E-commerce payment processing systems were involved in 9% of 220 cybercrime cases and web site breaches investigated last year by Trustwave, an Internet security firm. That’s about the same percentage as in 2009.
By contrast, the point-of-sale systems that take payments in bricks-and-mortar stores were involved in 75% of the investigations, with employee workstations at 11%, payment processing (for instance, the back-end technology operated by processors that is involved in transactions) breaches at 3% and ATMs at 2%.
“Often, the public believes they are at greater risk of fraud when shopping online as opposed to a face-to-face purchase,” Trustwave says in its “2011 Global Security Report.” But that’s not necessarily the case, Trustwave says. “E-commerce is most often not the primary target in large-scale payment fraud. The data just isn’t as valuable.”
That’s not to say online retailers and their payment processors can relax about the threat of fraud. The retail sector accounted for 18% of the investigations last year. And retailers have to be careful about the vulnerabilities of technology vendors, with Trustwave saying that 88% of the breaches it investigated came from insecure software code or lax security management at those technology providers.
Trustwave also warns of emerging threats from social media. “Social networking sites are quickly becoming cybercriminals’ platform of choice to expand and propagate destructive botnets,” the security firm says, referring to software agents that hijack computers, often tying many consumer computers into a network that can be used to perpetrate fraud.