Hackers Increasingly Target E-Commerce Payment Data

Europe suffers the highest number of cyber-attacks. For the first time, the increasing success of e-commerce has made e-commerce sites the favored target for hackers seeking payment data, according to a recent study by Trustwave Holdings.

E-commerce sites were targeted by 48 percent of the hackers, ahead of point-of-sale systems which suffered 47 percent of the attacks. The other breaches involved data centers and corporate infrastructure, hit by 4 percent, while ATMs were attacked by only 1 percent of the illegal programmers.

It is shocking to learn that Europe is one of the worst regions hit. According to the Verizon Data Breach Report for 2013, if the number of hacking attacks is broken down by region, 89 percent of all threat actions took place in the EMEA area.

According to Trustwave, attackers that target businesses in EMEA are most likely to go after credit card transactions on e-commerce sites (card-not-present transactions). Then they look to small e-commerce merchants, because these merchants, on average, have little security awareness. “Attackers will scan large numbers of merchants looking for well-known vulnerabilities in the e-commerce site or in the software components used—such as off-the-shelf shopping cart software. Typical vulnerabilities exploited here are SQL injections (using forms on the site to ‘inject’ bad code) or vulnerabilities in file-upload functionality,” the report says. On finding a vulnerability, attackers typically run pre-packaged code to gain access to the backend database (where a business may be storing sensitive card data) or try to modify the payment page to siphon off a copy of credit card data.

One of the issues, the report notes, is that while payment card data is usually secure, as it is protected by the relatively high-level of security provided by the credit card company, the rest of some merchant sites often does not have the same high-level of security. This means that the payment data may be vulnerable through the merchant site in a way that it would not ordinarily be. Merchants should take pains to protect their entire site, not just the payment areas, the report warns.

All of this should suggest that businesses are well-served in looking to reliable partners in the private sector who can already handle B2B transactions and payments that are completely secure—both the payment and the payment data. Traxpay works in partnership with EFiS EDI Finance Service AG to maintain security across its Cloud-based platform. EFIS is a trusted data security, private cloud, and data center provider for leading banking, financial institutions, and many of the largest international corporations across Germany, Austria, and Switzerland.

At the same time, Traxpay addresses the many other gaps that exist with traditional payment methods. Things like real-time, 24/7 payments with full data aggregation and attachments are indeed possible and available today—but not from the usual sources. As you make the move to B2B e-commerce, see how Traxpay can help you to accelerate your cash, create new revenue streams, and protect your business.

Subscribe to RSS

Leave a reply

Your email address will not be published. Required fields are marked *