With the holiday shopping season ramping up and stay-at-home orders on the rise, many shoppers are turning to online ordering to fulfill their shopping needs. This holiday season, shopping is expected to increase by anywhere between 25 and 35 percent year over year. It is important for everyone to take steps to increase our security where we can. There are some simple steps businesses can take to increase the safety and security of online shopping. 

Let’s take a look at five things to do when participating in eCommerce activities.

#1 Learn About Magecart

As an eCommerce website owner the rise in Magecart attacks may not be unfamiliar to you. However, there are still businesses which have not prioritized what we believe is the number one threat to online shopping: Magecart. For those that are less familiar with that term Magecart is a combination of Formjacking, eSkimming, and other JavaScript based attacks the goal of which is to collect private or sensitive information being input by visitors of a website. With the holiday season in full swing and non holiday eCommerce business seeing revenue increases we expect Magecart to be a major security concern for the foreseeable future. Take some time to learn about or more about how Magecart could affect your business. 

#2 Take Inventory of Your Scripts

With Magecart attacks on the rise over the past three years and as eCommerce continues to grow it’s important to know what JavaScript is  running on your site. This includes both first and third parties. Taking inventory of your first party scripts is fairly straightforward however, knowing all your third, fourth, fifth, etc.. scripts can be time consuming or even an impossible task. Gathering knowledge surrounding what sources your third parties are bringing into your site is an important step to keeping your website visitors safe. We offer a very simple and free way to look at your website risk with our Website Risk Analysis report. Run one today to learn about your third party script inventory.

#3 Think About the Browser More

As the complexity of your webapp grows and the enhancements introduced require more access to the document object model (DOM), it may be time to think about what impact this will have on the browser. Any existing vulnerabilities in your code (specifically JavaScript) only shine brighter as more is introduced and there’s no control to be had when using third party JavaScript. If a link along your supply chain is weak, an attacker can easily target the browser session of your visitor using that weakness. Strengthening your client-side security footprint with a real-time detection solution provides relief to your security teams during what is sure to be a busy shopping season.

#4 Focus on Prevention

A preventative solution rather than a scan, detect, and report option means you can prevent a JavaScript attack from being successful instead of reading about it in a report or, more frightening, the newspaper. Source Defense offers a zero-trust prevention solution for Magecart attacks. Using a patented and proprietary solution we provide your business with the confidence needed to be on the cutting edge of conversion techniques, analytics, and site enhancements that your customers want without worrying about supply chain attacks. 

#5 Free Up Resources

During a time when vacations are popular, family gatherings are the norm, and illnesses gain traction, a solution which does not require a dedicated resource or, for that matter, a measurable increase in resource cost is desirable. Our easy to use Source Defense Admin interface offers at-a-glance reports which reduce the need to dig deep to find the information you want. In addition, our API gives your team freedom to use our data in any of your existing systems and our dedicated integrations provide even easier one-stop shopping for your data. So let your security teams take that vacation, enjoy their in-laws staying a few weeks, or take the time necessary to get healthy all because you’re using an easy to use platform.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.