project...
05.10.2023   #omnichannel #software applications

Nedap teams with Foot Locker to extend RFID project

Foot Locker successfully matches supply and demand in newly opened stores in Eastern Europe using RFID technology

Nedap the global leader in RFID solutions, announces that multi-brand sports fashion and apparel retailer Foot Locker has successfully extended Nedap iD Cloud to its new, Eastern European stores. The objective is to offer the best possible ...

Thumbnail-Photo: The global state of autonomous stores
18.12.2023   #Tech in Retail #self-checkout systems

The global state of autonomous stores

The stores are located in various retail segments such as food retail, fashion, electronics, convenience stores and fast food.

In a highly competitive global retail landscape, autonomous stores are an emerging force that addresses changing consumer behaviors, reduces operational costs, improves profitability, and powers revenue growth strategies. Advancements in autonomous ...

Thumbnail-Photo: Out of Stock in Retail and innovative solutions to avoid them...
07.11.2023   #brick and mortar retail #customer satisfaction

Out of Stock in Retail and innovative solutions to avoid them

Due to various events, the availability of goods in retail will be increasingly restricted from 2022, with the result that customers cannot find in food retail the products they wish to buy, because those products are sold out, are temporarily ...

Thumbnail-Photo: MPREIS Transforms Operations with Zebra Workcloud Task Management™...
06.11.2023   #customer experience #software developement

MPREIS Transforms Operations with Zebra Workcloud Task Management™ Software Solution

Austrian food retailer to streamline communication in around 300 stores to improve staff engagement, inventory optimisation, and customer satisfaction

MPREIS has around 300 Austrian stores in regions across Tyrol...

Thumbnail-Photo: Unified Commerce Platform in focus
24.10.2023   #omnichannel #software developement

Unified Commerce Platform in focus

Handover at REMIRA: Dirk Bingler supersedes Stephan Unser as CEO

REMIRA is setting the course for future development of the company: On November 1, Dirk Bingler (48) will become the new CEO of the supply chain and omnichannel software expert headquartered in Dortmund. The previous CEO Stephan Unser (62) moves to ...

Thumbnail-Photo: EuroCIS 2024: Go beyond today!
16.10.2023   #retail #Tech in Retail

EuroCIS 2024: Go beyond today!

27 to 29 February 2024 will see the Who’s Who of Europe’s retail technology sector meet in Düsseldorf

Go beyond today! EuroCIS at the end of February will once again show solutions and products for the retail of the future @Messe DüsseldorfIn late February, numerous companies will again exhibit solutions and products for retailers to shape and ...

Supplier

Zebra Technologies Germany GmbH
Zebra Technologies Germany GmbH
Ernst-Dietrich-Platz 2
40882 Ratingen
Innovative Technology Ltd.
Innovative Technology Ltd.
Innovative Business Park
OL1 4EQ Oldham
Captana GmbH
Captana GmbH
Bundesstraße 16
77955 Ettenheim
REMIRA Group GmbH
REMIRA Group GmbH
Phoenixplatz 2
44263 Dortmund