{"id":35903,"date":"2019-10-29T13:48:09","date_gmt":"2019-10-29T17:48:09","guid":{"rendered":"http:\/\/www.andysowards.com\/blog\/?p=35903"},"modified":"2019-10-29T13:48:09","modified_gmt":"2019-10-29T17:48:09","slug":"protect-sensitive-information-e-commerce-website","status":"publish","type":"post","link":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/","title":{"rendered":"How to Protect Sensitive Information on Your E-Commerce Website"},"content":{"rendered":"<p>If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A <a target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/an-insecure-mess-how-flawed-javascript-is-turning-web-into-a-hackers-playground\/\">recent analysis<\/a> found that nearly 37% of websites have JavaScript vulnerabilities, and 80% of these websites are at risk of infiltration from malicious sources.\u00a0<\/p>\n<p>Many attacks take place through client-side browsers. Here, hackers inject a skimmer code on the third-party scripts to scrape sensitive information. Since the code is customized as per the first-party or third-party scripts, it can go unnoticed for weeks.\u00a0<\/p>\n<p>With the following mitigation techniques, you can avert threats like <a target=\"_blank\" href=\"https:\/\/www.talasecurity.io\/\">Magecart <\/a>that fly under the radar of your online security.\u00a0<\/p>\n<h3>Protection from the Third-Party Compromises<\/h3>\n<p><a href=\"https:\/\/www.businessinsider.com\/data-breaches-retailers-consumer-companies-2019-1\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/data-breaches-retailers-consumer-companies-2019.jpg\" alt=\"data-breaches-retailers-consumer-companies-2019\" width=\"999\" height=\"749\" class=\"alignnone size-full wp-image-35904 lazyload\" data-srcset=\"https:\/\/www.andysowards.com\/blog\/assets\/data-breaches-retailers-consumer-companies-2019.jpg 999w, https:\/\/www.andysowards.com\/blog\/assets\/data-breaches-retailers-consumer-companies-2019-768x576.jpg 768w\" data-sizes=\"(max-width: 999px) 100vw, 999px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 999px; --smush-placeholder-aspect-ratio: 999\/749;\" \/><\/a><br \/>\n<em>If you bought anything from these 19 companies recently, your data may have been stolen<\/em><\/p>\n<p>After Magecart skimming, the website of Ticketmaster UK was hacked in 2018 through a third-party vendor chatbot. This shows the shift of hacking techniques from individual sites to third-party codes. As companies are adding more vendors to their e-commerce websites for allied services, this trend warrants more vulnerability.\u00a0<\/p>\n<p>To mitigate such risks, you can scrutinize the third-party scripts on your website. Identify the scripts having access to sensitive information and keep an eye on them. Also, conduct due diligence reviews of third-party vendor codes at regular intervals to control their security access levels.\u00a0\u00a0<\/p>\n<h3>Protection of the First-Party Codes<\/h3>\n<p>An updated and fine-tuned web infrastructure is more secure against Magecart attacks. You can use your web application firewall to protect the first-party codes from the hackers. Configure the firewall to alert and block the code injection attacks from malicious sources.\u00a0<\/p>\n<p>Also, set rules to block specific domains from accessing the information on your e-commerce website. These are traditional methods that may not suffice to protect against skimming codes.\u00a0<\/p>\n<p>Hence, you need a comprehensive approach to fine-tune not only the first-party code but also the third-party scripts.\u00a0<\/p>\n<h3>Protection From Unauthorized Transfer of Personal Information<\/h3>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/09\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks\/\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png\" alt=\"how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks\" width=\"787\" height=\"648\" class=\"alignnone size-full wp-image-35906 lazyload\" data-srcset=\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png 787w, https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks-768x632.png 768w\" data-sizes=\"(max-width: 787px) 100vw, 787px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 787px; --smush-placeholder-aspect-ratio: 787\/648;\" \/><\/a><br \/>\n<em>How to protect your data from Magecart and other e-commerce attacks<\/em><\/p>\n<p>Magecart groups work stealthily to inject skimmer code into your first-party or third-party JavaScript. It can make your website extremely vulnerable to unauthorized transmission of customer data, especially personal information.\u00a0<\/p>\n<p>Hence, take proactive steps to control the situation before it blows out of proportion. Preventing the code from sending the data to a malicious domain is your safest bet. You can stop this unauthorized transmission if the codes are compromised. Implement a content security policy (CSP) to make this happen.\u00a0<\/p>\n<p>CSP helps you to mark the domains that can access your e-commerce store and the type of files they can transfer. With this procedure in place at the checkout phase, you can easily block scammers from sniffing credit card or other personal customer data.<\/p>\n<h3>Implementing and Managing CSP<\/h3>\n<p><a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2018\/12\/19\/breaking-down-five-2018-breaches-and-what-they-mean-for-security-in-2019\/#4b9bae0e41c4\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/breaking-down-five-2018-breaches-and-what-they-mean-for-security-in-2019.jpg\" alt=\"breaking-down-five-2018-breaches-and-what-they-mean-for-security-in-2019\" width=\"960\" height=\"638\" class=\"alignnone size-full wp-image-35905 lazyload\" data-srcset=\"https:\/\/www.andysowards.com\/blog\/assets\/breaking-down-five-2018-breaches-and-what-they-mean-for-security-in-2019.jpg 960w, https:\/\/www.andysowards.com\/blog\/assets\/breaking-down-five-2018-breaches-and-what-they-mean-for-security-in-2019-768x510.jpg 768w\" data-sizes=\"(max-width: 960px) 100vw, 960px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 960px; --smush-placeholder-aspect-ratio: 960\/638;\" \/><\/a><br \/>\n<em>Breaking Down Five 2018 Breaches &#8212; And What They Mean For Security In 2019<\/em><\/p>\n<p>For implementation and management of content security policy, record the domains having access to your site, and approve the safer ones out of these.\u00a0<\/p>\n<p>You can also choose a website security platform that uses AI-based analytics to profile the website codes and scripts in real-time. It helps to automate the dynamic adjustments of web security policies to prevent any client-side cyber attacks that may cost you sensitive data.