Online stores do not do enough to prevent internet fraud. It says various cyber experts to BNR. Fraud Helpdesk sees that the amount that internet criminals have stolen by hacking accounts has almost doubled last year compared to the year before. Therefore, according to experts, online stores should be required or encouraged to offer two-step verification to consumers.
Fraud Helpdesk also encourages the use of 2-step verification (2FA). This means that the customer is sent a code to a trusted device when logging in, often their own mobile device. Hackers will then no longer only use the username and password to access someone’s account, making fraud much more difficult.
‘Self-interest in security’
Of the nine largest webshops in the Netherlands, only four offer this extra security. These are Bol.com, Albert Heijn, Amazon and Picnic. De Bijenkorf, Zalando, Coolblue, Jumbo and Wehkamp do not yet give their customers this option.
“By not having this as an option, these companies put their own interests above customer safety,” says privacy expert Brenno de Winter. ‘As a company, you now place the security of personal data with the users, with people who are not at all handy with it. And that while the consequences of the leak can be significant. 2FA is easy to implement and works very well. It is gradually time for it to be made mandatory. “
According to experts, companies are afraid that making 2FA mandatory will make customers drop out. It would diminish the usability of a service because the customer would find it cumbersome. “One factor in this is that many people do not know what it means and why it is important,” adds cybersecurity expert Eward Driehuis. But De Winter now sees that online stores do not even offer the option. Incomprehensible, he thinks. This while the accounts that consumers have with the online stores contain financial and personal data.
Former Member of Parliament and IT entrepreneur Kees Verhoeven sees a role for the government here, but not for him in a convincing way. “The government needs to work with big companies and encourage this. Initially, not all customers will use this 2-step verification, but at some point, more and more people will agree to it. Especially when it is clear that you are protecting your own data so much better. ‘ Several other experts who spoke with BNR also suggested that the use of 2FA should be encouraged.
Verhoeven adds that it is an additional barrier for hackers to need someone’s phone. ‘The chance that someone has your passwords and phone is very small. So it already reduces the number of fraud cases significantly. ‘
According to Verhoeven, having a strong password is not always enough. In the event of a data leak, they could end up in the public eye. Then they can be purchased and hackers try to log in with your data until they get into your account.
Misuse of data for online fraud
The personal data that they receive after logging in can then, for example, be misused phishingand other forms of online fraud, warns Berend Jan Beugel of the Dutch Payment Association.
Dave Maasland, cyber security expert, calls 2FA the ‘digital seat belt’ for that reason. Maasland also believes that it should be mandatory to offer the option just like the seat belt. ‘If it gets widespread, it will get consumers used to signing up for 2FA.’
De Winter adds that this will have a normative effect. ‘Big companies are now holding each other in an uncertain stranglehold. But if the big companies start to secure extra login security, small companies will follow suit. ‘