Hand written pdf answer click here
Q4 B) E-commerce Security Threats
1. Financial frauds
Ever since the first online businesses entered the world of the internet, financial fraudsters have been giving businesses a headache. There are various kinds of financial frauds prevalent in the e-commerce industry, but we are going to discuss the two most common of them.
a. Credit Card Fraud
It happens when a cybercriminal uses stolen credit card data to buy products on your e-commerce store. Usually, in such cases, the shipping and billing addresses vary. You can detect and curb such activities on your store by installing an AVS – Address Verification System.
Another form of credit card fraud is when the fraudster steals your personal details and identity to enable them to get a new credit card.
b. Fake Return & Refund Fraud
The bad players perform unauthorized transactions and clear the trail, causing businesses great losses. Some hackers also engage in refund frauds, where they file fake requests for returns.
2. Phishing
Several e-commerce shops have received reports of their customers receiving messages or emails from hackers masquerading to be the legitimate store owners. Such fraudsters present fake copies of your website pages or another reputable website to trick the users into believing them.
3. Spamming
Some bad players can send infected links via email or social media inboxes. They can also leave these links in their comments or messages on blog posts and contact forms. Once you click on such links, they will direct you to their spam websites, where you may end up being a victim.
4. DoS & DDoS Attacks
Many e-commerce websites have incurred losses due to disruptions in their website and overall sales because of DDoS (Distributed Denial of Service) attacks. What happens is that your servers receive a deluge of requests from many untraceable IP addresses causing it to crash and making unavailable to your store visitors.
5. Malware
Hackers may design a malicious software and install on your IT and computer systems without your knowledge. These malicious programs include spyware, viruses, trojan, and ransomware.
The systems of your customers, admins, and other users might have Trojan Horses downloaded on them. These programs can easily swipe any sensitive data that might be present on the infected systems and may also infect your website.
6. Exploitation of Known Vulnerabilities
Attackers are on the lookout for certain vulnerabilities that might be existing in your e-commerce store.
Often an e-commerce store is vulnerable to SQL injection (SQLi) and Cross-site Scripting (XSS).
Let’s take a quick look at these vulnerabilities:
a. SQL Injection
It is a malicious technique where a hacker attacks your query submission forms to be able to access your backend database. They corrupt your database with an infectious code, collect data, and later wipe out the trail.
b. Cross-Site Scripting (XSS)
The attackers can plant a malicious JavaScript snippet on your e-commerce store to target your online visitors and customers. Such codes can access your customers’ cookies and compute. You can implement the Content Security Policy (CSP) to prevent such attacks.
7. Bots
Some attackers develop special bots that can scrape your website to get information about inventory and prices. Such hackers, usually your competitors, can then use the data to lower or modify the prices in their websites in an attempt to lower your sales and revenue.
8. Brute force
The online environment also has players who can use brute force to attack your admin panel and crack your password. These fraudulent programs connect to your website and try out thousands of combinations in an attempt to obtain you site’s passwords. Always ensure to use strong, complex passwords that are hard to guess. Additionally, always change your passwords frequently.
9. Man in The Middle (MITM)
A hacker may listen in on the communication taking place between your e-commerce store and a user. Walgreens Pharmacy Store experienced such an incident. If the user is connected to a vulnerable Wi-Fi or network, such attackers can take advantage of that.
10. e-Skimming
E-skimming involves infecting a website’s checkout pages with malicious software. The intention is to steal the clients’ personal and payment details