by | 25 Nov 2015

eCommerce: have you heard about this security checklist?

If you run a business online, you’ll know that eCommerce sites are a major target for hackers and fraudsters. Just think about the thousands of credit card details and other personal information a typical eCommerce site stores. That’s what makes these sites, big and small, so attractive to criminals. This checklist gather main security tips, while far from comprehensive, will outline the most commonly exploited vulnerabilities and the most effective way of safeguarding against them. Most of these are simple solutions anyone can implement and should be considering as part of a “basic” security check before opening any online retail environment.

1# Keep your plugins and platforms up to date

Because of its popularity and because of the high volume of use, there are a lot more hackers trying to find ways to break into WordPress websites than other CMS platforms. Simply because of the number of sites they can take advantage of once a back door is disclosed publicly. Keeping your site up to date isn’t just about updating WordPress itself. There are three aspects of keeping your WordPress installation up to date: WordPress itself, Plugins and Themes. Read this article to eradicate wordpress updates.

2# Use a secure connection for online checkout

There is a clear connection between consumers’ perceptions of security practices and commercial success. The HTTPS protocol is one of the keys to your eCommerce success, by encrypting data and by informing on your quality service. That is especially true for SMBs that do have not, therefore, a sufficient reputation to be recognized. Without HTTPS protocol, it is really easy to intercept communications to obtain confidential data: logins and passwords, credit card information, texts, images…. EVERYTHING! If one of your customer is consulting a page of your website, the hacker can intercept and use its credentials and sensitive information. Read more on how to use a secure connection for online checkout.

3# Require strong password

It is the responsibility of the eCommerce platform to keep the customer sensitive data safe on its backend. It is your role to help customers in this task by asking them a minimum number of characters, symbols and numbers in their passwords. Complex and longer logins will make the life of hackers harder to access your website from the frontend.

4# Don’t store sensitive data

It is simple: hackers and identity thieves cannot steal what you don’t have.  First advice is to not collect or save any private customer data through your e-commerce solution that is not essential to your business. The only sensitive data that you want to avoid handling is your customers’ credit card number and CVC; other than that, you’re welcome to store any other information on your local machines. If your store allowed customers’ payment information to fall into hackers’ hands , you might have to pay tens of thousands of dollars in fees, fines, and damages. More information on how to reduce sensitive data and on data minimization.

5# Set up system alerts for suspicious activity

Set an alert in real-time to notice suspicious and fraud transactions is a must that OZON can help you with. OZON has a real-time risk score calculation that is applied to every business transaction. With new generation technology, combining machine learning and big data, each customer has the benefit of an equivalent anti-fraud team, plus automation, full availability, device geolocation and device identity check. This technology is able to identify new fraud techniques in real time with a success rate of about 80%. To evaluate each business transaction risk level, a simple call line to the OZON API must be integrated into your eCommerce site. No SDK, library or software to be installed.

6# Layer your security to stop hackers

One of the best ways to protect your ecommerce business from cybercriminals is to layer your security. To stop the hackers before they can gain access to your sensitive information is a crucial aspect. Above all when you have search queries, contact forms and login boxes that can be exploited by SQL injection or cross-site scripting attacks (XSS). With OZON, attempted and sophisticated attacks are detected and blocked in real time without impacting your site’s performance or the customer experience.

7# Consider a fraud management service

According to the latest ThreatMetrix Cybercrime Report, fraud attacks on eCommerce sites rose 20% in 2015 Q2 to reach 36 million. The company looked at aggregated data from the more than 3 billion transactions that ran over its network. This report highlights how cybercrime and fraud attacks continue to plague financial institutions, payment processors and online retailers across all transaction types. With fraudsters becoming better funded and more sophisticated, businesses must adopt and deploy smarter technologies to combat them. Otherwise, they run the risk of losing the war against fraud and, more important, their customers’ trust and loyalty. Read more on how to arm your business to stop online fraud.

8# Monitor your site regularly

You certainly are monitoring your website with real-time analitycs tools such as Google Analytics or Xiti. But are you monitoring your web security? It is like having security cameras on your ecommerce. Our team of experts constantly monitors the emergence of new vulnerabilities and attacks so that the security of our solution can be adjusted immediately. OZON allows you to detect suspicious and fraudulent behaviors.

9# Patch your systems

With OZON, the application attack surface of your site is continually evaluated to automatically generate the associated protection rules. It can patch vulnerabilities on your favorite CMS (WordPress, Joomla, Magento, Prestasop) or plugins (WooCommerce). Do you know that more than 70% of cyber attacks exploit patchable vulnerabilities?

10# Back up your data continuously

As part of your disaster recovery plan, be sure back up your files and database on a regular basis in order to decrease the amount of damage that an attack can cause. Remember to always back it up on a different server than where your shop is hosted. Amazon’s S3 online storage service for its high level of security and the ease in which Magento syncs with it. For WordPress, there are a lot of plugins that do the work for you (DB Backup, BackUp Buddy).