Feeds

Glitch allows online shoppers to rip-off retailers

Right click and change the price

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

A glitch in many systems for order fulfilment on the Web has been reported which allows the fraudulent to create their own online prices for goods.

The loophole in many ecommerce Web sites was discovered by ebusiness services company Alphakinetic.net during the course of developing ecommerce Web sites for its clients.

Alphakinetic founder Sam Chowdhury estimated that between 10 to 20 per cent of sites were vulnerable to the issue, which involves how payment information is passed between a merchant's site and a secure payment gateway.

The root cause of the problem is that when an Internet shopper passes through a checkout on a merchant's site, a click on the right mouse button might allow a shopper to edit the contents of the page - including the price of goods paid for.

Mark Rowlands, chief technical officer of Alphakinetic, said the problem was not with shopping basket software itself but rather with the lack of checks between a merchant site and a payment site that data had not been altered.

He added that the vulnerability was easy to exploit.

A story in today's Telegraph identifies a number of smaller Web sites that were vulnerable to the breach. These included Aloud.com, CheapNames.co.uk, and Welsh internet shop Wales Direct. ®

External links

Security hole threatens UK etailers
Alphakinetic's take on the problem

Related Stories

Travelocity drops customers' pants in public
Egghead doubts hackers got the goods

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Bose says today IS F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.