There's no doubt that the online retail market is booming, with worldwide e-commerce sales predicted to reach $4.5 trillion by 2021. However, this success often attracts unwanted attention, and cyber-criminals have an ever-more sophisticated arsenal of methods to exploit gaps in online store security.
But what are the biggest threats to the security of your e-commerce site in 2019?
Distributed Denial of Service (DDoS) Attacks
A DDoS attack involves your website’s servers being flooded with requests from potentially thousands of untraceable IP addresses. Often driven by the manipulation of IoT devices, today's more sophisticated attacks can cause your entire site to go offline, leaving it wide open to more vicious attacks like a malware infection.
The frequency of these kinds of attacks is on the rise, particularly during peak sales periods. On Cyber Monday last year, for example, e-commerce sites experienced a 109% increase in DDoS attacks compared to the rest of November.
This threat can cost your business thousands in lost revenue and mitigation (<£35,000 per attack, in some cases). However, the costliest damage done by DDoS attacks is often reputational – losing your customers' trust and confidence. That is, according to 78% of security professionals in a recent survey by Corero Network Security.
With 69% of security professionals reporting they experience, on average, one DDoS attack a day, it’s clear that e-commerce sites should take every precaution to
Credit Card Fraud
The old classic, credit card fraud, remains the most common security threat facing e-commerce sites, thanks, in part, to the fact it's so difficult to trace. Detecting that a fraudulent transaction has taken place is a crucial first step, but it isn't easy, especially if your site processes hundreds of transactions a day. Here are a few tell-tale signs to help you spot an instance of credit card fraud:
- An order that’s set to ship to an address other than the billing address
- An order of a much higher value than you're used to receiving
- A successful order preceded by multiple unsuccessful orders
- A customer’s IP address is not in the same location as the billing information on the order
It’s important to try and verify these kinds of
Malware is any piece of software that’s been designed by cyber-criminals with the intention of gaining access, or causing damage, to a computer network. Inserted into web pages through techniques like SQL injection, malware files can allow hackers to:
- Fake (spoof) their identity
- Take control of your computers and networks
- Tamper with your databases
- Send malicious emails on your behalf
- Gain complete access to all the data on your system
Because malware strategies are constantly evolving, so too must your anti-virus protocols. To protect your site against malware, consider installing a firewall to monitor activity and store as little sensitive information on your site as possible.
On the internet, there are good bots and bad bots. Bots are essentially automated programs designed to perform a specific task on the web. Good bots are
But bad bots are out to cause your business harm, and they accounted for over a fifth of all e-commerce traffic in 2018. Bad bots can attack e-stores in several ways, including:
Credit card fraud
Bots can be programmed to test stolen credit card numbers and figure out CVVs, repeatedly, until they’re successful. Once the hacker has this information, they’ll be able to buy whatever they like in someone else’s name.
The theft and selling on of login details is a major industry in the darker corners of the web. Once a hacker has these credentials, they can send out bots to try username and password combinations on many different retail sites until they’re successful. Once in, the hacker has free-rein to place orders, steal card details, and more.
Price scraping bots can be sent by competitors to monitor your pricing, pricing strategy, inventory levels, marketing plans, and more, allowing them to undercut your prices or outrank you in search engine results.
How to Tackle Bad Bots
Thankfully, there are a few things you can do to reduce bad bot activity. Firstly, your site should feature CAPTCHAs. Completely Automated Turing test to tell Computer and Humans Apart (CAPTCHAs) can stop bots from registering fake accounts and gaining access to other users' sensitive data. They can be slightly annoying for your returning customers, but CAPTCHAs are well worth implementing as a first step towards battling bad bots.
You should also block all traffic from data centres that are infamous for high levels of bad bot activity. Remember: genuine users don't access your e-store via data centres, so blocking them from your site can be a quick win.
The first step to thwarting hackers is understanding their most common modes of operation. Once you know what you're up against you can take the necessary steps to protect against their attacks and mitigate any damage done.
Do the right thing – for your business and your customers: take precautions to ensure your e-commerce site is well defended against cyber-criminals.