There's no doubt that the online retail market is booming, with worldwide eCommerce sales predicted to reach $4.5 trillion by 2021. However, this success often attracts unwanted attention, and cyber-criminals have an ever-more sophisticated arsenal of methods to exploit gaps in online store security.
The key security threats to e-businesses
Online retailers use a wealth of innovative new technology to give their business a boost. Think machine learning technology that improves conversion rates, or site-search analytics that provide deep insight into shopper behaviour.
However, as online stores become more advanced, it's important to keep up with the significant security risks that come with it. In this blog we'll explore the different types of threats in eCommerce that you should be aware of, and the best methods to avoid them in 2020.
1. Distributed Denial of Service (DDoS) Attacks
A DDoS attack involves your website’s servers being flooded with requests from potentially thousands of untraceable IP addresses. Often driven by the manipulation of IoT devices, today's more sophisticated attacks can cause your entire site to go offline, leaving it wide open to more vicious attacks, such as a malware infection.
The frequency of these security threats to e-businesses is on the rise, particularly during peak sales periods. For example on Cyber Monday 2018, eCommerce sites experienced a 109% increase in DDoS attacks compared to the rest of November.
This security threat can cost your business thousands in lost revenue and mitigation (<£35,000 per attack, in some cases). However, the costliest damage done by DDoS attacks is often reputational – losing your customers' trust and confidence. That is, according to 78% of security professionals in a survey by Corero Network Security.
With 69% of security professionals reporting they experience, on average, one DDoS attack a day, it’s clear that eCommerce sites should take every precaution to
2. Credit card fraud
The old classic, credit card fraud, remains the most common security threat facing eCommerce sites, in part due to the fact it's so difficult to trace. Detecting that a fraudulent transaction has taken place is a crucial first step, but it isn't easy, especially if your site processes hundreds of transactions a day. Here are a few tell-tale signs to help you spot an instance of credit card fraud:
- An order that’s set to ship to an address other than the billing address
- A sale of a much higher value than you're used to receiving
- A successful order preceded by multiple unsuccessful ones
- A customer’s IP address is not in the same location as the billing information on the order
It’s important to try and verify these kinds of
This all adds up to a considerable sum of money. And this is before you consider the damage this will do to your company's reputation. Staying vigilant against card fraud is essential to protecting your business and maintaining great eCommerce customer experience.
Malware is any piece of software that’s been designed by cyber-criminals with the intention of gaining access, or causing damage, to a computer network. Inserted into web pages through techniques like SQL injection, malware files can allow hackers to:
- Fake (spoof) their identity
- Take control of your computers and networks
- Tamper with your databases
- Send malicious emails on your behalf
- Gain complete access to all the data on your system
Because malware strategies are constantly evolving, so too must your anti-virus protocols. To protect your site against security threats to your e-business, consider installing a firewall to monitor activity and store as little sensitive information on your site as possible.
4. Bad bots
On the internet, there are good bots and bad bots. Bots are essentially automated programs designed to perform a specific task on the web. Good bots are
However, there are bad bots designed to cause your business harm. In the past year they've developed to mimick real human workflows across web applications to “behave” like real users. And, during 2018, they accounted for over a fifth of all e-commerce traffic. Bad bots can be a security threat to your e-business in several ways, including:
Credit card fraud
Bots can be programmed to test stolen credit card numbers and figure out CVVs, repeatedly, until they’re successful. Once the hacker has this information, they’ll be able to buy whatever they like in someone else’s name.
The theft and selling on of login details is a major industry in the darker corners of the web. Once a hacker has these credentials, they can send out bots to try username and password combinations on many different retail sites until they’re successful. Once in, the hacker has free-rein to place orders, steal card details, and more.
Price scraping bots can be sent by competitors to monitor your pricing, pricing strategy, inventory levels, marketing plans, and more, allowing them to undercut your prices or outrank you in search engine results.
How to Tackle Bad Bots
Thankfully, there are a few things you can do to reduce bad bot activity. Firstly, your site should feature CAPTCHAs. Completely Automated Turing test to tell Computer and Humans Apart (CAPTCHAs) can stop bots from registering fake accounts and gaining access to other users' sensitive data. They can be slightly annoying for your returning customers, but CAPTCHAs are well worth implementing as a first step towards battling bad bots.
You should also block all traffic from data centres that are infamous for high levels of bad bot activity. Remember: genuine users don't access your e-business via data centres, so blocking them from your site can be a quick win.
E-skimming refers to hacker methods of stealing personal data, such as credit card information, from payment card processes pages on eCommerce sites. It's a significant security risk in eCommerce, as shoppers can be misguided by misleading external links and portals to payment pages. Or, cyber-criminals gain access to your site via a third-party, a successful phishing attempt, or cross-site scripting.
These methods allow hackers to capture shopper payment information in real-time, as soon as the customer accesses the payment page. To avoid this, ensure your website is secure, remind customers to never enter their details on unverified websites, and prompt them to check whether a payment page is genuine.
The current security risks in eCommerce
The first step to thwarting hackers is understanding their most common modes of operation. Once you know the different types of threats in eCommerce, you can take the necessary steps to protect against attacks and mitigate any damage done.
Do the right thing – for your business and your customers: take precautions to ensure your eCommerce site is well defended against cyber-criminals, so your shoppers get a frictionless shopping experience. To learn more about designing an eCommerce website with great user experience, read our free guide.