How black-hat hackers threaten e-commerce

If you shop online or are thinking of doing so, one of your concerns is most likely online fraud.

Africa is quickly buying into online business, but fears of online attack cannot be wished away.

For the business fraternity, keeping the business and customers safe should always be at the top of priority list.

In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network.

Hackers may be motivated by profit, protest, challenge or enjoyment.

In most cases, a hacker gains access to the control tools of your website. This gives them unrestricted access to all of the pages, including the payment page.

The threat to consumers is well-known, with oft-reported cases of large companies’ databases of credit card information being broken into.

But it is not just the large companies that are at risk. Even small companies are vulnerable to information theft, perhaps even more so since they generally lack the resources available to the large corporation for cybersecurity staff.

Last December, the Kenyan police arrested 76 Chinese nationals and one Thai who were said to be operating sophisticated communication equipment that could crack financial institutions and mobile money platforms and probably clean out peoples’ lifetime savings.

CREDIT CARD THEFT

Kenya is not short of people, especially in the business class, who have lost their hard-earned money to hackers.

Hackers have compromised some companies and government agencies world over, some of which are expected to have highly complex security systems.

Credit card theft is probably one of the most common online scams.

Essentially, a thief gets their hands on someone’s card details and uses those to pay for goods on the internet.

If you feel that the person using a card is potentially a thief, you can simply refuse to authorise the purchase.

You can also minimise the damage from an attack by regularly changing passwords to your website and engaging services of a good IT specialist to make sure that any third party software that you use is secure and trustworthy.

We also have situations where a cyber-criminal eavesdrops on a communication between you and the customer and records the cardholder data being exchanged.

The best way to stop such attempts is by using what is called SSL certificate or a technology that ensures a secure connection between your computer and the rest of the world.

There are also different levels of security that are available online, and you want to be aware of them. Some online web sites don’t offer secure shopping.

That means that savvy criminals can capture everything that you enter onto a form on those sites, including your personal and credit information.

SECURE SITES

If you’re going to shop online, limit yourself to secure sites. You can tell if a site is secure by the URL.

A secure web site starts with HTTPS:// instead of HTTP://. Secure sites will also have a small lock icon in the lower right corner of the screen.

To burglar-proof your home, it is best to hire a burglar as a consultant, as he is more likely to find the security vulnerabilities and demonstrate how they can be exploited.

Following this approach, companies large and small are now hiring hackers to test the companies’ security system vulnerabilities and find ways to harden them to withstand intrusion.

Google, Tesla Motors and Boeing have decided that rather than try to outsmart hackers, they will protect themselves by hiring them.

Not all hackers are bad. In the hacker community, there are subtle class differences that the general public is not aware of.

These are white-hackers, or “good hackers”. They break into systems to point out security flaws or bring attention to a cause.

Their intentions are not necessarily to wreak havoc, but to do a public service.

Sam Wambugu is a monitoring and evaluation specialist. Email: [email protected]