By Source Defense
Another holiday shopping season is fast approaching, and the retail industry is rushing to ensure the massive investments they made during the COVID-19 pandemic to better serve customers online are ready to haul in the revenue.
But a different haul—a customer data haul—will almost certainly happen if retailers continue to deceive themselves into believing it’s impossible to simultaneously improve the customer experience and secure the digital supply chain. Cybercriminals are betting on retailers to make this false choice and are waiting for the online shopping surge to begin.
All evidence should point to the fact that cybercriminals will be both active and successful over this period. The FBI reported a 300% increase in cybercrime reports since the COVID-19 pandemic. On average, 4,800 websites per month are compromised with formjacking code. U.S.-based retailers reported an average of 1,740 online fraud attempts per month.
Digital Transformations Have Blind Spots
A recent report by the National Retail Federation (NRF) and Euromonitor International detailed how COVID-19 drove massive digital investments and transformation across the retail sector. “Besides ramping up capabilities to better serve consumers in the online channels, retailers also made in-store tech investments to create touchless retail experiences. Almost three-quarters of retail professionals said the crisis accelerated some, if not all, of their tech-related investments,” the report states.
While these investments have helped retailers capture more of the ecommerce market, they have also introduced massive risks to customer data at the point of entry — one of the major blindspots in security that retailers must tackle immediately. To capture that customer data, the average eCommerce website uses dozens of 3rd party tools, with retailers saying they plan to add an average of 3-5 new 3rd party technologies to their sites annually. These 3rd party tools are the mechanism by which cybercriminals intercept and steal customer data.
However, there is now technology and services available to ensure these 3rd party tools are secure and only doing what they are authorized to do with your customer data, but the time to act is now.
There are different types of attacks aimed at eCommerce websites:
- Payment card skimming
- Keylogging
- Form field manipulation
- Web injection
- Phishing
- Content defacement
- Clickjacking
- Malware and ransomware distribution
- Watering hole attacks
Formjacking and Magecart attacks can be wide-ranging and affect millions of people at once, or they can be highly targeted. This is also one of the reasons it’s so difficult to detect them.
Implications of Ignoring Digital Supply Chain Security
Compliance:
An eCommerce business must meet specific standards to be considered “in compliance,” and fines can be levied against a business or its owner if it does not comply with them.
Financial solvency:
If breached, a business immediately faces many other problems impacting its bottom line. It may have to pay for a forensic investigation, data recovery services, credit monitoring for impacted parties, and more.
Customer trust:
Customers put a lot of trust in the online retailers they shop with, providing them with personal data and sensitive payment information with every purchase. Earning customers’ trust is critical to a long-lasting relationship, and once lost, earning it back is an arduous task. That’s why breaches can have a significant impact on long-term customer loyalty and retention: Sixty-four percent of consumers say that they are unlikely to do business again with a company from which their personal data was stolen.
Damage to brand reputation:
Reputation is a fragile thing. It takes years to build and moments to destroy. When a breach occurs, the target audience feels betrayed and angry. The initial cost can be seen in lawsuits, but there is a far greater cost that can last for years. Stocks drop, executive team reputations are negatively affected, and revenues plummet. Unlike a fine, which can be paid and forgotten, reputation cannot be fixed so easily.
Act Now
Source Defense helps online retailers balance superb customer experience with critical security without compromising website performance or stability. We create virtual pages that isolate the 3rd party scripts from the eCommerce website. The virtual pages are an exact replica of the original pages, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original page. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the eCommerce website owner, alerting them of the 3rd party scripts that violated their security policy.
With attacks on eCommerce websites on the rise, ensuring that your customer’s payment and personal information is protected should be a priority if you want to avoid the implications of a data breach.
Source Defense prevention solutions can protect your website from the growing threat of Magecart, Formjacking, and other digital skimming cyberattacks:
- Isolating scripts from the page
- Evading harmful activities
- Applying best practices
- Securely enhancing websites
- Keep benefiting from 3rd parties
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.
