By: John Cyril Yee|
27 Aug 2019
Over the recent weeks, the Verz Design team had discovered that malicious entities are abusing a feature built on our clients’ Magento eCommerce websites for fraudulent acts.
We’ve learned that these attackers visited online shops and exploit the site’s PayPal Express integration feature to check the validity of a stolen payment card for illegal use. Other websites had also reported similar instances wherein hundreds of 0$ transactions on Magento 2.1.x and 2.2.x stores were initiated to verify a card’s details.
Reports say that these hackers come from online cybercrime forums wherein someone will buy a stolen credit card for a substantial amount of price. Which is why they would first test a card’s information before having it sold.
What is Paypal Express?
PayPal Express integration is a payment gateway that directly processes payments on merchant websites instead of redirecting users to the PayPal website. It allows customers to enter their card information during the store checkout page without using PayPal-hosted forms.
Businesses use this feature because it lets users stay on their website until a successful product purchase. This works when a user clicks the Paypal Express payment method option, enter the type of credit card, its number, among other necessary information. Either a sales order or an invoice will then be provided afterwards, depending on the customer’s payment configuration.
What this means for your eCommerce Website
Take note that hackers aren’t using stolen payment cards to place orders for actual products on your site. Meaning: attackers aren’t necessarily stealing from your site. However, this seemingly harmful and malicious activity is the starting point of organised or disorganised cyber-attacks that can eventually destroy your business.
More than that, the actual problem lies in how your online shop can be abused to be a medium for making illegal transactions on the internet. So as eCommerce web development experts, we recommend you to take the necessary steps to protect your stores against this abuse.
3 Easy Ways to Protect Your Website Against Abuse
1. Establish a web application firewall
A web application firewall (WAF) is a robust web security solution that pre-empts any kind of cyber-attack by filtering illegitimate traffic away from your website and its servers. It’s a website’s first line of defence against potential attacks and is often effective in doing so.
Unlike traditional computer firewalls, a WAF specifically adapts to a website’s unique vulnerabilities to ensure that its security functions will still work while the firewall is active. At times, a computer firewall would just block all incoming connections for security, rendering your website useless for everyone online. Having a WAF hence guarantees that your site is protected against hackers while being completely functional for your customers.
Found this article useful? Before reading on, don’t miss out on other related articles:
2. Implement anti-fraud functions and practices
Anti-fraud codes or functions on your website will let you block IPs that perform malicious acts, especially those initiating $0 transactions on your purchase form. Doing so will simply prevent fraudulent activities to occur on your site again. Businesses that want to execute the necessary eCommerce fraud countermeasures must:
And when planning to do these things, it’s best to tap on eCommerce web security experts who can help shield your Magento website against fraudulent acts.
3. Consult your web development agency
If you’re concerned about fraudulent entities disrupting the safety of your Magento eCommerce website, then it’s high time for you to consult a trusted web development agency to prevent abuse as well as deliberate attacks on your online store.
Aside from taking the necessary measures in handling your site’s security, a web professional will ensure that your Magento website is hosted on a safe and secure server through an excellent web hosting company. After all, attackers that find it easy to exploit your website features’ for their selfish interest will likely find ways to directly invade your site’s data, among other serious actions.
This recent incident is just one in a string of unfortunate events that demonstrate the growing need for cybersecurity on eCommerce websites. In order to ensure that your website is protected from either abuse and other damaging attacks, we recommend you to adopt a trusted cybersecurity software and to collaborate with a reliable web development company.
Verz Design puts a premium on the security of our clients’ online stores. We employ proven cybersecurity practices on our clients’ eCommerce web design packages and invest in countermeasures that ensure their long-term security.
Start protecting your online shop today. Call us at 6841 1680 or email us at [email protected] for a free consultation!