Various security scans performed on about 60,000 Magento websites, which is the very famous e-commerce platform, shows that about 78% are missing the critical security patches, while about 5% are confirmed to have some kind of payment card data harvesting malware inside which is stealing their customer details.
These scans were performed, in the last week, using the WebScan which is the Foregenix’s free online scanner.
These findings follow numerous high-profile breaches of the customer data over the past year, which involves companies like Cisco, Oracle and Yahoo.
A cyber security company, which is popular around the world for its work with payment providers and banks, has an active threat intelligence team analysing and researching attack trends and patterns, with a very strong focus on the eCommerce sector.
The co-founder of Foregenix, Benjamin Hosack, said that the rise in cybercrime threatens to undermine confidence in the e-commerce, especially in the markets where e-commerce is the leading way in online sales such as the UK and US. While heavy penalties by the card providers may put many of the smaller traders out of business in the year ahead.
“Breaches of the security are also getting more expensive and it’s the small firms which are worst affected. Visa, for example, imposes a fine of up to €18 for each stolen set of card data from European merchants, according to Barclaycard.* Given that it takes six months for the average trader to realise they have been hacked, those for example with 100,000 transactions a year, could face a fine of roughly €450,000 – a sum beyond the means of many SMEs.
“Magento and other e-commerce platforms release regular software updates in response to threats. These security patches, if not applied, can leave websites highly vulnerable to hacking. However, most of the website developers and owners are usually slow to update software, mainly because it is a fairly costly and complex process.