loader image

E-commerce data breaches- Security
measures every e-commerce company should


E-commerce continues to grow globally at an impressive pace, with projections indicating e-commerce businesses acquiring a market share of 17.5% of global retail sales by 2021. However, as e-commerce businesses grow in magnitude; the threat posed to these businesses by cybercriminals seems much more alarming.

Cybercrime continues to wreak havoc in many ways to both individuals and businesses. Estimates suggest that cyber-criminals stole around $172 billion in 2017; if we keep going down on this path, the results could be dangerous for the economy, as well as shattering the trust people have in e-commerce. Furthermore, cyber criminals are seemingly getting increasingly sophisticated, as evidenced by their high-profile victims such as Target (2013) and Adidas (2018). Government action so far has not been particularly useful, partly due to the fact that many cybercriminals operate in developing countries such as India, China, and Brazil, where the government often struggle to enforce the law. Thus e-commerce businesses will have to take matters of cybersecurity in their own hands, to ensure their longevity and success.

Mentioned below are some ways e-commerce companies should take into consideration if they want their businesses to remain safe from prying eyes, and other vulnerabilities. These methods are especially critical if the e-commerce company is still in its early stages, and the business hasn’t taken off. However, for more established e-commerce sites, safety is more important than ever.

#1- Monitor the websites data centers:

Monitoring data centers can also provide an e-commerce website with valuable insights on the security of its network, and in some cases tracking the data centers through a third party agent like sagent.net or monnit.com  might actually give the e-commerce website foreknowledge of an impending cyber-attack or point out the weaknesses in the present network system of the e-commerce business.

E-commerce websites could also be a victim of ‘SQL injections’ if they have a web form or URL parameter that would allow outside users to supply information. If the website would leave the parameters too open, a cyber-criminal could easily insert code in them and consequently gain access to the website’s database and all the sensitive information that is embedded within it. To prevent this from happening the site would have to set up ‘parameterized queries.’ These ensure that the parameters are specific enough that no cyber-criminal can use them to gain entry to the website’s database.

Somewhat similar to SQL injections, cross-site scripting (XSS) is the other threat that e-commerce websites have to contend with. These attacks consist of cybercriminals using infected JavaScript code, which would, in turn, affect visitors to the site and could potentially rob them of their confidential data. The tool to prevent XSS attacks is Content Security Policy (CSP), which allows specifying to the browser which domains contain valid executable scripts, hence avoiding the browser paying any attention to a malicious script.

#2-Protecting sensitive information:

The credit card details of customers seem to be the main focus of many of cyber-attacks against online retailers, so perhaps e-commerce business should avoid keeping this type of data stored in their servers so that even in the event of a security breach, hackers would not get much. To ensure this system works, e-commerce websites could use the process of ‘tokenization.’ This process involves replacing customers with account information with ‘token’ IDs, which effectively eliminates the need for storing sensitive customer data.

Additionally, tokenization works excellent with other technologies and is perfectly compatible with most of the techniques utilized today. Tokenization works in tandem with ACH transfers, gift cards, NFC payments, as well as Apple Pay.

Tokenization allows e-commerce websites to safeguard their customers, regardless of how they choose to pay or receive money.

#3- Regularly modify your e-commerce site:

Cybercriminals obviously look for easy targets. An e-commerce business that does not keep its website regularly updated may become vulnerable to a cybercriminal. Therefore, an e-commerce website must periodically update its security patches and backend software.

For most business owners, the focal point of their hard work lies in creating and designing an e-commerce site that is both lucrative and has a user-friendly design, which garners the attention of any potential customers. Owing to this, most site owners neglect the importance of updating their websites.

However, frequently updating your site has a lot of perks, including getting the content of your site noticed more by Google, which helps you defeat competing sites. A regularly updated site also flocks customers to your online business, as updated content establishes you as a pioneer in your field.

#4- Provide auto-generated passwords:

Another simple step that many forget is passwords. Cybercriminals sometimes enter combinations of letters and words into a website in hopes of getting lucky. E-commerce websites can bypass this problem through the use of randomly generated passwords and also require customers to create strong passwords, ideally a combination of alphanumeric characters and symbols.

An auto-generated password allows the site owners to keep access to sensitive information limited, and in check, through intensive monitoring. Moreover, a customer could also customize the password generated, by requesting a certain number of characters, or a particular mix of letters and numbers, which helps users in remembering their passwords.

#5- Host a secure server:

The first and foremost bastion in cyber security for any website is a reliable hosting server. Many sites start with a shared hosting server, mainly due to their cheapness. However, as all resources related to the server, such as bandwidth, web space, databases, memory, are shared; these servers can be prone to all kinds of malicious cyber activity.  Therefore it makes sense for every e-commerce site to either use a Virtual Private Server (VPS) or a Dedicated Hosting Server despite the higher prices.

Converting the site from HTTP to HTTPS with the purchase of an SSL certificate can also significantly bolster the defenses of any e-commerce website, and aids the site by providing added security. By making a move, the e-commerce website would ensure that no third party would be able to intercept the two-way communication between the website and customer and hence would not be able to extract any sensitive customer data such as credit card details, addresses, etc. Furthermore, websites bearing the HTTPS certification have a boost in the search results, which in turn provides the e-commerce site with a broader and more diverse audience

So, what do you do from here?

If you’re an e-commerce site owner, and you’ve reached the end of this article, hopefully, you’ve gotten some proper insight into the vulnerabilities present in the e-commerce realms and how to secure your website from them.

With that being said, incorporating the elements of safety mentioned above can be lucrative for your business, and will prove to be efficient in establishing your site as a solid contender in your field of business.


by Ashley Rosa

Authors Bio:

Ashley Rosa is a freelance write and blogger. As writing is a passion that why she love to write articles related to the latest trends in technology and sometimes on health-tech as well. She is craxy about chocolates. You can find her at twitter: @ashrosa2


For more information you can visit vpnMentor