According to a 2018 Cybercrime Report from ThreatMetrix, cyber crime directed to e-Commerce sites remain alarmingly high, with a total of 150 million attacks seen during the first quarter of 2018. Site security is a major concern for e-Commerce businesses. Cyber-crime impacts not only your business revenue during the attack, but also has a huge impact on consumer confidence. Your e-Commerce site must be secured.
In today’s data driven economy, data is a strategic asset to any company, spiking the interest of hackers or even competitors. So, when we’re talking cyber-attacks and security, prevention is our priority.
What is the hacker looking for?
To ensure protection, one must understand what information the hackers want to obtain and for what purpose. The most sought after informotion are user IDs. The email and password combination of a customer is often used on many different sites. A hacker seeks to recover this combination, to gain access to other information such as credit card details to use them on other e-Commerce sites to place an order.
Two new features to secure your site
During the first quarter of 2018, 13.5 percent of all retail login attempts were hacking attempts, as well as 32.8 percent of all new account creations. To prevent fraudulent login attempts on your e-Commerce site, the Oxatis teams continuously reinforce the security of your e-Commerce site.
New account creation policy
Your new customers will need to choose a strong password that includes an uppercase letter, a lowercase letter, a number, and a special character. Its length must be between 8 and 20 alphanumeric characters.
The update is automatic and only concerns new accounts. Your current customers do not need to change their password (unless they ask for a new one).
Login attempts to the customer account
A study by Incapsula suggests 61.5% of all website traffic is now generated by bots. Some of this automated software poses a threat by testing for example all possible combinations of an email address and password to steal data.
To complicate the task of hacker bots, the Oxatis solution also changed the login policy of your site. After 5 failed attempts to login onto your site, your customer will have to wait for 3 minutes before being able to try again.
Secure your site with an HTTPS protocol
Since July 25 this year, the Google Chrome browser (version 68) displays a grey “Not secure” warning before any site link that does not contain an SSL certificate. Sites that have activated the HTTPS protocol with an SSL certificate see a green padlock appear before the mention HTTPS followed by the site link in the navigation bar.
The HTTPS protocol authenticates the integrity of the site and encrypts the information exchanged between your site and your customer. This protocol complicates - or even makes it impossible - to intercept data when your customer enters credit card information for example. The SSL certificate also ensures that the site has not been modified or redirected to a different platform or site.
To reinforce security for its users, Google Chrome further enforced this measure this October when it launched the latest version (V70) of its browser. The updated browser now displays the “Not secure” mention in red when users enter data on HTTP pages. Your customers care about site security. Make sure you have installed the full SSL on all pages of your site!
Important: The SSL certificate is included in certain subscription plans. See with your account manager how to benefit from these new subscription plans.
The Oxatis solution security certified by Intrinsec Pentesting
The penetration test or pentest is a stress test simulating an array of cyber-attacks, performed by trained security professionals. They assess the amount of strain IT solutions provider can handle in the case of a cyberattack or other security threats. Penetration tests are very rigorous audits and they follow a strict process requiring irreproachable ethics.
Oxatis has always placed security at the heart of its technical development. To ensure our solution delivers the highest level of security, the Oxatis platform has passed the Intrinsec Pentest with flying colours.
The final report of the Pentest audit confirms the work of our experts. All users of our platform enjoy a maximum level of security that protects them against different types of intrusion and hacking attempts.
«No vulnerability impacting the confidentiality of data exchanges has been identified»
You can safely and securely scale your e-Commerce business with Oxatis.