Online fraud and security breaches remain a real risk for Irish businesses with the growing popularity of online shopping, aided by advancements in payment gateways, increased business adoption of eCommerce and growing customer familiarity with the benefits of shopping online.
While SCA and 3DS2 increases security around online payments, Online businesses must still ensure all of the components and features on their eCommerce website are identified and properly secured or managed by relevant third party providers.
Given the very tangible impact an online breach can have on a business’ finances and reputation, online fraud prevention is better and far less costly than seeking cybercrime cures. Below we have highlighted some of the potential threats and preventative measures you can take to keep your online business safe from hackers.
Ensure staff, devices and operational software use strong and regularly updated passwords. Passwords should be 12-15 characters long, consisting of a seemingly random collection of uppercase and lowercase letters, numbers and special characters. Passwords should be changed a minimum of every 30 days.
Weak passwords still remain an easy target for hackers looking to breach online platforms and software. Data and systems should never be protected with passwords that can be guessed easily like family names, favourite sporting teams or musicians. Reusing the same password and obvious number sequences, like 123456, still remain popular password options that can leave businesses exposed.
Run the latest anti-virus / anti-malware software on your eCommerce platform. Along with making sure your anti-virus/ antimalware software is running properly, you should also ensure you or your web-hosting provider have implemented a web application firewall (WAF) or additional intrusion-detection technologies and the data transferred between your computer and a website’s server should always be encrypted using TLS certificates.
Implementing software and security patches ASAP, including ones for your shopping cart, will protect you from online attackers who would otherwise take advantage of system vulnerabilities. It’s recommended to apply updates from trusted network locations (e.g., home, work) and only install links from trusted vendor sites.
Divide out duties and regulate access. Should a breach ever occur, the impact will be more limited as you don’t have all your eggs in any one basket. by reducing the risk of fraud from an individual with too much or unnecessary access to your business’ confidential information and /or systems weakens your defences against online fraud. By accident or design, confidential information or access to your system could be shared with malicious parties.
Regularly review all website links to prevent online fraud. Links (such as URLs, iFrames, APIs etc.), from your website to the payment gateway could be changed if your website security is compromised without you being aware of it. It’s important to confirm links from your site have not been altered to redirect customers to unauthorized locations.
Ensure all of the components and features on an eCommerce website are identified and properly secured or managed by relevant third party providers. Selecting reputable, trusted third parties to support your eCommerce solution with valid TLS certificates as well as the most current software upgrades and security patches is important in enhancing the security of your eCommerce website and associated software.
Make sure the following points below are included in your contract with them: