By Source Defense
It will soon be that time of year again — the season of the website code lockdown in preparation for the massive surge in online shopping driven by the holidays. We all love the holiday season, and nobody wants to experience shopping cart checkout glitches or downtime. So code freezes are a reasonable step to take.
But do you know who else loves the holidays and the billions of dollars pumped into the online retail sector for a few months each year? Cybercriminals. And they also just happen to love holiday code freezes because they know software changes and even security updates will be delayed.
They’re coming for your customer data – credit card information, PII – anything they can get their hands on that they can monetize.
Most retailers start their code freeze about a month before Thanksgiving. The goal is to have the website stable and functioning before Black Friday and Cyber Monday and then remain on lockdown for the remainder of the shopping season. But the shopping season is when cybercriminals go to work.
This year, retailers must do more than simply freeze their website code. Website owners and operators must understand what the code already deployed is doing and if it’s secure. Unfortunately, this is already a major visibility gap that very few have filled. Controlling the client-side digital supply chain is just now becoming a mainstream concern – driven in large part by guidance from PCI DSS around client-side security under PCI 4.0. As such, it is already a weak point in security that is only going to be exacerbated with the coming code-freeze period.
PCI has made client-side security a priority because they recognize that client-side attacks are a new favored vector of cybercriminals. There have already been hundreds of attacks using techniques like formjacking, digital skimming, credential harvesting, etc. The notorious Magecart hacker group has been responsible for some of the most sophisticated e-commerce attacks since 2015 by taking advantage of vulnerabilities in the client-side digital supply chain.
These attacks work by targeting the 3rd party web applications that help retailers collect customer data and process credit card transactions. The attacks are happening at the point of data input – and they are sure to happen all throughout the holiday season.
So – what can be done? Source Defense has an idea – a program to support online retailers during this code freeze period – a program that provides scanning, detection and alerting to these attacks without a single change needing to be made to your website code.
Don’t Fly Blind – Team with Source Defense to Protect Your Online Checkout Lanes
Criminals are focused on stealing data at the point of input with techniques like formjacking, clickjacking, digital skimming, Magecart, etc. And while you might have to freeze out code changes, you do not have to leave this gap open to them. You can and should freeze out the criminals with Source Defense Detect
Engage with Source Defense now and we will give you a level of security during this time that you’ve never enjoyed. We’re offering you a special program to protect your sites during the code freezer period.
Source Defense Detect is an external scanning, detection and alerting system for client-side attacks.
With Source Defense Detect, we will remotely inspect your sites for signs of malicious activity. We’ll give your Security and Compliance teams all of the insights they need to both shut down data theft and ensure data security compliance.
Our Offer to You:
1. We’ll give you an immediate solution that scans your web properties for signs of malicious activity, data theft and data leakage
2. This solution will inventory and inspect all 3rd party (and beyond) JavaScript operating on your site
3. We’ll use synthetic data to monitor script operation and flag any data theft or leakage concerns
4. You’ll have access to a data rich portal to inspect the alerts and take action
5. We’ll give you this program with modified terms to streamline your internal processes – we’ll take care of you during the code freeze and if we do our job, we’ll keep supporting you for the rest of the year
Interested in protecting your online checkout lanes during the holiday season?
Go here and fill out a request form – we’ll get right back to you and get rolling right away to close this major gap.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.
