65pc of Irish websites put consumers at risk

19 Nov 2008

According to an analysis from Enterprise Risk Services at Deloitte, some 65pc of Irish websites put consumers at risk of fraud.

Deloitte examined over 100 Irish e-commerce sites and checked for the kind of security measures in place to ensure safe online transactions for the shopper.

The good news, Deloitte said, is that the situation with regard to compliance with the Payment Card Industry Data Security Standards (PCI DSS) has improved since its last analysis. However, a “significant portion” of websites examined still have not complied with this standard.

A breakdown of figures showed that 100-plus companies had “weak or legacy encryption” in place for online transactions, meaning that customers entrusting their MasterCard or Visa across these sites were putting their card and personal data at risk of fraud or identity theft.

Shockingly, some 2pc of the sites looked at did not encrypt the data-entry sessions at all. This is the security equivalent of sending an email with all your credit-card details directly to the site, which is never advised.

There were no details from the report with a breakdown of how the payments were managed, ie whether the online merchant was privy to those details, or whether they were passed on to a trusted third-party payments processor such as Realex or PayPal, both of which would automatically have extremely secure methods of encryption and data protection.

Most sites will ask you to verify your credit-card details with the three-digit CVV2 code on the back of your credit card, which is another protection against fraud, but the Deloitte analysis found that 7pc of Irish e-commerce sites did not have this.

A further 3pc had expired SSL certificates, which are certificates displayed to ensure that the site you are dealing with is actually that site – another method of protection against phishing attempts whereby a fraudster could put a false web front in place in order to steal your details.

“The results of the survey show that many websites do not have adequate levels of security for processing online transactions, which many consumers carry out on a very regular basis,” said Colm McDonnell, partner, Enterprise Risk Services, Deloitte.

“Identity theft and credit-card fraud is a growing problem here in Ireland, and inadequate levels of security must be addressed by merchants as a matter of priority.”

By Marie Boran