As reported last week, the Black Hat conference in Vegas has come and gone, and left us with an array of news on security threats both tangible, and theoretical. You can find a good round up of this year’s “greatest hits” for the security conference, in this overview from PC World.
One of the things covered was the revelation that the humble USB cable — that same one you use to plug keyboards and all kinds of external devices into your company’s PCs — may have an unforeseen flaw.
The problem was summarized by the same publication this way: “The majority of USB thumb drives, and likely other USB peripherals available on the market, do not protect their firmware—the software that runs on the microcontroller inside them, said Karsten Nohl, the founder and chief scientist of Berlin-based Security Research Labs.
“This means that a malware program can replace the firmware on a USB device like a thumb drive by using secret SCSI (Small Computer System Interface) commands and make it act like some other type of device, for example, a keyboard, Nohl said. The spoofed keyboard could then be used to emulate key presses and send commands to download and execute a malware program.”
On the upside, there’s no actual documented “attack” coming this way from a USB device — yet. On the less-than-upside, you may want to reconsider what sort of devices get plugged in to your company’s PC’s, and who keeps track of the data sticks, thumb drives, and recharging smartphones (especially in light of this Android news) that are cabled up around the office.
Security is also on the mind of shoppers, as evinced in a recent conversation between MasterCard Advisors’ SVP Market Insights Sarah Quinlan and MPD CEO Karen Webster. Their chat was recently posted on Pymnts.com, and it provides an interesting third quarter-and-back-to-school look at the steady increase of online commerce. MasterCard’s Quinlan notes that one thing important to online customers “is whether or not the security of the transaction was there – if people are understanding and feeling comfortable when making a purchase online, and if the merchant has made sure of this.”
Making sure, then, will become increasingly tricky with the potential threats, but it will remain worth it. Especially for small businesses, and particularly as we head – -already! – -toward the end of the year.
As Quinlan continues, “we noticed last year that small business had been out-selling large business by 3-5 percent per month in terms of total retailers with less than $50 million annually. The only month where they really dropped was in December, where consumers actually really embraced online shopping. So the question is will the small independent retailer become e-commerce savvy by this Christmas because that will be extremely important to their overall year.”
And on a more day-to-day basis, online vendors need to be aware that “post-recession, there are more instances where both partners in a family are working, so there’s less time to do everything that needs to be done. We see this surge in online shopping happening at 10 PM at night, after the kids go to bed. Understanding and making certain that the consumer knows what’s new on the site and that it’s easily to manipulate is really key.”
As Quinlan also says, while brick-and-mortar shopping is never going away, she lists four main points for online strategies for the remainder of the year: “Know what the consumer wants to purchase, understand how people spend. Merchants have to understand the whole shopping experience. Also, continuing to emphasize the ease of the site so consumers don’t have to repeatedly enter their payment details, for example.
“The third thing is that many retailers haven’t made their applications for mobile look as good as if they were sitting down at a PC. Retailers need to fix this way in advance of the holiday season. Finally, it’s important for them to understand where people are spending – do retailers have the merchandise that people want? These four things are really what they need to do to have a successful holiday.”
And whether that holiday is the next one (Labor Day – -already!?) or the ones we’ll be wrapping up the year with, AVPS can help you be ready to make the payment part of your customer’s online experience as painless (and secure!) as possible!