How to Secure Your E-commerce Site This Holiday Shopping Season

Holiday Shopping

You might still be working on your summer tan, but the holiday season is right around the corner. In 2020, nearly 60% of shoppers had started making holiday purchases by early November, and this year’s consumers will likely start even sooner.

The holiday season is full of potential for e-commerce businesses. Last year, online shopping revenue exceeded $188.2 billion and it’s only expected to grow in 2021. But it’s not all sugar cookies and hot cocoa. For retailers set to experience an influx of holiday shoppers, the threat of cyberattacks looms greater than ever before.

Top 3 cyberthreats to e-commerce

The types of potential cyberthreats abound, but there are three in particular to be on the lookout for:

  1. Digital skimming attacks and Magecart
    In digital skimming and Magecart attacks, cybercriminals steal your buyers’ personally identifiable information (PII). By taking advantage of security weaknesses in the third-party JavaScript running on your site, hackers inject malicious code that skims credit card information and other sensitive data.

    Furthermore, a third-party script might call on another script which refers to yet another. An Nth-party script in the chain could have a vulnerability that puts your whole site at risk. Some of the world’s best-known brands have been victims of Magecart attacks, including British Airways, Warner Music Group, and Tupperware, resulting in hundreds of millions of dollars in regulatory fines alone.

  2. Carding attacks and credit card fraud
    In carding attacks, hackers make purchases on e-commerce sites using stolen credit and debit card details. They typically unleash bots to buy small-value items with the stolen card numbers. If the transaction goes through, they then use the information to directly retrieve funds or purchase gift cards which can be converted into high-value goods.

    Gift card fraud, a subset of carding, is especially common (Read more...)

*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: