eBay is universally recognised as a one-stop-shop for goods, where customers can buy used odds and ends, sell their old paraphernalia and become part of an expanding digital community of online shoppers.
Integrated into the platform is PayPal, a payment gateway renowned for improving security, so we can assume that, overall, eBay itself is pretty safe to use, right?
Well, if you’re planning to set up an online store that ensures control over aesthetics, content and usability, or if you’re browsing through eBay in search of the best deals, you may want to think about your e-commerce solution or the buyer’s platform.
Recently, Magento, an open-source company specialising in e-commerce, has been under fire. A researcher for Sucuri, Peter Gramantik, discovered that attackers have access to confidential billing details of e-commerce websites that use this platform.
In addition, according to Computer World, attackers are receiving private information that first goes through a filtering system, which removes any data that isn’t deemed relevant to credit card details.
Gramantik commented: “The attackers are injecting their malicious code into Magento, but it’s still unclear how that process happens.”
He went on to say that the attackers may be abusing an existing weakness in the platform’s core or an extension on the E-commerce websites.
Whilst attackers will gather all POST requests (a method used to call for servers to receive data and store it), as mentioned, only card information is extracted.
Following encryption (scrambling all data collected, making it accessible to only those individuals involved, in this case, in the attack on Magento), payment card details are stored in a false image file. Simply, this means that the ‘image’ won’t load if the file is opened by someone who doesn’t have access to the stolen information.
“But the attacker can download and decrypt the fake image file, revealing the payment card details” Gramantik continued.
He also mentioned, “those behind the method seem to be intimately familiar with how Magento works. The attacker knows how the module works and the code it’s built on; all he needed to do was use the module’s own variable in which all the sensitive data is stored unprotected.”
This isn’t the only concern Sucuri has had with Magento’s platform though. In April, its vulnerability was outlined and opportunities for hacking, detailed.
Denis Sinegubko, of Sucuri, who identified the issue in April, said, “there is a very short period of time when Magento handles sensitive customer information in an unencrypted format”.
Unfortunately, as an online shopper, there is little you can do other than follow standard security methods, such as making sure the online shop you are purchasing from is legitimate by doing your research.
On the flip side though, what can you, as a site owner, do to stay safe?
Well, enlisting the services of third-party payment gateways is a great step, as is consulting specialist agencies, like us, for support and secure E-commerce solutions.
Here at i3media.net, we resonate with both business owners and customers when it comes to online security and experience. So, if data protection and security are high on your agenda then perhaps it is time to look into a secure, closed-source solution.
Unlike open source content management systems (CMS), everything we have built, we have done so from the ground up, resulting in all-round exclusivity and security.
We have used our years in the industry to build and perfect our multi-channel E-commerce platform, reaching out to corporate audiences that benefit from our tailored services.
Feel free to enquire today or see our website for more on our expertise in E-commerce. We will be there every step of the way, to guarantee you a safe journey.