Improve Small Business Cybersecurity and Prevent Magecart Attacks

Improve Small Business Cybersecurity and Prevent Magecart Attacks

The U.S. e-commerce industry is growing exponentially and research shows it’s not just a trend, with total e-commerce sales expected to reach $1.1 trillion in 2023. Small businesses are part of that statistic, creating their own e-commerce sites to broaden their offerings and boost their sales. However, hackers and cybercriminals have taken note. When hackers compromise a business e-commerce site, they can steal payment information, including credit card numbers, customer identities and billing addresses. This is a lucrative business for scammers, who are able to sell the pieces of stolen information for as much as $100 each on the black market.

Magecart, a consortium of hacker groups targeting online shopping carts for businesses, has been a growing threat since as early as 2010. According to a 2019 report by RiskIQ, Magecart has been responsible for more than 2 million attacks and has affected over 18,000 hosts. Some of the most noteworthy attacks include Ticketmaster, British Airways and NewEgg.

We’ll dive into how Magecart works as well as how to reduce the risk of an attack to your small to medium-sized business.

How a Magecart Attack Works

To steal customer payment information, Magecart starts by attaching malware to a business’s online shopping cart system. The hackers will then insert a malicious code into the system that is designed to forward the credit card number and associated address directly to a fake but legitimate-sounding domain.

There are only a handful of methods to detect a Magecart attack on your small business. One is to look for unusual transactions, including transactions for small amounts (less than a dollar), and an increase in the number of foreign transactions. The other way is to look at your shopping cart system code line by line to see if anything has changed. In many cases, a breach isn’t detected until customers begin reporting credit card and bank fraud on their accounts.

How to Stay Protected

Cybersecurity can be difficult for small business owners to address because they are trusting their e-commerce provider to keep customers’ information secure. Here are some considerations for choosing an e-commerce provider.

1. Who is liable in the event of a breach? The terms and conditions for many e-commerce providers will state that they are not responsible in the event of a breach. You should also understand their cyber insurance policy. They may have a policy that covers $25 million in losses, but one or two large businesses could eat through this in a hurry, leaving your small business footing the bill for its losses.
2. Who is spot-checking the vendors? It may not be enough to trust the partner that built your e-commerce site. You should also have a cybersecurity expert on your side that is going to spot-check their work and run tests to make sure the system is secure.
3. Are your vendors passionate about cybersecurity? When you’re talking to potential e-commerce providers, ask them about their approach to cybersecurity. Those who are eager about keeping your system secure should be able to tell you a great deal about what they do.

Find a Reliable Partner to Help With an Action Plan

So, how should you react if you discover that your e-commerce site has been compromised? The truth is, you need to have this figured out well before it happens. Without an action plan in place, you could be left with no viable solutions in the event of an attack because you were not collecting the right information.

If you find a reliable cybersecurity partner before an attack takes place, they can help you create that action plan and let you know what kind of data to be monitoring and capturing. That way, ir or when an attack occurs, they will be able to utilize the data and fix the problem.

Northwest Bank Takes Small Business Cybersecurity Seriously

Our Business Security Center contains tools and educational resources to provide you with the knowledge to help prevent your business from becoming the victim of fraud. Visit our online Business Security Center for more information.