5 Security Threats For E-Commerce Websites (And How To Avoid Them)

by Stephan Jukic


Your e-commerce website is riddled and bounded by password barriers. From your main administrative password that allows access to your web hosting control panel to your FTP login access, passwords are deeply important from a digital security point of view.




This is also why it’s so crucial that you protect them as robustly as you possibly can by implementing some seriously strong password protection strategies and sticking to them.


1. Password Breaches

For starters, make every password in your web hosting system distinct from the others. There should be no repetition of words or phrases at all. Secondly, use lengthy, high entropy words and phrases that even password cracking software can’t break. Your most ideal solution for DIY passwords is to use a passphrase of multiple random words and a couple of numbers in between them. To gauge its strength, you can try this little tool.


Another major security procedure you can follow is to use the two factor authentication systems of major web hosts and data services providers which are sustaining your online business and protect your data in a way that offers an enormous security boost over regular password based login attempts.


This is especially important for your hosting control panel access and thus you should choose a hosting provider that offers two-factor authentication. One that does this really well is DreamHost. The well known GoDaddy also offers TFA for hosting.


Or you can simply use LastPass and pretty much forget about password insecurity forever, assuming your hosting provider is compatible with it.


2. DDOS Attacks

Distributed Denial of Service attacks are a major staple of the internet hackers world. The hijacking of your hosting servers for the sake of crashing them completely or using them to target yet another series of hosting servers is practiced by major online hacking organizations such as Anonymous and by minor criminal hackers with access to smart resources.


In either case, if your servers suffer a DDOS attack, you’re looking at some serious downtime as you try to get your site up and running again and the risk of having the DDOS attack happen again and again in the future.




How to fight DDOS attacks? It’s not easy due to the sheer massive nature of all the IP numbers pinging your servers and cutting out legitimate traffic, but there are a couple of things you can do to buy yourself some time. For starters, run your hosting off your own VPS (virtual private server). This is not only a good general e-commerce security policy due to the server control it gives you, but it will also make it easier for your hosting provider to scrub your traffic of malicious data packets that are overwhelming it and eventually redirect traffic so that the attack slows down.


3. RansomWare

One of the latest digital threats to rear its ugly little head in the online landscape, Ransomware, does exactly what its name implies. It hijacks either your actual computer hard drive, or more rarely, your website servers and all the data they contain – and then threatens to erase all of your valuable data within a certain period of time unless you pay a certain amount of money to have free that info again.


How do you fight something like this? Quite simply by backing up all of your information regularly and making sure those backups are up to date. If you do this one simple thing, you can tell the data hijackers that hold your computer or site servers hostage to go screw themselves as you reformat, erase the hijacking software and re-upload your backed up information.


Doing all this will still be a pain in the butt, but it will at least ensure that you’re not a victim of repeat data hijacking.


4. Data Destruction

Right up there with the hijacking of your data and the crushing of your e-commerce website under a torrent of traffic pings, there is the destruction of all your data by hackers who enjoy causing havoc or by some irresponsible accidental action by one of your employees or even you yourself.


Data erasure, whether by accident or on purpose is one of the biggest sources of headaches in a lot of online business websites that handle large volumes of customer information. Usually, the cause of such a breach is negligence by someone working in the company; most of the time, the simplest solution is to have regular and well organized backups of all your data done. This way, an accidental annihilation of information can be quickly remedied by copying again from a backed-up copy.


5. Fraud

Finally we get down to fraud, the most common type of digital security threat most small online businesses are going to face in 2014, just like they did in 2013. Fraud costs small businesses in the U.S. nearly 4 billion dollars per year and affects as many as 2 percent of all online sales transactions, meaning that you are extremely likely to suffer a case or two unless you protect yourself robustly.




How to protect yourself from sales fraud? For one thing, make sure that you choose and use a highly secure e-commerce shopping cart platform: Shopify and Stripe are two excellent and well known examples.


Secondly, make sure that all of your e-commerce checkout pages are configured to run via HTTPS for added transaction data encryption. This is crucial for keeping snoops at bay.


Third, you should also absolutely make sure that your website is PCI compliant. These are a series of strictly enforced online shopping guidelines that attempt to make sure any online seller with a merchant ID is doing their best to maintain a secure online transaction environment.


Finally, to combat the extremely common problem of chargeback fraud, track all of your sent orders with their own tracking number.


Stephan JukicStephan Jukic is a freelance writer who covers online data protection, anti-intrusion protocols and digital security for Authentify. Connect with Stephan on LinkedIn and Google+.


Photo Credits

redjar | Dave Bleasdale | Bruce Guenter | Courtesy of Author