Understanding E-Commerce Security


Posted on by Isla Sibanda

Precisely because e-commerce is poised to comprise 21% of all retail sales in 2024, it’s an ideal target for all kinds of malicious actors. On top of that, this domain encompasses a myriad of protocols, strategies, and technologies, making it hard to grasp for users, customers, and even some cybersecurity experts.

Despite this, e-commerce security’s significance is paramount, as breaches can lead to financial losses, eroded customer trust, and compromised business integrity. And with the average data breach costing $9.44 million, it’s paramount that everyone takes e-Commerce cybersecurity seriously. With that in mind, let’s take a deeper dive as we near RSA Conference 2024.

Cybersecurity Threats in E-Commerce

The cybersecurity landscape in e-commerce is a battleground, with threats that are as diverse as they are sophisticated. Key issues plaguing online banking and transactions include:

  • Advanced Persistent Threats (APTs): These are sustained, targeted attacks aiming to steal data over extended periods, often penetrating networks and looking to accumulate customer or transaction information.

  • Cryptojacking: The unauthorized use of someone else's computing resources to mine cryptocurrency, often through compromised e-commerce sites. Albeit not as ubiquitous as phishing, ransomware and old-school trojans.

  • SQL Injections: Attackers exploit vulnerabilities in data-driven applications to execute malicious SQL statements, compromising databases.

  • Cross-site Scripting (XSS): Here, attackers inject malicious scripts into benign websites, executing on the user's device to steal data or credentials. So instead of gathering data from the server side, cybercriminals attack the client side through compromised e-commerce sites, zeroing in on the individual.

 

These threats underscore the arms race between cybercriminals and cybersecurity professionals, necessitating a strategic, informed response. While PCI compliance and similar requirements are good starting points, experts mustn’t take a “good enough” approach to this matter. 

Ideally, experts in e-commerce and security must focus on strengthening user authentication in order to reduce the possibility of fraud. In his RSA Conference 2020 session, William Newhouse highlighted strategies that retailers can adopt to reduce the risk of fraud while also protecting both their businesses and customers.

Five Best Practices for Securing Online Transactions in 2024

There are no Ten Commandments that govern online store security, but over the years, both store owners and cybersecurity professionals have agreed upon various key tenets. From being PCI DSS compliant to being wary of faulty backend code, there’s a lot to unpack. Generally speaking, secure online shopping is possible in 2024 if you: 

  • Rely on regular security audits and penetration testing: Employ third-party experts or use pentesting tools to conduct thorough security assessments and simulate cyberattacks on your systems to identify vulnerabilities. In addition, you should adopt zero trust architecture—operate on the principle that no entity, internal or external, is trusted by default from a security standpoint, necessitating verification at every step.

  • Reduce the number of attack vectors: Given the fact that a CMS like WordPress has in excess of 60,000 plugins, e-commerce site owners often put their sites at risk by adding unnecessary third-party software that isn’t properly vetted. Only use what you actually need and verify any third-party vendor before using their products or services.

  • Next-generation firewalls and intrusion prevention systems: Deploy advanced firewall technologies that provide deep packet inspection, intrusion detection, and prevention capabilities.

  • PCI compliance: Adhere to the Payment Card Industry Data Security Standard to protect cardholder data across payment channels. This means using PCI-compliant hosting, abiding by anti-money laundering (AML) protocols and verifying that any external vendors do too. 

  • Secure cloud services: Utilize reputable cloud services with robust security measures for data storage and processing. Likewise, the concept of cloud automation has emerged as a way of reducing human error and bringing the risk of social engineering to an acceptable level. 


Contributors
Isla Sibanda

Freelance Writer,

Protecting Data & the Supply Chain Ecosystem

hackers & threats persistence zero trust authentication Consumer Identity Fraud Prevention / Transaction Security fraud Pen Testing / Breach Simulation web application firewall

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs