Security Gaps

Study Finds Several Security Gaps In Ecommerce Sites


A recent study by Arxan Tech and Aite Group warns that over 80 e-commerce websites worldwide may have been breached by Magecart groups.

Last year, news of such groups frequented media sources when they attacked and compromised big international brands like Forbes, British Airways, Newegg and Ticketmaster. And the news of more attacks is no surprise.

The term “Magecart” is a collective word for many cybercriminal syndicates that utilize credit card skimming (aka formjacking) tech to sneak into websites to search for and loot personal and financial data.

According to the study, all the 80 websites scrutinized were found to have no in-app security layers like code obfuscation or tamper detection.

Of all the investigated sites, an entire 25 percent are well-known highly regarded brands in the luxury clothing and motorsports sectors.

Cases of formjacking are escalating because of the absence of in-app protection which gives cybercriminals easy access to systems and allow them to view an app’s HTML5 or JavaScript as plain text.

Formjacking capabilities are added to a web application, most times the shopping cart, and used to sneak up on, and loot credit card info that is traded on black-markets. These cards are also used by phony shippers to move items bought with looted cards.

Network-Security-2-2018-877x432.jpg (877×432)

As soon as hackers have compromised your systems and mastered your web app code, they add malicious Javascript into the site pages of the servers that manage the checkout form.

Once infected, these forms that collect customer data send a copy of the credit card data of all the shoppers who add in their info.

The nature of the crime can keep it undetected for a long time by both the customer and the organization.

Aaron Lint, Arxan VP expressed concerns on the lack of security measures to protect client data.

“The findings of the study are quite disappointing; the absence of security layers on the web-apps merchant add to their ecommerce platforms and the incapability of endpoint security providers to offer dependable solutions to save consumers from these threats are to blame.”

Even worse, a whole 20% of sites attacked by Magecart are compromised again in just five days of fixing the problem. That means an endless cycle of attacks that can threaten to ruin the bottom line of a brand.

Final words

Is your website among the 80? Well, anyone can be a target. So if you have done due diligence then its time you scanned your systems for any malware and added the necessary security layers.

Author Bio: Blair Thomas has been a music producer, bouncer, screenwriter and for over a decade has been the proud Co-Founder of eMerchantBroker, the highest rated ecommerce merchant account provider in the country. He has climbed in the Himalayas, survived a hurricane, and lived on a gold mine in the Yukon. He currently calls Thailand his home with a lifetime collection of his favorite books.