E-commerce continues to grow dramatically in spite of security threats, recent research indicates. E-commerce dollar volume in 2004 rose 88 percent and transaction volume grew by 39 percent over the previous year, according to VeriSign’s latest Internet Security Intelligence Briefing.
The VeriSign report monitors trends in Internet usage, commerce, fraud and security threats. The briefing points to increased customer confidence, growing broadband Internet access penetration across the United States, the availability of more inexpensive goods on the Internet, and an increasing number of rural customers shopping online for goods they cannot buy locally as drivers of increased e-commerce.
Mark Griffiths, vice president of VeriSign’s security services, told the E-Commerce Times that the biggest surprise in this year’s Internet Security Intelligence Briefing was the dramatic sales increase in 2004.
“Thanks to broadband deployment, people in rural communities can buy goods online instead of having to trek 30 miles to the store to get it,” Griffiths said. “I believe we will see even more e-commerce sales from rural customers this year and definite growth in the overall volume of transactions.”
Staying Atop Security
With greater opportunity comes greater challenges, however, as both humans and worms continue to scan for systems that are not patched against common exploits.
Worm propagation attempts, such as “MS-SQL version overflow” and “MS-PCT Client Hello overflow” still generate the majority of the security events, according to VeriSign. During the fourth quarter of 2004, VeriSign counted more than 680,000 “MS-SQL version overflow” attempts and over 375,000 “MS-PCT Client Hello overflow” attempts.
The VeriSign report reveals that most security events originate in the United States. During the period October 2004 to January 2005, the U.S. generated 79 percent of fraudulent transactions, followed by Canada (5.7 percent), Taiwan (2.6 percent), Korea (2.5 percent) and the UK (2.4 percent).
Security threats are leading merchants and consumers alike to look for measures to protect both ends of the transaction. The verifications of secured sites reached more than 9 million per day in the fourth quarter of 2004 alone, indicating a strong demand among Web site operators for security seals and the increasing propensity of online shoppers to conduct transactions only with secured Web sites, according to Griffiths.
Romania, Vietnam, and the U.S. were the top source countries for total volume of e-commerce fraud over the 2004 holiday period; Belarus, Slovenia and Vietnam were the top countries for internal percentage of fraudulent transactions.
“Merchants are employing more automated fraud protection,” Fraser Smith, product manager with VeriSign payment services, told the E-Commerce Times. “But they are also using human intuition as the decision maker. Our study shows that 84 percent of the transactions reviewed by humans were accepted. Only six percent of overall e-commerce transactions were deemed too risky to complete.”
VeriSign also addresses one of the latest security threats: phishing. The briefing reveals that 58 percent of phishing capture sites were located outside of the U.S. during the October 2004 to January 2005 period, up from 37 percent reported for the first half of 2004. Griffiths said this increase is due to better efforts at shutting down capture sites in the U.S., and the comparative difficulty of shutting down capture sites abroad.
“We have a better ability to close down the sites in the U.S. than the ones outside of the U.S.,” Griffiths said. “The challenge with some of the phishing sites that are outside of the U.S. is we don’t know if they are owned by the people who truly do the phishing or if they are used as stepping stones [to gain access to other computers on a network].”
Internet Traffic Still Rising
As security experts strive to implement practices and procedures that will curb fraud, Internet traffic and usage is evidence that consumers appreciate these efforts. Domain Name System (DNS) queries in the fourth quarter of 2004 fluctuated between 380 and 400 billion per month, a whopping 80 billion queries higher than December 2003. In 2004, the .com top-level domain grew over 25 percent, while .net grew over 20 percent, showing continued demand and usage of these domains.
Still, security experts agree there is more work to be done.
“We are getting better at rejecting the fraudulent transactions that are going on, and user confidence is getting better,” Griffiths said. “The percentage of fraudulent transactions haven’t grown significantly since last year. It’s still under 2 percent. Of course, that’s still a large number since overall volume grew by 88 percent.”