Interview • 01.03.2013

Online Shops: Secure Shopping Satisfies Customers

Interview with Sebastian Spooren, Project Leader at it-sicherheit.de

Sebastian Spooren: Certifications such as Trusted Shops or the TÜV quality...
Sebastian Spooren: 'Certifications such as Trusted Shops or the TÜV quality seal are the right way to achieve standardized and appropriate security for online shops.'

Whether it’s food, books or electrical appliances – online shops offer a very large assortment of products. At this point, Internet users in Germany are making 25 percent of purchases online. But is online shopping always secure? Online businesses and users should observe several rules when it comes to security.

Sebastian Spooren, Project Leader at it-sicherheit.de, reveals some useful tips at iXtenso about data protection and conveying trustworthiness of online shops to online customers.

Mr. Spooren, to ensure the protection of customer and company information, online businesses have to observe several safety regulations. Which of these are most important?


What is important is that sensitive customer data such as login data or account information is safely stored and adequately protected from third-party access. To prevent this, the online shop has to be regularly audited by independent IT safety experts during security audits. During these audits so-called Web penetration and intrusion detection tests are performed, which check the Web application for weak spots and bottlenecks. This may sometimes uncover several weak spots, starting with SQL injections all the way to critical weak spots in the applied services of the Web application due to outdated versions. Due to insufficient security measures, time and again customer and user information, respectively, are unintentionally made public. To limit the damage potential for the affected party, online businesses should never save user passwords in clear text, but should use so-called hash functions in conjunction with a private key (salted passwords) instead.

In addition, you need to make sure that sensitive data such as order details and payment information are exchanged securely and therefore encrypted between customer and shop owner. Otherwise, outside parties could read sensitive data. Online shoppers should therefore always make sure that sensitive information is exchanged with SSL. The online shopper is able to detect this by the “https” instead of the “http” in the Web browser’s address bar. These days, most online businesses use “https“ for secure communication, but unfortunately encryption is switched on too late in many businesses. The “https” has to be in the browser’s address bar already when you enter sensitive information such as login or registration form for example.

What criteria can convince customers about purchase security?

A customer is not able to discern whether an online shop has put adequate safety measures in place. The layperson can only look after a few security features. Outwardly visible characteristics such as the exchange of sensitive data via “https“ are easy to spot and should be met in any case. There are other options for the experienced user to examine the security of an online shop more closely by calling up the current version of the used Web service, if possible. However, whether the business has internally made adequate provisions to protect account information from third-party access for example is not clear to the user. Many online shops use seals of approval in this case to suggest enough security attention to the user. Generally, the user is not able to assess the authenticity and quality of such seals. To get a better idea of the online store, he/she should refer to experiences and reviews by other users.

What role do certifications by inspection agencies such as Trusted Shops or TÜV (Technical Inspection Authority) play?

Certifications such as Trusted Shops or the TÜV quality seal are the right way to achieve standardized and appropriate security for online shops. There is no such thing as 100% security, and the issuers of such seals can also not attest it. Oftentimes only spot checks are made before the seal of approval is being issued. Proper security is therefore not always guaranteed. In addition, one should keep in mind that the certification authority deemed the shop secure at the time of the inspection. Yet online shops usually continue to work on improvements, input updates and in doing so also possibly and unknowingly weaken the security level of the store as is shown by the example of online bookstore Libri.de. Despite the TÜV seal, after a later software update, approximately 500,000 online customer invoices could be viewed.

Online shops are often at risk from external hacker attacks. How can you protect yourself?

Aside from regular penetration tests where impartial IT security experts rate the security, regular security updates are important. The Institute for Internet Security has developed the free “securityNews“ app for this purpose, which automatically suggests security updates. Above all, the development team as well as the service staff of the online shop should be regularly sensitized on the subject of IT security. This can be implemented with presentations, pamphlets or graphic live hackings. In the latter case, company employees are shown how hackers proceed and how you can protect yourself against it. Find more information on the subject of live hacking at www.internet-sicherheit.de.

Interview conducted by Michalina Chrzanowska; iXtenso.com
First publication on EuroCIS.com

related articles:

popular articles:

Thumbnail-Photo: SPAR grocery store embraces new technologies...
23.09.2020   #digitization #app

SPAR grocery store embraces new technologies

The store has implemented Delfi Technologies' cloud solution and mobile app to manage the store's electronic price tags

This year, the co-operative association Tikøb could celebrate its 100th anniversary. Today, the SPAR grocery store in Tikøb is one of the stores in the chain that is at the forefront when it comes to implementing new technology. Most ...

