As the biggest day of the year for online shopping looms large, malicious attackers are using online retail websites as a hotbed to exploit customer data. On that basis, retailers need to take action on Black Friday to protect their websites and their customers.
With Brits now spending more money on their mobile phones than in every Shopping Centre in Britain combined, more needs to be done to ensure that personal information is protected.
“Unique to e-commerce is gift card fraud,” commented application security and data protection solutions specialist Imperva. “Scammers use bots to test millions of combinations of gift card numbers on retail websites. Once the gift card number is validated as having a balance, that number can be used to buy goods and the balance stolen. Both account takeover and gift card abuse shakes the confidence of the customer so much that many will no longer use the e-commerce site.”
Imperva has outlined three tools retailers should invest in to help reduce the likelihood of these attacks:
*Install a bot management solution which collects and analyses bot traffic to pinpoint anomalies in your system
*Intrusion prevention systems and a web application firewall should be used to minimise the likelihood that a hacker can exploit a vulnerable website
*Distributed Denial of Service (DDoS) attack prevention should be used to decrease the likelihood of an attack for ransom during this time of the year. Any investment in a DDoS mitigation solution should be accompanied by a DDoS attack plan or playbook such that, in the event of a DDoS attack, all parts of the organisation do what’s necessary to minimise the effects.
Imperva concluded: “It’s paramount to not wait until the last minute to safeguard your website. The time is now to test your security before consumers come flooding in and before attackers monetise on data.”