Companies often misinformed about the real threat to e-commerce security

LONDON -- Company executives are often misinformed about the real vulnerability of their network systems, according to a survey of electronic commerce fraud by professional services firm KPMG.

KPMG says it is well documented that a company is at greater risk of being the victim of an internal security breach than an external one. But KPMG’s 2001 Global e-Fr@ud Survey of the world’s largest companies across 12 countries showed that half the firms regard computer hackers and poor security policies as the greatest threats to their e-commerce systems.

Seventy-nine percent of respondents said the highest probability of a breach occurring to an e-commerce system would be via the internet or other external access.

But KPMG says poorly trained and poorly qualified system administrators, poor reporting procedures for security breaches or dishonest employees are often a greater threat.

E-fraud is a growing problem for companies around the world, although reported instances of e-fraud are low, KPMG notes. Only 9% of respondents to the survey said a security breach had occurred in their organisation in the past 12 months.

And, where breaches had occurred, legal action was not always pursued for a variety of reasons, such as inadequate legal remedies and lack of evidence.

The use of good computer forensic response guidelines could significantly increase the likelihood of an organisation securing enough evidence to take legal action, KPMG says.

Respondents indicated overwhelmingly that security of credit card numbers and personal information were by far the most important concerns for their customers. But less than 35% of respondents reported having security audits performed on their e-commerce systems. Only 12% of respondents reported that their website bears a seal identifying that their e-commerce system had passed a security audit.

www.kpmg.co.uk