The security standards of today’s E-commerce websites are surprisingly low considering the amount of business they conduct. With more and more consumers doing their shopping online, hackings have reached epidemic proportions. InfoSec officials face a tough task, but cybercrime can be countered.
Besides educating consumers to practice safe browsing habits and avoid unknown WiFi networks, there are a few steps that must be taken by all CISO’s and InfoSec executives. The biggest problem today is the lack of secure software and plugins in websites.
Today’s leading Content Management Systems (CTM) are surprisingly exploitable. Numerous vulnerable plugins were found in Checkmarx’s The Security State of WordPress Top 50 Plugins research. But as mentioned above, these problems can be rectified.
The best way to create safe software and plugins is to implement a secure Software Development Life Cycle (sSDLC). This ensures that the product is released with minimal possible loopholes and vulnerabilities that can be exploited by cybercriminals. Products developed in a secure SDLC also require minimal post-production security investments.
Correcting an application at an advanced stage of progress takes up more time, effort and resources. This is where Source Code Analysis (SCA) can play a vital role. Scanning the code in the initial phases of development helps reduce production costs due to early fixing of loopholes. This also ensures increased efficiency and faster production rates.
Besides building the E-commerce websites on secure platforms, owners and CISO’s must also try to enforce the following security measures to raise safety standards:
1 – Banning of Weak Passwords
This is probably the most overlooked aspect of E-commerce website safety. Numerous reports regarding the weakness of passwords on the internet have been published in recent years. Websites should simply require and guide their customers to compile login passwords of complex nature.
2 – Usage of Secure Socket Layer (SSL)
This security measure makes sure that all information exchanged via the website is done with proper encryption. All sensitive data the user sends is inaccessible to hackers and other third-party people. Buying and implementing an SSL certificate is easy and fast, making it a must in all E-commerce websites.
3 – Payment Card Industry (PCI) Compliancy
Also known as Network Security Scans; these must be performed atleast on a quarterly basis. This is basically PCI Compliance methodology that makes E-commerce website officials aware of the latest risks and dangers. PCI Scans should be carried out by Approved Scanning Vendors (ASV) only.
Other recommended anti-hacking tactics include the using of tracking numbers for all orders, monitoring the website with real-time analytic tools and updating plugins and software. While the responsibility for safe internet usage eventually falls upon the user at home, proper infrastructure and safe programming habits can help win the fight against cybercrime.