Cybersecurity Insights

Joshua Hillier

A look at PCI Best practice for building, managing and developing e-commerce sites.

28/04/15 10:34

What considerations should you take when building, developing and managing e-commerce sites?  

E-commerce sites are thriving. There are hundreds of digital agencies out there that create, develop, market and manage e-commerce sites. But how many fully understand web security, and very importantly, payment data security?

e-comm

We’ve seen in previous blogs that a key factor for e-commerce sites to be mindful of is ensuring that cyber security issues (malware, search engine blacklisting, customer payment data compromise) don’t undermine the efforts online businesses have made to promote their brand in a positive manner.

We are at a time now where security is paramount for e-commerce sites. Attackers have become more sophisticated in the way they infiltrate systems and syphon data or collect important information – and growing numbers of websites are falling victim.

One example of an attack is the Web Shell. Using a piece of code like a Web Shell, which essentially allows attackers full access to your website including all internal, private, administrative and customer information, is becoming a common and very successful attack vector. Simply utilising a secure IFrame or (the simpler and better option) the re-direct model, for payment arrangement is not enough to secure your customer sites from attackers that may have accessed their environment months ago, been collecting data ever since and using the website to conduct other nefarious business, such as malware distribution etc. To discover more about Web Shell compromises, see our previous blog

So what do we do? We need to protect the sites we build and manage but need a simple solution that doesn’t take valuable resource from your business. While re-direct payments solutions will offer a certain amount of security for the payments, more is needed to effectively secure the website as a whole. The video in the link below further reiterates the point in this blog, layered defence models are essential to maintaining security, beginning with the re-direct:

Finding a solution isn’t always a simple process, we’ve all had the issue of trawling the internet or catalogues looking for the answer that best fits our problem, rarely is there a tailor made option that gives you everything you need.

We are increasingly finding that partnership programmes between developers and security experts seem to be the best way to enable developers to “bake in” effective security to protect the sites they build and manage. A partnership programme allows you as the developer to continue to build and manage sites knowing the protection is in place form the security experts, thus the focus remains on quality service.

A partnership solution like Foregenix’s FGX-Web Protect - designed, built, managed and supported by a team of security specialists - offers the security required for a business to grow and prosper in the e-commerce market place. FGX-Web is an advanced web security solution - a protective fortress for websites -  the dual layer defence acts as a safety net, providing website file change monitoring and alerting, while also ensuring that any attacks on your websites are filtered out before they can do any damage.

If you're looking for a solution to simplify your clients’ website security, we would love to speak with you and show you how we can help.  Please contact us through the form below. 

Learn more about Web Security

- Website Redirect Payments... Secure or not?

- Web Security Webinar Series

- Magento Phantom Malware Technical Whitepaper

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More