Consumers have been warned about identity theft and fraud today in the run-up to Christmas after a study found that online payment security is not fully enforced on 65 per cent of Irish websites.
According to a study done by Deloitte Enterprise Risk Services, which analysed over 100 Irish based e-commerce websites, "a significant proportion of websites" are not compliant with the payment card industry security standards.
Moreover, 53 per cent of companies supported weak or legacy encryption, with 2 per cent of sites not encrypting cardholder data entry sessions at all. This means that the information that visitors to the site submit such as name, address and credit card details can potentially be compromised and accessed by fraudsters.
The study also found that 7 per cent of Irish-based websites did not require a CVV2 number - the three digit code on the back of credit cards that can also reduce the risk of fraud.
Three per cent of websites also had expired SSL certificates, which are used to verify that the website being interacted with is who it claims to be.
"The results of the survey show that many websites do not have adequate levels of security for processing online transactions, which many consumers carry out on a very regular basis," said Colm McDonnell, partner, Enterprise Risk Services, Deloitte.
"Identity theft and credit card fraud is a growing problem here in Ireland, and inadequate levels of security must be addressed by merchants as a matter of priority."
The payment card industry security standards were created by the major credit card firms including Visa, MasterCard, American Express, Diner's Club, Discover and JCB.
They cover a range of areas including maintaining a secure network, protecting cardholder data, implementing access control measures and maintaining an information security policy, among others.