Twitter hack to hinder e-commerce service uptake

Users may refrain from linking their Twitter accounts with American Express details following the successful hack on the microblogging site, but the payment provider's security efforts may help assuage some consumers' concerns.
Written by Ellyne Phneah, Contributor

The recent hack on Twitter which affected 250,000 users will have left subscribers uneasy over linking their microblogging accounts to their American Express credit card accounts to conduct e-commerce activities.

The saving grace would be American Express' efforts in beefing up its online transaction security these past years, which should convince some users that the e-commerce tie-up between the two companies remains a viable service.

Users who are interested in promotion products can send out a tweet with a specific hashtag. American Express will send an @-reply for confirmation, and buyers have 15 minutes to ratify the purchase. (Source: YouTube)

Last Monday, Twitter announced its e-commerce partnership with American Express. Credit card holders who link their bank accounts with their Twitter handles will be able to trigger a purchase of products such as jewelry or gift cards by posting a tweet.

Twitter was the victim of a successful breach on its systemsearlier this month, however. It said: "[Our] investigation has thus far indicated that the attackers may have had access to limited user information--user names, e-mail addresses, session tokens and encrypted/salted versions of passwords--for approximately 250,000 users."

Commenting on these developments, Jonathan Andresen, director of product marketing at Blue Coat Asia-Pacific, said the hacking attack on the microblog site may affect the confidence of potential users of the e-commerce service.

He said it is very important for companies to protect their sites from online attacks as frequent breaches may damage a company's brand. "This is similar to every other online service such as banking. If they do not ensure it is secure, people will have no confidence to use it," Andresen noted.

Eric Chiu, president and founder of HyTrust, agreed. He said: "It's one thing to have someone use your credentials to hijack your Twitter account. It is an entirely different thing if they can charge purchases to your credit card."

Twitter user Jacky Chua told ZDNet Asia she would be "worried" about signing up for the Twitter-American Express service following news of the successful attack on the social media platform.

"I'm not sure if I'm willing to put my credit card information there," Chua said.

Another subscriber, Melvin Lum, said he was planning to limit his usage of Twitter to "prevent more information from getting stolen. "I'm already tweeting less and may close my account in the near future. I'm not even thinking of putting my credit card information there," he added.

American Express to save the day
However, Kendrick Sands, consumer finance company analyst at Euromonitor, disagreed. He said one of American Express' distinguishing factors is its customer service and responsiveness is reimbursing companies for fraudulent charges. For this reason, customers of the payment service provider are less likely to be worried about the service partnership with Twitter, he said.

Furthermore, American Express has invested millions in its online processing capabilities and security over the last few years, and will be prepared for the challenges--security or otherwise--presented by the increased online transactions, said Sands.

Nadia Mohammad, too, expressed confidence in the e-commerce partnership. The Twitter and American Express user said the online attack on Twitter would not deter her from signing up for the service because she "believed in American Express" and payment companies have stronger security measures than social networks to protect their customers.

"Twitter would've also stepped up measures to improve its security after the incident, so I don't see why I should be afraid," said Nadia.

Moving forward, both companies must increase their efforts to protect cardholder and credential information, Chiu stressed. Linking credit card information to a social media site will require the latter to put in place much higher levels of security than it does today, he added.

This will also improve user perception of the microblogging site and bring in more users to join the e-commerce partnership, Chiu explained, adding that Twitter will become an even greater target with the American Express partnership.

With millions of users to monitor, Twitter and American Express can also consider using a real-time Web security cloud service to ensure instantaneous feedback is available by analyzing Web content and blocking threats, Andresen advised.

Twitter and American Express did not respond in time to comment on their security efforts to safeguard customers' online transactions and personal information.

Editorial standards