The eBay security breach was the second largest in the history of U.S. which gives a sharp reminder about the vulnerability of these e-commerce websites. Information including passwords, e-mail addresses, phone numbers and customer names were compromised as a result of the cyber attack. According to the eBay officials, the exposed database contained customer information only and not any financial information.
The cyber attacks and online hacking continue unabated and it is not just about a particular site like eBay, there are often many other smaller e-commerce sites that are the victims. Those who are wondering how to protect their sites from such cyber attacks and security breaches, here are 5 security tips for e-commerce websites. These tips ensure that the websites and other confidential information of the customers are protected.
1) Holes in Your Website Need To Be Closed Down
The two most common vulnerabilities of e-commerce websites are SQL injection attacks and cross site scripting attacks. Many sites are vulnerable to these SQL injection attacks. Criminals try to extract information from these sites through web applications with SQL queries. Cross site scripting attacks or XSS occurs when the applications take untrusted data from users and send it to web browsers without validating the data properly or ensuring it isn’t malicious. XSS takes over user accounts, changes website content and even redirect visitors to malicious websites without them knowing about it.
2) Beware of Denial of Service Attacks
Criminals often use Denial of Service (DoS) attacks which mean flooding websites with traffic to make them offline. For any e-commerce site, a Distributed Denial of Service attack has a direct effect on the revenue. Attacks may either last for hours or days. The websites know their earning per minute or hour and the owners are asked to pay an amount to stop the DDoS attack. The e-commerce websites should have protection against the DDoS attacks. The protection enables to probe for vulnerabilities while dealing with a massive flow of traffic.
3) Enable Two-Factor Authentication for Admins
Stolen user credentials are a common cause of security breaches. EBay announced that cyber attackers compromised employee log-in credentials, thus allowing unauthorized access to eBay’s corporate network. The criminals use various unethical means such as social engineering and phishing to gain usernames and passwords. These are sensitive data and obtaining them must be prevented. To stop this problem, two-factor authentication can be used. This is usually a code that is generated through an app or received via text on the user’s phone. Criminals cannot steal the code as it lasts only for a minute or maybe two.
4) Vulnerability Scan for Your Website must be done regularly
Scanning the website regularly to check vulnerabilities or breaches is a good practice. The scanners detect SQL injection vulnerabilities. This information is used to assess the security of an e-commerce website and provides an insight for the engineers on how to improve security or get rid of vulnerabilities at the code level.
5) Remaining Careful Who Your Partners Are
According to various researches carried out by the Ponemon institute; hosters, call centres, payment processors and shredders i.e. the third party providers may have a great impact on the security breach scope. It is therefore important to ensure that the providers have some security acts together. In the world of e-commerce, it must be made sure that the providers are compliant with best security practices like the Payment Card Industry’s Data Security Standard (PCI-DSS). This certification is a security standard for organizations.