Cape Town - If a cyber criminal steals money from your bank account and leaves you wondering where they could have stolen your details from, the answer might be: From your favourite online shopping platform.
According to research from security company Kaspersky Lab, almost half of businesses in the e-commerce sector lose financial-related information.
Cyber criminals, through targeted attacks, steal information from 48% of these businesses, with 41% being victims in the financial services sector.
According to Kaspersky, "only 53% of the e-commerce/online retail segment indicated that they 'make every effort to keep anti-fraud measures up to date'".
In the financial services industry, the number is slightly higher at 64%, and the industry is also more open in its desire to implement new technologies to combat data theft, Kaspersky said.
Fraudulent debit orders
Large scale data breaches have plagued e-commerce firms over the last year.
Online retail giant eBay, for instance, was hit when cyber criminals made off with 145 000 000 login credentials in what has been regarded as one of the most audacious data breaches in recent memory.
Home Depot was also hit when 56 000 000 customers' credit card details were stolen after malware was installed on the cash register system.
In SA, online retailers let their greed get the better of them during the 2014 shopping season as cyber criminals targeted a relatively naïve market.
Spam is effective malware delivery method. (Duncan Alfreds, Fin24)
"When you're importing luxury leather goods to sell in South Africa, and then most of your sales go overseas, alarm bells should ring. Why would anybody wait three weeks and pay extra shipping costs for something they could easily find in their local market? You should know that pot of gold is going to evaporate," said PayGate business development manager Brendon Williamson.
Cyber crooks could exploit data gleaned from e-commerce or financial services platforms to hit victims' bank accounts. A popular strategy is to deduct small amounts at a time which many bank customers may not notice.
Online complaints
Complaints website HelloPeter lists several complaints from subscribers around unauthorised debit orders, some as high as R17 000. These leave customers who have not signed up for these debit orders frustrated as they have the responsibility of resolving the problem.
According to the Payments Association of South Africa, bank customers have the right to reverse debit orders.
"The customer has the right to dispute any transaction he or she believes was incorrectly debited to the account," the organisation says on its website.
In order to effect a reversal, bank customers have to present identification, bank statement, account number and debit order mandate if available, Pasa says.
Kaspersky found that organisations were keen to resolve breaches after they were discovered but the strategy was largely "providing secure connections for customer transactions".
The security firm noted that financial services firms were more focused on specialist security solutions for mobile devices than e-commerce retailers (75% vs 56% respectively).
- Follow Duncan on Twitter