Thumbnail-Photo: Electric vehicles for safe on-the-go food distribution during pandemic...
28.08.2020   #food retail #delivery

Electric vehicles for safe on-the-go food distribution during pandemic

Gallery E vehicles solve food service challenges at universities and corporate campuses this fall

Gallery, the leading innovator of mobile carts for food, beverage and retail businesses, has announced a unique partnership with AYRO, Inc. and Club Car to launch a new line of electric vehicles to help bring food, beverage, and retail merchandising ...

Thumbnail-Photo: Shopping experience thanks to electronic shelf labels...
10.11.2020   #customer satisfaction #brick and mortar retail

Shopping experience thanks to electronic shelf labels

A unique customer experience at new danish gaming store

At the end of August 2020, Denmark's new gaming universe Games N 'Gadgets opened its doors to gamers and game-loving people in the center of Horsens city. Games N 'Gadgets offers everything within gaming, gadgets and computer ...

Thumbnail-Photo: Evaluation tool for recyclable packaging
10.08.2020   #sustainability #software applications

Evaluation tool for recyclable packaging

Fraunhofer UMSICHT tests Henkel's extended version for materials like paper and cardboard

Packaging protects products during transport and storage. In order to develop sustainable packaging and conserve resources, Henkel developed an evaluation tool that quickly and reliably checks plastic packaging for recyclability. The tool has now ...

Thumbnail-Photo: Checkout-free service at Giant Eagle’s GetGo Café+Market store...
07.09.2020   #self-checkout systems #app

Checkout-free service at Giant Eagle’s GetGo Café+Market store

Retrofitting an existing store

Grabango announced the launch of commercial service with one of its retail partners, Giant Eagle, Inc, owner of GetGo Café+Market. Grabango’s checkout-free system is now available to save shoppers time by letting them skip the line. The ...

Thumbnail-Photo: World’s first convenience store retrofitted with AI technology...
14.08.2020   #video surveillance #video cameras

World’s first convenience store retrofitted with AI technology

Standard Cognition to provide Circle K with autonomous checkout

Standard (“Standard Cognition”) announced that Alimentation Couche-Tard, a company that operates close to 14,500 convenience stores worldwide, including under the global brand Circle K, has selected Standard to pilot touchless, ...

Thumbnail-Photo: IKI selects Reflexis Systems intelligent workforce management to...
13.10.2020   #personnel management #workforce deployment

IKI selects Reflexis Systems intelligent workforce management to optimize labour efficiency

Lithuanian retailer will work with StrongPoint to deploy Reflexis solutions in 228 stores and across 5,000 employees

Reflexis Systems (now part of Zebra Technologies), the leading provider of intelligent workforce management and execution solutions for multi-site businesses in retail, food service, hospitality and banking, today announced that IKI, one of ...

Thumbnail-Photo: Chefbot delivers personalized recipe recommendations...
15.10.2020   #e-commerce #artificial intelligence

Chefbot delivers personalized recipe recommendations

AI Twitter tool that “helps cooking” based on ingredients

The Kroger Co. launched the first generation of Chefbot, its AI-powered Twitter recipe tool that helps users' pair the groceries in their fridge and reduce food waste by providing mealtime inspiration and personalized recommendations.Developed ...

Thumbnail-Photo: APG Cash Management Solutions partners with Cashspeed...
19.11.2020   #cash management #cash drawers

APG Cash Management Solutions partners with Cashspeed

Helping retailers reduce the cost of managing cash at the point of sale

APG Cash Management (APG), a fast-growing global manufacturer of cash management solutions, announced today its partnership with French software firm, Cashspeed, which focuses on cash management and payments systems software. Now certified as a ...

Thumbnail-Photo: Zebra Technologies to acquire Reflexis Systems, Inc....
10.08.2020   #POS communications #workforce deployment

Zebra Technologies to acquire Reflexis Systems, Inc.

Acquisition helps Zebra empower every worker at the edge to execute the best next action

Zebra Technologies Corporation (NASDAQ: ZBRA), an innovator at the front line of business with solutions and partners that deliver a performance edge, today announced it intends to acquire Reflexis Systems, Inc., a ...

Supplier

APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
Reflexis Systems GmbH
Reflexis Systems GmbH
Kokkolastr. 5-7
40882 Ratingen
Adasys GmbH – a Poindus Company
Adasys GmbH – a Poindus Company
Max-Planck-Straße 10
70806 Kornwestheim
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
Axis Communications GmbH
Axis Communications GmbH
Adalperostraße 86
85737 Ismaning