Heartbleed: What retailers need to do regardless of vulnerability
17th Apr 2014
Image credit: Image designed by Codenomicon to represent the Heartbleed bug.
Ten days on from the first revelations about the scope of the Heartbleed bug, My-Retail Media looks at how retailers have been affected, and the measures businesses can take to secure their sites and assure their customers.
Even for the most seasoned of online retailers, getting to grips with the scale of the Heartbleed security bug that was first publicly disclosed on 7 April is nigh-on-impossible. As news of the bug spread, both retailers and consumers turned to experts to break down just what exactly Heartbleed’s impact could be on their e-commerce systems and online accounts. Where you’d often expect some kind of scaleable answer- one in ten businesses affected, only certain platforms should be concerned- instead, the Electronic Frontier Foundation, Arts Technica and chief technology of Co3 Systems Bruce Schneier all agreed on one thing: the effects are “catastrophic”.
As one of the most widely used encryption tools on the internet, believed to be deployed by around two thirds of all websites, OpenSSL is recognisable to most consumers by the small padlock symbol in their browser- a signal that OpenSSL technology is probably in use.
"The Heartbleed bug allows anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” Schneier explained earlier this week. “This compromises the secret keys used to identify the service providers and to encrypt the traffic, the name and passwords of the users and the actual content.”
"This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users," he added.
As a security bug in the open-source OpenSSL cryptography library, it’s thought some 17 per cent of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.
There’s no two ways around this- Heartbleed does affect millions of ecommerce websites. As it is reported to go widely undetected, the best way to determine if your ecommerce platform is vulnerable is to use the Heartbleed Test. If your platform hasn’t been affected, there’s other steps to take to ensure you won’t be made vulnerable in the future, and to assure your customers of their safety when shopping online. My-Retail Media spoke to Trust Shops, the leading service provider for secure online shopping in Europe to find out the next stages of action:
“The so-called Heartbleed bug has put customer’s private information and payment card numbers at risk. It may have affected up to two-thirds of web servers worldwide, including online merchants large and small.
“In the worst of cases, this Internet security flaw implies that online retailers, who were doing everything right and required to protect customer data, may have still been exposing sensitive information to nearly any hacker.”
Retailers, and particularly online sellers, can protect their customers from the Heartbleed bug using the following steps outlined by Trusted Shops:
1) Check if your site is affected; https://lastpass.com/heartbleed/
2) If not affected, email all your customers to reassure them that your website IS and HAS been safe.
3) If your site is affected, issue a dedicated email newsletter to inform customers about any security breaches and highlighting the steps they need to take in terms of changing any passwords.
4) On existing customer accounts, add a prompt next time they visit encouraging them to change their password
As with Paypal and eBay’s statements earlier in the week, Trusted Shops argue that showing customers you are being pro-active is key to reassuring them and rebuilding trust- “Even if Heartbleed has not affected your website, your customers do not know. So make sure you tell them!”
Giving customers what they want in a digital world
15th Apr 2014
It’s no secret that sales of mobile devices have rocketed. Smartphones are the mission control for our lives – they are changing everything, including how we shop and how we pay.
Smartphones and tablets are also changing customer expectations – shoppers want convenience speed and choice, they want to shop anytime, anywhere, on any device.
A new major player for retailing in the southern hemisphere
9th Apr 2014
South Africa’s Woolworths Holdings Ltd this week revealed it will buy Australia’s second-largest department store David Jones for USD 2.15 billion. By combining both brands, the new deal will create the second largest department store retailer in the southern hemisphere. The surprise takeover announced on Wednesday saw Woolworths pay a 25 per cent premium on David Jones shares at their closing price on Tuesday, spending USD 4 a share.
McKinsey & Co.'s five step plan to save your business
7th Apr 2014
Stage 1: Wake up
The first stage of the turnaround sounds easy and obvious: acknowledge that your company is in distress. But for executives accustomed to success, this stage can be difficult and humbling. Denial is the norm. When we surveyed more than 1,500 executives who have been in turnaround situations, over half of them said they had either underestimated the severity of the problem or refused to accept that there was a problem at all.3 One retail CEO, whose company’s TRS was well below competitors’ and had declined by more than 90 percent in a single year, refused to use the word “turnaround” in discussing the business. “We are not in a turnaround situation,” he insisted.
Apple sues Samsung for $2bn but is the court room the best place for a tech trial?
31st Mar 2014
Apple is taking Samsung back to court this week as it accuses the Korean firm of “systematically” copying its features. In yet another case that will see the two tech giants go head to head, Apple is demanding that Samsung pay USD 40 per device for using the Silicon Valley firm’s patented designs on its newest devices.
2014 Budget: did it ignore the north?
21st Mar 2014
As the pre-budget rumour mill raged and pinstriped entrepreneurs everywhere began to wonder if this could be the year they’d have to trade their tri-annual escape to Mustique for a wet weekend in Bognor (or not - this is a Conservative government, after all), the Chancellor applied a revenue-boosting salve to the souls of CEOs across the land as he revealed an economic framework ergonomically designed for “makers, doers and savers”. There was one absolute certain though: business rates would remain unchanged. Thanks to the Department for Communities and Local Government’s decision to defer the expected business rate revaluation from 2015 to 2017, retailers across the UK knew that their calls for a reduction in rates would have to wait.
Rana Plaza one year on: Primark commits £6m more to factory victims
17th Mar 2014
Eleven months after the collapse of the Rana Plaza factory in Bangladesh, fast-fashion retailer Primark has announced it will pay out a further £6 million in compensation to victims of the tragic events last April. Primark on Monday announced it will meet its commitments for long-term compensation over the victims of the Rana Plaza tragedy, which left 1,129 dead and 2,515 injured after the eight-storey building collapsed on 24 April 2013.
Are you doing enough to attract ‘SuperShoppers’?
10th Mar 2014
In the retail industry, we seem to have an obsession with buzzwords and the latest is the ‘SuperShopper’, a small but highly valuable percentage of the shopping population. But behind most of these buzzwords, there is an important underlying message and the SuperShopper is no different. So why should we be taking notice of this particular segment of the market?
Put it to the experts: What does the perfect multi-channel experience look like?
4th Mar 2014
The perfect multi-channel experience is what retailers across the globe are striving for. It’s also something many customers crave, without even releasing. In their eyes, they are looking for a convenient and enjoyable shopping experience which gives them choice.
Tesco CEO ushers in digital renaissance
26th Feb 2014
On Tuesday one of the biggest retailers on the planet made a series of pledges to haul the business into an age where multichannel reigns supreme and large out-of-town stores have begun to fall out of favour. Whilst speaking at an investor conference, Tesco chief executive Philip Clarke said: “Our priorities are clear: prices must get better, must be more stable; the frivolous promotions must end and trusted ones must be in place, and that has to start now.” The main points from the conference are summarized below.