News24

Online security safer - industry firm

2012-03-12 14:02

Cape Town - Online systems are becoming more secure to make payments, an industry player has said.

"It's extremely safe; we've not yet had a security flaw in the one-and-a-half years I've been here," Mark Chirnside, CEO of PayU, told News24.

He said that efforts were continuing to improve security to prevent hackers from stealing account information.

"We're always improving the firewall technology, but we're doing intrusion detection and you're a long way from the outside of the system to actually processing a bank transaction."

Online shopping is expected to grow in 2012 as more users have access to increasingly "smarter" mobile phones as well as tablets.

Risk

Providers are racing to provide secure platforms for e-commerce and PayU offers payment gateways for Groupon, kalahari.com and airlines.

"We've had attempted hacks paid for. It's in our interest to ensure as much security as possible - it's what your brand is built on. Having someone have a go at us is not a bad thing and if they find something, fix the hole and next time around we'll do it further," said Chirnside.

A report in February found that there is a small risk with online payments as not all encryption keys work as intended.

A program used to generate random number sequences for encrypting digital information worked properly 99.8% of the time, meaning that two out of every 1 000 "keys" wouldn't thwart crooks or spies, the report warned.

"No system is 100% proof, but we do an awful lot of checking on card numbers, we check stolen card data; we're introducing a new fraud and risk system," Chirnside said.

PayU also said that company systems could limit damage by a potential fraudster by disabling the device used to commit fraud in addition to the card.

"If a device is used to make a poor transaction on our website somewhere in South Africa, we will know about it and next time that device tries to make a transaction, we'll actually block that device.

"We reject ones that we know to be fraud and we defer ones that we're not certain about for manual checks," said Chirnside.

Staff

Web group Anonymous has made several governments and companies nervous about their online security platforms and despite recent arrests, the group is feared after their direct denial of service (DDOS) attacks on MasterCard.

Online security has come under the government's focus and recently, Minister in the Presidency Collins Chabane said that the Cabinet had approved a national cyber security policy framework for SA.

Limiting cyber fraud by company workers is a priority and PayU denies access to its own staff to its production platform.

"Any new employee... has a background check done. It's not a perfect system, but it's a good way of ensuring that you try and pick up the right people.

"We, for example, don't allow any of our developers access to the production platform - none. So there's no way they can get card data at all," Chirnside said.


- Follow Duncan on Twitter