The importance of digital security patches for ecommerce

Securing an online store is an ongoing challenge and an important one. High-profile security breaches damage the reputation of ecommerce stores, creating long-term repercussions for brands that are negatively affected.

Security Scorecard’s “2015 Retail & eCommerce Security Report” found that the retail industry ranks higher than the majority of other industries when it comes to effective security, but all of the retailers examined still had security weaknesses in their applications. It’s critical for ecommerce store owners to pay attention to security warnings and patches issued by the software platforms they use for their business. Companies uncover security weaknesses frequently that could cause significant damage if not dealt with.

One of the best defenses retailers have against security leaks is to download patches as soon as they become available. When companies experience a breach, outdated software is often to blame. According to the report from Security Scorecard, the lowest performing retailers received poor marks in patching cadence.

In particular, it’s crucial to upgrade to new software rather than use old, legacy systems. Security Scorecard found fraudsters are often already aware of vulnerabilities in outdated systems, making it easy for them to break in.

“Downloading patches is just one aspect of fraud prevention.”

Magento security flaws
Popular ecommerce platform Magento recently released patches to cover critical security weakness in its system. It’s important that ecommerce store owners using Magneto’s platform download these patches as soon as possible to avoid being affected.

Given the popularity of Magento’s platform to build ecommerce sites, it’s likely a large number of brands were affected by the error. According to Magento’s website, it has been the No.1 platform used by merchants on the Internet Retailer Top 1000 for three years in a row. Citing data from Hivemind, Creativeminds reported 24.6 percent of the Alexa top 1 million websites use Magento as their platform, giving them a larger share than any other brand.

Research firm Sucuri found XSS bugs in Magento’s software. The issue related to vulnerabilities that would have allowed fraudsters to enter a malicious JavaScript into the company’s online ordering form, which would allow them to take over the system remotely. This would allow fraudsters to steal customer data or even use the sites to spread malware and spam, Sophos wrote.

According to CIO, the patch Magento released to fix the issues also includes fixes for 19 other flaws, including an additional XSS issue. An update on Magento’s site reveals each vulnerability and lists no known attacks based on any of these issues.

Addressing security concerns
Downloading software patches when they become available is important, but only one step in fraud prevention. It’s crucial for ecommerce companies to invest in digital security. Security Scorecard pointed out that companies often security as a cost center within IT, and most companies would rather focus on growth initiatives like omnichannel marketing strategies. While companies can maintain best practices to prevent security leaks, there’s always the potential of something getting through. This is why it’s so important to invest in other measures, like fraud detection and prevention software, to provide a backup to actively go after potential fraudsters at work.