"Today’s media is full of statistics and stories detailing how the Internet has become an increasingly dangerous place for all concerned. Figures of tens of millions and hundreds of millions of bot-infected computers are regularly discussed, along with approximations that between one-quarter and one-third of all home computer systems are already infected with some form of malware. With a conservative estimate of 1.4 billion computers browsing the Internet on a daily basis (mid-2008 figures), that could equate to upwards of 420 million computers that can’t be trusted – and the numbers could be higher as criminals increasingly target Web browser technologies with malicious Web content – infecting hundreds of millions more along the way.
Despite these kinds of warnings and their backing statistics, online businesses have yet to fully grasp the significance of the threat. Most of the advice about dealing with the problem has focused on attempting to correct the client-side infection and yet, despite the education campaigns and ubiquity of desktop anti-virus solutions, the number of infected computers has continued to rise. The problem facing online businesses going forward is, if upwards of one-third of their customers are likely to be using computers infected with malware to conduct business transactions with them, how should they continue to do business with an infected customer base?
This paper discusses many of the best practices businesses can adopt for their Web application design and back-office support processes in order to minimize this growing threat, along with helping to reduce several of the risks posed with continuing to do business customers likely to be operating infected computers."