Questions tagged [e-commerce]

58 questions
16
votes
2 answers

Is adding a supplementary credit transaction something that could improve online payment security?

An online company from which I regularly buy goods apparently recently upgraded their security policy. Let's say I bought something for 73,31€. As usual this company uses 3D-Secure for the checkout process and will actually process the payment only…
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
12
votes
4 answers

How does collecting sensitive data using iframes increase security?

So this approach seems to be rather popular, particularly among payment processors that provide javascript integrations. The added layer of security that "fields in iframe" brings also supposedly reduces the level of PCI compliance…
Acorn
  • 222
  • 2
  • 7
12
votes
5 answers

Generating and securing gift card codes

I'm working for a company that is generating gift card codes which can be used to pay for goods on online stores. I'm wondering what the most secure way of generating these gift card codes are. The length needs to be 16 characters (though that is…
Mark
  • 181
  • 1
  • 10
10
votes
4 answers

Defending against DoS via product reservation

An e-commerce site should reserve products for a user while they're going through the payment process (more info). This creates a potential denial-of-service risk where an attacker could reserve many products and never complete payment - reserving…
paj28
  • 32,736
  • 8
  • 92
  • 130
9
votes
4 answers

Make online payments anonymously?

Is there a service/company which allows you to make anonymous payments online ? This is how i want the service to work - Just like a credit/debit card. When you make the payment online, instead of entering your real name and real address, you enter…
FirstName LastName
  • 1,489
  • 4
  • 19
  • 28
8
votes
1 answer

Why is it hard to prevent scalpers from using bots to buy up lots of concert tickets?

The New York Times recently has an article that talks about how scalpers are using bots to programmatically buy up lots of concert tickets, making it harder for ordinary fans to buy up tickets. For instance, it says that they may buy up more than…
D.W.
  • 98,420
  • 30
  • 267
  • 572
7
votes
4 answers

What are the security implications of the POLi Internet Payments technique?

POLi Payments is an Australian based online payment provider which has begun trading in New Zealand. They are supported as a payment option on some large eCommerce websites in New Zealand, including Air New Zealand, JetStar and The Warehouse. It…
Adam
  • 191
  • 1
  • 4
7
votes
3 answers

Why would some web applications disable Numpad input?

Some web applications (One popular example is Skrill) don't allow input from Numpad for number . I've seen some local websites here also follow the same procedure. The thing is, all of them are related to e-commerce somehow, the things which…
Eekan
  • 79
  • 1
6
votes
2 answers

Any way to prove that two devices are in the same physical space, for authentication?

I need to come up with digital proof that two physical devices are in the same (approximate) location whenever that transaction occurs. This could be: A digital ID and the authenticator A consumer and a merchant A digital key for a door, and a…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
6
votes
2 answers

Supporting TLS v1.0 while remaining PCI compliant

We have a significant portion of sales still coming in from users using browsers that do not yet support TLS 1.1+. We also have demands from our payment processors to stop supporting TLS 1.0 for PCI compliance. My question is this: Is it considered…
jimmy0x52
  • 161
  • 1
5
votes
5 answers

Home Banking, antivirus safe environments OR Linux on virtual machines?

Which is the safest way to do home banking, given that I do use Windows on a tablet, I do connect to both private and public networks and I cannot use a Linux live distro right now? I've been thinking about these methods so far: using a safe…
franz1
  • 481
  • 1
  • 6
  • 13
4
votes
2 answers

How to select secret identifier?

For an ecommerce website I need to create an identifier, that will represent the user's order. It can't be order's ID in database as it's assigned in predicateble manner. So it needs to be some pseudorandom string (ideally a-zA-Z0-9), that will…
Tomáš Fejfar
  • 289
  • 2
  • 8
4
votes
1 answer

Prevent automated account creation without using CAPTCHA

I had a scenario, where someone created thousands of user accounts in a shop system, which flooded the DB. Different usernames/emails were used and each creation came from a different IP address. How can someone prevent / avoid such an "attack"? Is…
xhallix
  • 141
  • 3
4
votes
0 answers

Security Implications of a Single Page E-Commerce Application

I'm asking here because there seem to be zero resources online about this kind of thing. I've built an single page e-commerce website that uses Stripe, Laravel, VueJS, Vue Router and Vuex. Everything works perfectly. This is the checkout process for…
user373688
  • 41
  • 1
3
votes
2 answers

Are there any ways to defraud a fundraising site?

I have developed a many e-commerce stores for clients over the years; almost all of them selling physical products. Recently, one client in particular was repeatedly getting hit with fraudulent chargebacks where someone would purchase an Acme Widget…
indextwo
  • 155
  • 5
1
2 3 4