If you were a trader with a real-life, high street shop, you wouldn’t dream of leaving the keys in the front door and the cash register open when you left at night. Unfortunately, not all owners of online shops are quite as careful with their assets in the digital world, with thousands of websites believed to be unsecure.
According to Dutch web developer Willem De Groot (co-founder and head of security at Dutch ecommerce site byte.nl) almost 6000 websites are known to be harbouring malicious code which skims off customers credit card details – not because of any particular type of software but, as he stresses, because of sloppy website maintenance.
Many business owners either lack the time or the experience to do anything with their own website after it’s initially been launched. If you don’t update a brochure style site the worst that can happen is that your business would project a sloppy image of itself and its visibility in search engines would suffer.
However, if your website offers ecommerce it must be secure, and the software which runs both it and your payment gateway must be updated when the platform is updated. Software houses publish new versions and updates regularly – not just to include fancy new features but also to fix known vulnerabilities which could otherwise leave your site open to hacking and all that that entails.
The 6000 vulnerable websites exposed by Mr De Groot included a wide range of victims – government sites, museums, car makers, fashion firms and huge numbers of ordinary online retailers – maybe ones just like your business.
The credit card data of customers had been skimmed with different code which implies that a number of criminal gangs were involved, and it was being sold on the dark web at about £25 per card – much of it making its way to Russia.
If you’re trading online you should already be registered with the Information Commissioners Office and know that it’s your obligation to keep your clients data safe. In fact we wrote an article just last week about forthcoming changes to the Data Protection Act which will set out how and when you should respond if you do suffer a data breach. Ignoring it for 18 months is not one of the options.
The single, most easy way to stop this from happening to your online business is to update your software regularly. The single, most easy way for a consumer to avoid having their data skimmed is to make sure that you are only making online purchases through a known payment gateway like PayPal.
The most important message here is that if you are trading online you must keep constant watch on the security of your virtual shop, just like you would in a real one. If you need any help to do that, just get in touch with us here at Jones Harris. We have a huge network of contacts and can pass you on to someone who will be able to help.
Get the latest updates
Make sure that you’re following our website and sign up for the Jones Harris enewsletter here
Don’t forget we’re also on Twitter @JHAccountants and you can follow our LinkedIn business page, Jones Harris Accountants