e-shoplifters are hacking into online stores and altering prices

[March 6th 2001]

As if business already isn't difficult, online retailers now are being ripped off by electronic price tag alteration, according to an article in the March 5 issue of Interactive Week.

An estimated one-third of all shopping cart applications at Internet retailing sites have software holes that make them vulnerable to the price switching scam, Peggy Weigle, CEO of security software company Sanctum told the Internet's newspaper.

For example, a major PC manufacturer sells a sleek new laptop for $1,600, but the company's shopping cart software code can be manipulated to change the price to $1.60. "Thieves are coming in the front door," Weigle said.

The Interactive Week article, "Tag? You're Hit," describes the process: After choosing a product and receiving pricing information, a hacker can use a standard browser's "edit page" feature to show the hidden HTML code on the page. The thief then saves the page to his computer, alters the price information and then hits the "publish" key on the browser. In many cases, that page is then accepted by the shopping cart software -- and that $999 watch becomes a $3 special.

The problem isn't just in the U.S., notes Interactive Week Senior Writer Laura Lorek. An estimated 40 percent of all e-commerce sites in the U.K. are susceptible to the price changing glitch. Internet retailers in the U.K., such as concert ticket sales site Aloud.com, domain name retailer CheapNames.co.uk and Welsh Internet shop Wales Direct, have all been victims of the price-changing scam.

Gauging the scope of the problem is difficult because few Internet retailers will talk about the rip-offs or admit to being hacked. Overall, fraud is estimated to occur in 11 percent of all online transactions, Paul Fichtman, president and CEO of the Internet Fraud Council told Interactive Week.

Links
Interactive Week		http://www.interactive-week.com