E-Commerce Website Security
E-Commerce is short for Electronic Commerce and refers to the buying and selling of products and services over the Internet or other networks. An increasing number of businesses have created e-commerce websites due to the rising popularity of using the Internet to make online purchases.
But also increasing is the risks of running a e-commerce website for a business; new ways to infiltrate and steal customer information from e-commerce websites are contently being discovered.
Security Threats to E-Commerce
Web site vandalism or defacement
Denial of service attacks
Theft of customer information
Theft of intellectual property
Sabotage of data or networks
Financial fraud, Consumer Fraud
Forgery, illegal interception
The first step toward reducing the risk of e-commerce security threats is to identify the vulnerable areas where security threats can happen. The main vulnerable areas for a website are: Hardware Security, Software Security, and Environment Security.
Hardware security includes any devices used in running the e-commerce website like network devices and servers. Protecting the network with a properly configured firewall device that is only allowing ports needed for accessing the e-commerce website is an essential part of network security. Servers used in hosting the website such as the web server and database server should be isolated from other networks using a network DMZ to reduce possible intrusion from compromised computers on other networks behind the firewall.
Software security includes any software used in running the e-commerce website such as the operating system, web server software (IIS, Apache) and database software. The operating system should be configured for security through the process of operating system hardening. Software should be contently be kept updated as patches are routinely released to fix holes in security. The website itself should be hardened against common attacks like cookie poisoning, hidden-field manipulation, parameter tampering, buffer overflow, and cross-site scripting. Website pages, where sensitive information like credit card numbers are being entered, should be encrypted and secured with an SSL certificate.
Environment security is the area around the hardware running the e-commerce website and includes human resources.
Secure physical access to network and server devices by using fences, locks, or other methods. Network, server, and software access credentials should be highly complex and well guarded (no post-it notes).
Once a staff member has left the company or moved to a different position, remove all access privileges for that person that is no longer needed. Staff members should also be trained against social engineering where sensitive information could be given to attackers posing as a trustworthy person over the phone or email.
3rd Party Hosting
If your e-commerce website is hosted by a 3rd party, contact them and discuss all of the security areas to see if they are in place.
Security is Ever Ongoing
The security threats to E-Commerce websites are constantly changing as new threats are discovered every day. To stay secure takes an ongoing dedication to monitor and make adjustments to security for all of the main vulnerable areas. It’s better to be over prepared against possible security threats, then under prepared and losing your customer’s trust in your company when an attack occurs.
Source: DNN Affin inport