With Black Friday and Cyber Monday quickly approaching, the deals have already begun. 2018 is expected to be yet another year for record-setting sales figures, continuing the growth of the holiday from its induction. The original concept of Black Friday (dating back nearly 60 years) was originally confined to a single day, but as online shopping has become a mainstay of retail, this peak event has expanded to the entire week prior, and spills over into the following week with Cyber Monday.
But as consumers embark on their journey to find best deal on that new TV or laptop, security isn’t something that is top of mind, and most don’t think about it entirely.
The Impact of Applications
Our collective need for goods has ensured the continued existence of the retail industry, but it has undergone a number of changes in the past several years as well. One of those changes is the platform which people use to make their purchases. Online stores combined with mobile applications have made it easier than ever.
With the aid of web applications, API-based B2B partnerships and mobile apps, the volume of shopping, especially during the Black Friday season, continues to grow by billions of dollars on a yearly basis. Online shopping has allowed retailers to reach deep within the buyers’ pockets to increase revenues exponentially while the number of shoppers has only grown linearly. This is the biggest testament to the impact applications have had on the retail sector and consumer shopping habits.
The Risks of Overlooking Application Security
Applications are the key to driving increasing revenues on a yearly basis, and retailers can’t produce these applications fast enough. Unfortunately, however, due to the “need-for-speed” pressures of the application development and deployment cycle, organizations take short-cuts where possible.
User experience and performance are the obvious non-negotiables, but what about security? Recent data shows that the window of exposure (time duration for which there is at least one exploitable serious vulnerability) for retail applications remains high, with over 60 percent of all retail applications having one or more serious vulnerabilities open throughout the year. Clearly, security is being overlooked in the endeavor to get better, faster applications before the holiday season hits.
This is unacceptable as the onus of security should not lie with the end customer. Retailers have the opportunity to do right by their customers by providing a more secure online shopping experience. In this day and age, where one breach could lead to millions of dollars in monetary and reputational losses, retailers can not only mitigate these losses but also create market differentiation for themselves by providing a secure online shopping experience.
Stay Safe Shopping Online
Regardless, consumers should be aware of steps they can take to stay safe this holiday shopping season.
First, you need to make sure the site you are purchasing from is sending your credit information over an encrypted connection. To do this, you must ensure ‘https’ is being used on any transaction.
Once an encrypted connection is ensured, it’s important to think about which payment option is the safest. Traditionally retailers have asked for credit card numbers, expiration dates and your CSV number. When this information is provided in checkout, your card details are now stored by the retailer. If a breach occurs, hackers can obtain this info and purchase items on your cards.
To avoid these issues, the safer way is to use a service like Cash App or PayPal. These services pay for items on your behalf, so instead of paying the retailer, you’re essentially paying the third party, which, in turn, pays the retailer. This way, the retailers you shop with never see your credit card info, and only the third party has access. By doing this, consumers will be able to significantly reduce risk and their credit card’s online footprint.
Businesses Can Look to WhiteHat
All year round, not just during peak holiday shopping like Black Friday, organizations depend on software applications to grow their business. As the pioneer and market leader in application security testing-as-a-service, WhiteHat Security provides industry-leading accuracy, breadth and speed, via a combination of automation and artificial and human intelligence, to implement application security across the entire software DevOps life cycle.
WhiteHat’s Application Security Platform brings together the foundational capabilities of dynamic and static application security testing (DAST and SAST) and software composition analysis (SCA) through a cloud based platform to continuously assess risk for your applications by embedding security within the software life cycle. This provides development and security teams with the tools and services to deliver the most secure software. We are also the only company with a dedicated threat research center, AI-based attack vector intelligence (AVI) technology and an open API platform.