Safe online shopping

Richard van OeffelSafeShops Café, January 26th 2017

1

• Online shopping: access, technology, payments

• Risks with online shopping: Availability, Confidentiality & Integrity

• Measures and common practices to mitigate risks

SafeShops

Agenda

2

3

Bandwith at home (up to 10 Gbit)Devices (desktop, laptops, tablet and smartphones)Skills (95% shopped, 50% shopping)

Online shopping - Access

4

Omni-channel retailing (when, where and how)Big Data and Personalisation (track)In-store experiences (BLE)Pop-up and street-trading (mobilePOS)Marketing technologies (NFC, QR codes, BLE, Geo-location)Mobile wallets (history, loyalty)Beyond retail (Restaurants, cafes, cinemas)Social media (facebook, twitter, youtube)

Online shopping - Technology

5

Credit cardDebit cardMobile (debit/credit card)PaypalBitCoinMr. CashiDeal QROthers: direct debit (iDeal)

Online Shopping – Payment methods

6

Distributed Denial of Service (DDoS)RansomwareWebsite defacingCrossite scripting

Risks – Availability & Integrity

Risks – Availability & Integrity - Mitigation

Monitoring, processes in place (understanding)Incident response planningDevelopment: OWASPSystem: SSL/TLS

7

Personal Identifiable Information (PII)Payment Card Industry (PCI)

Risk – Confidentiality & payments

8

Refunds -> reduce chargeback ratio3D secure -> reduce use of fraudulent transactionsSSL/TLS & profile -> loyalty and one click orderingConfirmation emails: No embedded links, no request for info

Risk – Confidentiality & payments - Mitigation

9

Decent website with latest technology (desktop/laptop/tablet/mobile, personalization)Decent products and information (retour sending, refunds, reviews!)Decent development (OWASP rules)Decent hosting (PCI, ISO 27001)Testing (scanning) monitoring (what’s going on/tracking)Decent procedures and processes Decent communication to customers: Customers first!

Risk mitigation – General

paysquare.eu