Cybersecurity Expert Pegs AI as Online Shopping’s Biggest Threat

Artificial intelligence is everywhere and is gathering a growing list of consumer concerns about its security and potential for skewed uses.

This fearmongering is at an all-time high. Knowing the public’s concerns around AI has made it easy for bad actors to cater their attacks to the specific habits of online shoppers.

According to Kumar Dasani, CISO at Digital River, uncertainty tends to drive fear. In this case, AI’s seemingly boundless potential has spurred concern. The pace of its evolution has suggested capabilities that may be difficult to fathom for some, but it’s also important to stay rooted in reality.

Dasani advocates best practices to stay ahead of online shopping threats as businesses implement new technological advances. He sees this approach as necessary, given that many people are unsettled by the fact that AI cannot be completely trusted.

Despite the benefits that AI offers to shoppers, such as convenience, personalization, and instant purchasing, research shows that data security and privacy remain a top concern. He warned that hesitancy has only grown with the widespread adoption of AI, and digital fraudsters are leveraging these fears to their advantage.

“Knowing that the public is having difficulty keeping up with the rapid transformation and uses of AI, evasion of detection has never been easier,” Dasani told the E-Commerce Times.

Shopper Awareness Critical Tool Against Attack Scenarios

Online shoppers can no longer be ignorant of the dangerous threats of fraud and account theft that the illicit use of AI poses, according to Dasani.

Automated scams — such as sending out mass emails or texts — can easily trick people into giving out sensitive information. AI can also generate misleading information.

“If shoppers are not eager to understand the ins and outs of AI, there is a higher chance they will fall into the malicious hands of online thieves. Everyone should engage and experience the AI tools at some level to gain basic understanding,” he urged.

One of the bigger fallacies today is that AI can bolster improved security; that, in essence, AI may become a powerful countermeasure in preventing other AI-powered threats, such as deepfakes.

Realities of AI in Cybersecurity

Maybe yes, and maybe no. But probably not anytime soon. Building effective AI-generated digital defenses is still in the early stages of generative AI’s big-picture development.

“It’s difficult to say just how effective it will be in spotting deepfakes and other advanced threats. Can you really trust AI to detect AI? It’s reasonable to believe that models can be trained to spot manipulated images, videos, or other AI-generated threats,” offered Dasani.

However, the likely reality is that there will always be a human element to threat mitigation, he countered. He has seen AI prove fallible in many instances, and keeping human intuition in the mix to fact-check AI and vice versa will prove most effective.

“But I think the opportunity is there for sure, and AI needs to be leveraged where it makes sense and can be trusted and understood from a capability perspective to solve a known problem,” Dasani said.

Take Layered Action Now While the Wait Continues

E-commerce merchants and shoppers alike should adopt a layered approach to online security. Dasani preaches that security is “everybody’s responsibility,” and it is up to sellers to protect consumers and vice versa. Not getting scared by AI’s big reputation and falling for seemingly sophisticated threats like deepfakes is a great first step in strengthening cyber defenses.

“It’s entirely possible that worst-case scenarios never materialize. On a practical level, security teams need to be cognizant of these possibilities and continue strengthening their defenses while understanding and limiting the attack surface,” Dasani advised.

They also have to be very careful not to rely on AI all the time. The information it presents may not be accurate and could be based on biased data.

Simple measures like two-step verification for customer accounts can be incredibly useful in providing shoppers with an extra layer of protection. This layered approach also needs to be holistic, Dasani added.

Actions Differ for Merchants and Shoppers

While merchants are responsible for providing secure shopping carts and reliable safeguards, consumers must use them properly. An outsized share of that accountability falls on the vendor side.

For vendors, it is their first line of defense. The actions must constantly adapt to give customers the tools and education to stay secure.

In other words, merchants must proactively counter emerging threats with appropriate technology. Customers need to be reactive. For them, it means listening to direction from merchants on proper protocols, Dasani said.

“The key on the vendor side is defense and depth. This includes strong authentication and authorization practices, data privacy, secure encrypted connections, secure shopping cart, limited data retention, and data loss prevention capabilities,” he offered.

For shoppers, layered security is about attentiveness. They can easily do a few simple things to thwart bad actors and protect personal information:

• Use unique passwords and unique user IDs
• Use reputable password managers
• Change passwords regularly and take advantage of multi-factor authentication capabilities

“Shoppers should set up different accounts for different purposes. For example, a Gmail account for financial transactions and Hotmail for shopping sites, or something similar,” he added.

Best Practices Maybe Better Than New Regulations

Regulation is often difficult to predict, noted Dasani. Security will be a focus area as governments move closer toward defining AI guardrails.

“A globalized world brings significant complexity. In an e-commerce context, each new market that a brand sells in introduces new considerations. This makes regulation not only beneficial but necessary in a security context as brands look to protect and capitalize on growth opportunities while still protecting themselves and their customers,” he observed.

However, regulation and compliance do not always equal security. Therefore, merchants and sellers need to ensure robust security measures and security/privacy by designing concepts and baking them into their products and applications as a foundational step, he urged.

A strong foundation will be the best defense against emerging risks. Instilling the right approach to threat intelligence promotes proactive monitoring and alerting on the merchant side, as well as deploying solid incident response strategies. For consumers, a different kind of awareness and education is vital as bad actors more elaborately disguise threats.

“AI lowers the barriers to more elaborate phishing or brand imitation schemes, and customers need to recognize subtle warning signs or red flags as they navigate the e-commerce landscape. No matter how important a text message, email, or phone call may be, always verify directly with the source yourself to get assurance on the validity of the issue,” concluded Dasani.