Today there is a report in the paper that the NZ Hunting and Fishing shop’s website was hacked and customers’ credit card details were stolen. Customers had noticed unusual activity on their credit cards.
I have personally used a number of e-commerce sites operated by bonafide New Zealand businesses. In the rush for these businesses to open up online shops to cash in on the Internet trade, it is very important to note that there is no guarantee that your credit card details will be collected or stored in a safe manner.
It is important to note that there are different ways in which e-commerce sites can process your order. This can be either online or offline. The online processing should happen through a secure website and usually will make use of a reputable third-party payment processing site. For example, PayPal offers such a service internationally, and there are sites of this nature operated in New Zealand.
Offline processing is entirely different and is, in fact, used by a lot of shops which do not have the money to spend on an online site. These sites in my experience are engineered more cheaply and are the ones to watch out for, as some of them do not even use security certificates, and since they collect your credit card details on their own site, you have no guarantees that the site is engineered to resist hacking and stores those details with a high degree of security.
We of course do not know the details of the Hunting and Fishing hack but some kind of security flaw is a likely scenario and there are many possible exploits such as SQL injection or server vulnerabilities that can be used to get into a site and steal details. The concern is that people are still engineering and deploying insecure websites or that companies that own them are not spending money on making sure their site is kept secure and all necessary updates and patches are applied in a timely way.
I think that the Government should look at regulating online trading so that people can have confidence that their personal details are being kept safe when they make purchases from a New Zealand e-commerce site.