Dictionary defines shoplifting as “To steal merchandise from a store that is open for business”. E-shoplifting is the act of stealing articles/modifying pricing or similar fraud done by a malicious user (an e-shoplifter) from an online shopping store.
With advancement of technology and e-commerce, the online business has grown exponentially. Unfortunately, with same pace or has advanced the malware and attacks on the internet. E-Shoplifting is majorly used to buy a product in a price lesser than mentioned in the website. It also refers to stealing the customer details such as his/her credit card number, which could further lead to much more than stealing from a particular shopping transaction.
The e-shopping works around four entities:
1. The online store - which lists the items for sale.
2.The customer - who intends to buy the items, adds them to his
shopping cart and finally enters details to make the payment.
3. Payment Gateway - It receives from the online store, the payment details provided by the customer, communicate to his bank, enables the money transaction and once transaction is done, sends an acknowledgement to the online store.
4. Bank - Bank verifies the information sent by the payment Gateway and completes the transaction.
In case of e-shoplifting, there comes one more entity:
5. The E-shoplifter aka hacker, who tampers the customer’s details before it reaches to the payment gateway.
Among various measures used by the online stores, most famous are, sending checksum with other details to make sure the data is not tampered and verifying the amount debited in the acknowledgement from payment gateway. These measures are not enough and provide only limited security. The checksum used here can be calculated by the hacker and even if the store uses a private key, seeing the modern computer’s processing power, it is possible for the hacker to guess the key too. Furthermore, the verification of the bank acknowledgement also does not guarantee security, as the e-shoplifter who tampered all details being sent to bank can also change the amount in the acknowledgement to match it with his tampered version.
E-shoplifting may not be 100% avoided even with complex security measures but can be reduced to a great extent only by implementing and adopting few security best practices in the online store website and in e-shopping workflow.
If you are from an e-commerce domain, or are associated with online business in any manner, it is imperative to you to make sure that your business and your customers information is in safe hands. With HACKViDHi penetration testing services, you can find out the vulnerabilities of your online business and using our consultation, can work towards fixing them up so that you can save your business and customers information from e-shoplifting. To know more, contact us by e-mailing us to contactus@hackvidhi.com or register to our website for a free trial at http://www.hackvidhi.com and we will get back to you.
Check our presentation on E-Shoplifting @ http://www.slideshare.net/hackvidhi/e-shoplifting-hackvidhi.
Check our presentation on E-Shoplifting @ http://www.slideshare.net/hackvidhi/e-shoplifting-hackvidhi.