Apple's e-commerce leads all US retailers in cybersecurity

Dive Brief:

Apple is the most secure U.S. online retailer for customers, followed by Best Buy, The Home Depot, Amazon and Qurate Retail Group (owner of QVC, HSN and Zulily), according to research from LastPass by LogMeIn, a password management software company.
The rankings are part of LastPass' Online Retail Naughty and Nice List. So who's been naughty? Topping that part of the list is e-commerce furniture company Wayfair, followed by Walmart, eBay, Macy's and Costco. In conducting the research, LastPass examined 17 criteria related to the account, password and website security features of top retailers.
LastPass said it wanted to present consumers with guidance as to which sites best protected their personal information from data breaches. Among the criteria for the research: password requirements; the use of security questions; personal information collected; use of two-factor authentication; social media logins; and how forgotten passwords are handled.

Dive Insight:

With holiday e-commerce sales headed into record territory this year, more consumers will be shopping online. Chances are fraud will be that much greater, as well.

Of the 10 retailers LastPass ranked, all are reputed to be leaders in technology, with the possible exception of Costco, which has been catching up of late. Apple, the "nicest" on the list, has been at the forefront of emphasizing technology solutions to security, and CEO Tim Cook has been outspoken among Silicon Valley leaders on the subject of privacy. Wayfair, which is the "naughtiest," is in the midst of a growth spurt, reporting the largest year-over-year direct retail dollar growth in the company's history in its second quarter. Wayfair's low ranking on the LastPass list could indicate it is experiencing some growing pains.

The holiday selling season means a huge spike in online and in-store traffic and sales, but it also brings more fraud, according to research from Forter. Fraud attacks increased by 13% last year, Forter has reported. Late last year, ACI Worldwide said that it expected fraudulent activity to increase 30% during the peak holiday season because of data breaches/identity theft, account takeover/phishing attacks and friendly fraud/chargebacks.

The LastPass research comes at a time when a new wave of cyberattacks, called "Magecart," has affected big companies like Newegg and Ticketmaster, as well as 32,000 smaller e-commerce retailers, according to a press release from CyberInt emailed to Retail Dive. One in five retailers infected by Magecart malware get reinfected after the operations have been cleaned up, ZDNet reported.

Cybersecurity firm CyberInt estimated that the attacks — which use tactics the firm said resemble those of Russian organized criminal gangs — may cost online customers and credit card companies $500 million a month.

Two-factor authentication provides an additional layer of security for customer accounts, LastPast said in a press release emailed to Retail Dive, but only two of the top 10 retailers — Apple and Amazon — offer it to consumers. Allowing customers to sign on through a social media site like Facebook eliminates the need for another password, but makes the customer's data vulnerable if the other platform is compromised. For example, Facebook has disclosed that 50 million users were exposed as the result of a recent attack, LastPass noted.

"Weak or stolen credentials continue to play a major role in breaches, so it's worrying that some of the most popular retailers have pretty lax password requirements when hundreds of thousands of shoppers will be flocking to these sites for a good deal this holiday shopping season," Sandor Palfy, chief of identity and access management at LogMeIn, said in the press release.