'Firms must do more to protect assets, customers'
Brunei Times (8 Nov 2012)

As malicious acts such as identity theft become increasingly prevalent and sophisticated, merchants must take additional security measures for their websites to protect their customers' private and sensitive information.

Ahmad Ismadi Yazid Sukaimi, a specialist working for Cybersecurity Malaysia's Research Division, said that security is still too often neglected by most online merchants around the globe, leaving their online stores vulnerable to identity thefts and hackers.

"Although the benefits of online shopping are considerable, when the process goes poorly it can create a thorny situation," he said.

Ahmad Ismadi was one of the guest speakers invited for the Cyber Security Awareness Week organised by the Authority for Info-communications Technology Industry Brunei Darussalam (AITI).

In an interview with The Brunei Times, Ahmad Ismadi said many small businesses have yet to invest in robust security mechanisms as such solutions are often costly and difficult to implement which means they will not be liable for any damages faced by their customers.

He said that a strong security mechanism protects the merchant's e-commerce website while also giving their customers confidence and a peace of mind to complete the transaction.

"In order to sell online, merchants need to ask for their customers' personal identification information and account numbers, and this requires a substantial amount of trust that a strong e-commerce website security can help them gain," he said.

He advised merchants to apply a two-factor authentication technique on their websites that is popularly used in online banking today to add another layer of security.

"They should provide these facilities for its customers, where they give away some kind of token for access, which customers can keep with them, besides the password they keep in memory," said Ahmad Ismadi.

He said that as credit card transactions are the preferred payment method for the majority of shoppers at online stores, it is important for online stores to have the ability to process credit card payments via a secure electronic payment gateway.

An electronic payment gateway provides interfaces to financial institutions and customer host systems for automatic processing of payment and update of information.

However, he said, there are still loopholes which can be taken advantage of in payment gateways.

"If the credit card is valid, and with enough authentication, 'stolen' credit cards will still be able to pass through," he explained.

Ahmad Ismadi pointed that while most large online corporations are inventing new ways to detect fraud, criminals are contsantly responding to security developments with newer and better ways to manipulate the system.

"The industry continues its efforts to improve security. It is a constant fight to maintain the lead," he said.

Ahmad Ismadi advised consumers to undertake safe online shopping practices prior to making online payments.

"Make sure you're shopping on secure sites. That means your credit card information will be encrypted. Before shopping, check out every website's privacy policy," he said.

He said that users must avoid connecting to open and public Wi-Fi such as at restaurants and cafes to make transactions online as hackers can "sniff" their wireless data and intercept sensitive data.