Secure e-commerce. What threats are there for online stores and how to protect yourself from them?

Paulina Jóźwik

nline stores filled with consumer data are undoubtedly a tasty morsel for hackers. On the occasion of Safer Internet Day, which is celebrated on February 8, we asked Tomek - Strix e-commerce systems security specialist - about what threatens the industry from online criminals and how to take care of store security.

What are the most common attacks on e-commerce?

We can divide e-commerce attacks into two groups. The first one includes attacks against systems. In the second group we will find attacks against users, i.e. customers of online stores. E-commerce is not a particular category that is more vulnerable to attacks. But it is important to remember that one of the main motivations of cybercriminals is money, which makes e-commerce vulnerable to e.g. financial fraud, i.e. using stolen data to make in-store purchases. However, if we look at the statistics - according to OWASP ranking in 2021, the most popular category of attacks was the so-called broken access control, which is a situation when a user gets permission to use resources to which he should not have access.

What is this type of attack in practice?

Let's assume that as a customer of a store we have a gift card. After logging into our account we should see only our card and its current status. Breach of broken access control type causes that user A can view the content and data of user B's card. Not only does it lead to data leakage, but also the attacker gains the possibility to use the card and make purchases with it. Such an attack can be massive and cause large losses to the business.

What other attacks on systems can we distinguish?

An example of such attack is e.g. DDoS, or distributed denial-of-service attack. This attack consists in the fact, that to the given system will flow simultaneously a large number of requests from many IP addresses. In such a situation, the system either loads slowly or we lose all access to it, so the customers cannot buy in our store. Recently, attacks using malware, e.g. from the ransomware category, are also popular. Such software infects a particular system and encrypts files on it, blocking work. To get out of this situation, in case of bad preparation, sometimes you even have to pay a ransom.

A large group of attacks are attacks related to the use of so-called vulnerabilities.

These are attacks that exploit previously published vulnerabilities of a given system. The common cause in such cases is unfortunately human error or lack of awareness about threats, because malware is distributed via emails, where attackers place a link that redirects the victim further. Once clicked and infected, the malware can be spread to other computers on a given network. Often such an attack is precisely targeted, so the message does not go to the first better employee, but for example to the system administrator. Then, the effectiveness of such attack is much higher and it brings more serious consequences.

And what do attacks directly on shoppers consist in?

The most common malicious activity is phishing. It is a situation when store users receive emails or text messages with a message about the need to pay an additional fee for an order. In such messages, there are links that redirect customers to a system that deceptively resembles a payment gateway in the store. The main goal of the attackers is to obtain bank details. A moment of inattention leads to the account owner losing a certain amount of money, and sometimes their entire life savings.

How can store owners take care of the security of their systems?

The basic thing is to keep the system and all the applications that are part of it updated, and to use antivirus and firewall software that sifts out attack attempts. The second important thing is to educate employees about security. I mean all employees, including developers. Developers should consider security issues while coding and perform code scans for vulnerabilities. The third issue is regular testing. As long as we do not know that our e-commerce system is vulnerable, we think that we are not in danger. However, only regular tests allow to determine the level of security of the e-commerce system.

At Strix you are responsible for conducting tests for our customers. What is your job in terms of e-commerce security?

Security in IT can be divided into two fronts - blue and red. As you can guess, red stands for attack and blue for protection and monitoring. In my work I think like a hacker, I try to break business logic, gaps in functionality, but let's make it clear - I work for the benefit of the projects I deal with. On a daily basis I look for system vulnerabilities, that is weaknesses that could be used against a given company. I prepare scenarios and recommendations on how to solve such vulnerabilities. On a daily basis I also follow the guidelines of OWASP organization which creates standards for web application security.

And what are your daily ways to stay safe while shopping online?

The first thing I always check is the encryption of the site. I look to see if a padlock is visible next to the website address. Right now it's not hard to have SSL, but if a site doesn't have encrypted protocols, I definitely won't buy anything there. I also won't buy where there are some payment systems I don't know about. Apart from that, I do what every shopper should do - I read reviews of other users who have previously gone through the path of purchase in a given place and check whether they encountered any threats.

Similar posts

see all

The 2nd edition of Shopware United Days PL is coming!

Come to Krakow on June 13 for the 2nd edition of Shopware United Days PL organized by Strix. During the conference, we will tell you how to use the power of Shopware in the B2B sector and expand the global potential of your business.

Social commerce - how to do it right? 

Social commerce, or selling products through social media, is a trend that cannot be underestimated. How to prepare for selling via social media and why is it worth it?

How do we approach to design on the Commerce UX Design team at Strix?

Over the years we have developed our own approach to UX design, in which we try to combine what is most important in e-commerce websites - attractive design and an unique shopping experience for customers. What is our approach?

Want to conquer foreign markets? See how Shopware can help you

Cross-border selling is currently one of the most important developments in e-commerce. How to prepare for international sales and why choosing the right e-commerce platform is the key to success?

Celebrating Strixers' long working life

Did you know that we have people in our company who have been with us for 5 or even 10 years? We are glad to have onboard a group of people who have decided to stay with us for many years.

Let's work together

If you want to move your sales to the online world, are looking for new ideas for strategy or innovative e-commerce technologies - write to us! We will be happy to talk about the best solutions for your business.