Where does our credit card data get stolen from?The short answer is: anywhere we use our credit cards. And anywhere that handles our credit data.
- Retail shops
- Call centres
- eCommerce websites
We’re one of the leading forensic teams globally - we help a lot of businesses to find out how they were breached, how much got stolen (occasionally we can identify who stole it) and then we advise on how to fix the problems. We're not aware of any sector in the payment card industry that hasn’t had a breach and we've assisted organisations across the whole spectrum - from Regional Central Banks through to small eCommerce businesses.
The thing is, while we’ve seen breaches across all sectors, the trend over the last few years has most definitely been towards eCommerce websites. In fact, eCommerce websites now make up the bulk of our team’s work. We’re not talking about well-known brands only - we’re seeing eCommerce businesses of ALL sizes getting attacked, hacked and ransacked.
We have a major problem in the payments industry.
What is going on?Back in April 2017, after seeing a spate of new attacks on Magento websites, we decided to scan a batch of 60,000 websites using our WebScan technology and the results were VERY interesting:
- 78% of the websites were missing critical security patches. Some dating back to early 2015.
- > 5,000 were definitely hacked and we could see the harvesting malware actively stealing payment card data.
- Fact: These sites are not being maintained. 78% are missing critical security patches.
- Whoever is managing these sites, either:
- does not understand security.
- or perhaps a more forgiving stance would be that they do not have their eyes on the security of the websites?
- or perhaps they are simply not being paid to keep the sites updated, so they don't.
- The owners of website do not understand the implications of a data breach on their business (if they did, they would be insisting on the sites being patched at the very least).
For the 78% that are missing critical security patches, a few very simple steps could completely change the risk profile for their business.
Website Security Health Check
For that reason, we have decided to launch a Website Security Health Check to help eCommerce business owners understand how “healthy” the security posture of their website is.
The Website Security Health Check includes:
- A detailed external vulnerability scan - quite similar to a PCI scan, only more detailed.
- An Internal Scan of the website using our FGX-Web tech. This will identify if there are Indicators of Compromise - webshells, backdoors etc. It also monitor other key data points within a website such as changes, access logs, unprotected payment card data.
- Analysis of all scan results by one of our Threat Intelligence Analysts.
- A full Website Health Check Report will be produced within 7 days - with results and guidance to address any problems.
- 30 days of website protection and monitoring. We provide a fully functional FGX-Web Managed Service (delivered by our team of Threat Intelligence Analysts) for 30 days to protect and monitor the website.
We’re selling this service for only £250
Considering the time, knowledge and experience that goes into delivering the service, we believe that this offers huge value to any Magento website owner (especially to the small-medium sized online businesses who make up the majority of the 78% listed above). If you are not 100% certain of your website security status, this would be £250 very well invested.
If you, or anyone you know, may be interested in getting a Website Security Health Check, please get in touch with us and quote “FGX-Web Blog” for £50 off.