<\/p>\n<p>So, protect your web assets with the right strategies and techniques. Choose a platform having the capability to prevent malicious attacks without costly incident response systems.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly 37% of websites have<\/p>\n","protected":false},"author":1,"featured_media":35906,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[109,5695,359],"tags":[5891,7846,11104,11105,10215,6020,974,6249,4368,333,11103,7930,988,425,114,118,6415,177,257,11108,11107,115,11106,10330,677],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Protect Sensitive Information on Your E-Commerce Website<\/title>\n<meta name=\"description\" content=\"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Protect Sensitive Information on Your E-Commerce Website\" \/>\n<meta property=\"og:description\" content=\"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/facebook.com\/andysowardsfan\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-29T17:48:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png\" \/>\n\t<meta property=\"og:image:width\" content=\"787\" \/>\n\t<meta property=\"og:image:height\" content=\"648\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andy Sowards\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@andysowards\" \/>\n<meta name=\"twitter:site\" content=\"@andysowards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andy Sowards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/\",\"url\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/\",\"name\":\"How to Protect Sensitive Information on Your E-Commerce Website\",\"isPartOf\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png\",\"datePublished\":\"2019-10-29T17:48:09+00:00\",\"dateModified\":\"2019-10-29T17:48:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\"},\"description\":\"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly\",\"breadcrumb\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage\",\"url\":\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png\",\"contentUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png\",\"width\":787,\"height\":648},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.andysowards.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Protect Sensitive Information on Your E-Commerce Website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\",\"url\":\"https:\/\/www.andysowards.com\/blog\/\",\"name\":\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\",\"description\":\"Design Inspiration &amp; Business Resources for Creatives\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\",\"name\":\"Andy Sowards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"caption\":\"Andy Sowards\"},\"description\":\"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards\",\"sameAs\":[\"https:\/\/www.andysowards.com\"],\"url\":\"https:\/\/www.andysowards.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Protect Sensitive Information on Your E-Commerce Website","description":"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/","og_locale":"en_US","og_type":"article","og_title":"How to Protect Sensitive Information on Your E-Commerce Website","og_description":"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly","og_url":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/","og_site_name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","article_publisher":"http:\/\/facebook.com\/andysowardsfan","article_published_time":"2019-10-29T17:48:09+00:00","og_image":[{"width":787,"height":648,"url":"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png","type":"image\/png"}],"author":"Andy Sowards","twitter_card":"summary_large_image","twitter_creator":"@andysowards","twitter_site":"@andysowards","twitter_misc":{"Written by":"Andy Sowards","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/","url":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/","name":"How to Protect Sensitive Information on Your E-Commerce Website","isPartOf":{"@id":"https:\/\/www.andysowards.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage"},"image":{"@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png","datePublished":"2019-10-29T17:48:09+00:00","dateModified":"2019-10-29T17:48:09+00:00","author":{"@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415"},"description":"If you have an e-commerce website, you need to identify Magecart as a massive security threat to your online assets. A recent analysis found that nearly","breadcrumb":{"@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#primaryimage","url":"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png","contentUrl":"https:\/\/www.andysowards.com\/blog\/assets\/how-to-protect-your-data-from-magecart-and-other-e-commerce-attacks.png","width":787,"height":648},{"@type":"BreadcrumbList","@id":"https:\/\/www.andysowards.com\/blog\/2019\/protect-sensitive-information-e-commerce-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.andysowards.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Protect Sensitive Information on Your E-Commerce Website"}]},{"@type":"WebSite","@id":"https:\/\/www.andysowards.com\/blog\/#website","url":"https:\/\/www.andysowards.com\/blog\/","name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","description":"Design Inspiration &amp; Business Resources for Creatives","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415","name":"Andy Sowards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","caption":"Andy Sowards"},"description":"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards","sameAs":["https:\/\/www.andysowards.com"],"url":"https:\/\/www.andysowards.com\/blog\/author\/admin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/35903"}],"collection":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/comments?post=35903"}],"version-history":[{"count":1,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/35903\/revisions"}],"predecessor-version":[{"id":35907,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/35903\/revisions\/35907"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media\/35906"}],"wp:attachment":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media?parent=35903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/categories?post=35903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/tags?post=35903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}