Every day, millions of ecommerce transactions take place worldwide – and purchasing goods online is only increasing in popularity.
In 2015, the number of transactions is forecasted to be 38.5 billion globally, up 51 percent from 25.4 billion in 2012.
At the same time, retail websites are a prime target for hackers, fraud, and other security risks. Ecommerce sites are a favored target for hackers because they can yield valuable information, including credit card numbers and other personal details.
News of large data breaches at big corporations have become commonplace (i.e. Target, Neiman Marcus, eBay), but it’s not just big companies that are targets and victims. Ecommerce sites of any size are vulnerable to hackers, fraud, and other types of cyber attacks. In fact, smaller companies may be more vulnerable because limited resources are often diverted elsewhere or the right cyber security expertise is not in place.
Yet, proper security for an ecommerce site is a priority in today’s digital world. There’s great risk in not investing in a secure site. A cyber attack can mean loss of revenue, degradation of brand reputation and consumer trust.
Let’s take a look at five ways ecommerce sites can and should be safeguarding their website.
These days it takes a leap of faith for consumers to enter those credit card numbers onto an ecommerce website. Every time they do, they are entrusting your business to keep their sensitive information safe.
The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements for all companies that handle credit card transactions. From strong authentication protocols to encryption of sensitive data during transit over the internet, PCI DSS compliance protects both companies and consumers. Other guidelines include not storing credit card information in databases any longer than needed for a particular transaction.
Keep in mind, even when third-party service providers are used to process online transactions, the merchant is still responsible to ensure secure transactions. Retailers should monitor their systems from end-to-end to ensure compliance.
Most ecommerce sites utilize some type of web application – shopping carts, content management systems, and other SaaS solutions – and traditional network firewalls can’t properly filter and inspect application layer (Layer 7) traffic. The solution is a web application firewall (WAF) that analyzes and applies a set of rules specific to application layer interactions.
WAFs specifically look at the behavioral traits of traffic, identify any unusual patterns and prevent potentially malicious traffic from getting through. SQL injection, cross-site scripting, session hijacking, parameter or URL tampering are some of the web application threats a properly configured WAF can detect and prevent. Web application firewalls are available as hardware, network or hosted solutions. There is WAF technology integrated with other services pertinent to ecommerce websites, such as a content delivery network or DDoS protection.
In a distributed denial-of-service (DDoS) attack, hackers gain access to multiple devices and use them to flood a target server, or other type of web infrastructure, with the goal of slowing website performance, or crashing the site completely.
A DDoS campaign can last on average 2-6 hours and cost a business thousands in lost revenue. Brand reputation and consumer trust are also at stake.
Consider a cloud-based DDoS protection solution. It provides proactive mitigation, as well as traffic isolation and absorption. Cloud-based DDoS protection has the network bandwidth to the handle large spikes in traffic that’s the trademark for DDoS attacks and offer 24/7 service and expertise.
A web hosting provider is the foundation of a successful retail site and its framework provides an essential component to site security. Make sure your hosting provider is as zealous about security as you are! A dedicated hosting environment that employs encryption, performs regular network monitoring (for malware, viruses, etc.) and has procedures in place in case of a data breach is a starting point.
One of the ways hackers gain access to a website is by trolling it with robots looking for known vulnerabilities, outdated web application software and exposing weak or default passwords. In this way, small and medium size ecommerce sites are more susceptible than larger enterprises. It’s the low-hanging fruit in a hacker’s world.
Close up this vulnerability by staying on top of updates and installing them as soon as possible. This goes for servers, third-party code (WordPress, Java, etc.) and web applications.
The landscape of cyber threats to ecommerce websites is constantly changing and adapting to new technologies and circumstances. It’s imperative to stay ahead – or at least abreast – with the latest security solutions. Security teams need to adopt a constant vigilant state of mind. This involves tasks like:
Each of these steps outlined will set you on the right path to a secure site. Ecommerce is an industry dependent on websites to make money, so creating and maintain a secure website is crucial to developing, maintaining and growing a customer base. Don’t neglect these necessary steps to safeguard your site.