Findings From SecurityMetrics' Ecommerce Security Service (Shopping Cart Inspect)
SecurityMetrics Shopping Cart Inspect helps businesses detect if their Shopping Cart has been breached.
With the help of Shopping Cart Inspect, SecurityMetrics Forensic Analysts review businesses’ rendered webpage code on their shopping cart URL to collect evidence of a skimming attack.
2022 Ecommerce Security Data Analysis
Trends From 2021 SecurityMetrics Shopping Cart Inspect Investigations
88.89% of Shopping Cart Inspect reviews identified malicious, suspicious, and/or concerning issues on researched ecommerce sites.
25.3% of inspected ecommerce sites had malicious issues.
63.86% of inspected ecommerce sites had suspicious issues.
33.73% of inspected ecommerce sites had concerning issues.
1.88 issues: Average number of issues identified in a Shopping Cart Inspect review.
18.42% of issues discovered were malicious; 61.19% were suspicious; 20.39% were concerning.
Malicious: Evidence of card data being stolen. (Highest threat level)
Suspicious: Identified issues increase the probability of a potential exploit. (Medium threat level)
Concerning: Unlikely method of being breached, but identified issues could lead to a potential exploit. (Low threat level)
Top 5 Malicious Website Issues Found
A script is running with a post of data to a known bad site.
Authorized payment webform is being replaced by a counterfeit.
Directory Browsing Enabled
Directory Browsing is enabled on the web pages analyzed.
Malicious Double Checkout
Double post of credit card data returning to alternate checkout page on merchant's server.
Top 5 Suspicious Website Issues Found
Out of date CMS - Suspicious
Out-of-date web components. Unpatched or un-updated software is a leading cause of sites losing sensitive data.
Advertising/Analytics content is being pulled into the pages being reviewed in the checkout environment. This can be a source of intermittent card/data loss due to drive-by malvertising.
Missing required web server security headers.
iFrame Source Issue
iFrame source appears to be suspicious or improperly configured or protected. Attackers often change the iFrame source to point to malicious web forms. iFrame may be misconfigured, allowing cross-site scripting attacks.
Top 5 Concerning Website Issues Found
A configuration item with a website or web server is not following best security practices.
Checkout Configuration Issue
The implementation of certain aspects of the checkout process may not follow best security practices and could leave merchants vulnerable to certain types of attacks
Out of date CMS - Concerning
Out of date web components, which would be unlikely to lead to a breach of site security but should be updated.
HTTP Header Issue
Improperly configured HTTP headers can provide attackers with specific information about your web server setup, such as vulnerable software versions.
content called via HTTP in an HTTPS environment, breaking strict SSL/TLS protocol. In severe cases, this can be exploited by bad actors to view privileged content.