Coming into December, many ecommerce websites will begin to see a boom in sales thanks to Christmas shopping. The Christmas season is a great time for many companies to increase their online revenue and reputation. However, this can also become to the time where hackers can execute credit card fraud schemes on unsuspecting ecommerce shoppers – something that has increased drastically over the years. As a website owner, attacks carried out by hackers cannot be ignored. The consequences of which can lead to your website being blacklisted from Google and your company facing PCI compliance violations. Not to mention, there will be a lot of distrust and a loss of revenue from returning customers. This is why it is important to understand the risks for ecommerce websites over the holiday season as we explore three different malware that can infect your website: credit card swipers, malicious payment gateway and malware downloads.
Credit Card Swipers
Credit card swipers happen when malware is injected into the checkout process, which leads to credit card information being stolen and sent to the attackers. Credit card swipers are injected when hackers exploit vulnerabilities in a website. The initial injection of credit card swipers often happens well before the attack is carried out, where it simply lies dormant on the website for months. When the timing is right, such as around Christmas, the hackers carry out the campaign to steal credit card and personal information from the ecommerce website. This stolen information can then be retrieved by the hackers to use for their own malicious purposes.
Malicious Payment Gateways
If you use a trusted, external payment gateway, such as PayPal, then you’re still at risk from attacks. Hackers can exploit these by either redirecting the payment gateway or by creating an identical fake copy of the checkout page through a phishing scheme. In both scenarios, credit card information is being rerouted straight to the attackers during the payment process and you may not notice until it is too late. And, unfortunately, whilst sensitive and personal information is being stolen from your customers, the website owners are losing sales. This is why it is so important for ecommerce websites to setup a firewall that prevent these types of attacks, as suggested as the first requirement for the PCI compliance.
Malware downloads are not specific to ecommerce websites, but they can be just as devastating to your business all the same. If a vulnerable ecommerce website is hacked, then attackers can inject malicious scripts that are designed to download malware onto the visitor’s computers. If you website is discovered to contain malware, either from being reported by visitors or from antivirus companies that are able to detect these malicious scripts, then this will likely lead to your ecommerce business being blacklisted by Google. When this happens, you may miss out on online sales throughout the entire holiday season.
Though the prospect of being hacked during the holidays is unnerving, there is plenty that you can do to minimize the chances of your ecommerce website being attacked. First and foremost, ensure your CMS is updated to the current version and ensure that all passwords across all your accounts are strong. You may also want to consider a secure payment gateway for processing transactions and having a good website application firewall (WAF) that are built to protect against hackers. Be sure to also monitor your access logs for any suspicious activity and consider an integrity monitoring system that will alert you of any unauthorized changes on your website. And of course, an SSL certificate will protect your transactions by encrypting traffic and protecting your visitor’s personal information.