eCommerce security

Year-end shopping, starting with Black Friday until Christmas, represents one of the highest-turnover periods for the eCommerce sector. This time when most people shop online can be conducive to your store becoming the victim of cyberattacks if you don't take the necessary precautions.

At the end of the year, retailers experience an annual increase in sales and revenue in their stores. In its online shopping forecast for the 2022 holiday season, Adobe expects online sales in the United States to reach $209.7 billion from November 1 to December 31, representing a year-on-year growth of 2.5%.

It is already a fact that eCommerce is a trend and that consumers have changed the way they shop due to its many advantages. However, digital transformation is also fertile ground for the proliferation of different cyberattack techniques that jeopardize the privacy and security of an eCommerce business. 

Safety should be a priority for merchants all year round, but during these times, it deserves special attention. In 2021, holiday sales grew by 14% to $886.7 billion, while rates of attempted fraud in eCommerce increased by 19%.

Nowadays, threats and vulnerabilities in the world of eCommerce will not only increase but will become increasingly sophisticated. In this article, we explain the importance of security in eCommerce and give you 5 tips to keep your store safe.

What is a cyber attack and what are the most common types?

A cyber attack is the damage to a computer system by an attempt to access, alter, destabilize, destroy or delete data without the authorization of its owners. This type of action can have different objectives, but the most common is usually the theft of information.

The reasons why cyber attacks usually occur are varied, but the most common are:

  • Vulnerability of the computer system.
  • Poor safety practices.
  • No site maintenance.
  • Deficiencies in the site infrastructure.
  • Security breaches within the site. 

There are different types of cyber attacks that vary depending on the way they execute them, their objective and their victim. Let's explore the most common security attacks that can affect an eCommerce:

The 5 most common security attacks in an eCommerce

One of the most serious consequences of attacks on the security of our eCommerce is the theft of information. The theft of sensitive customer data can end up ruining our reputation and lead to serious legal consequences.

Among the data most conditioned by cybercriminals are the bank details, credit card numbers, passwords and personal information of our customers. The ultimate goal is to use this data for impersonation, theft or sale on the black market. 

Let's explore some of the most common attacks through which information can be stolen from our eCommerce.

1- Zero-day attack

A zero-day attack is an attack that exploits an unknown security flaw in eCommerce. Because the victim is unaware of this flaw before the attack, they cannot implement a security patch to prevent the attack until it's too late.

2- SQL code injection

eCommerce businesses work with databases full of sensitive customer information, an SQL injection attack allows an unauthorized user to access these databases. By injecting malicious code, you can bypass an authentication page and gain access to the database to steal, modify and delete the data.

3- Phishing

Even if phishing isn't specifically aimed at our eCommerce, it can damage our brand's reputation. In short, Phishing occurs when a third party creates a website identical to ours in order to capture data from our customers.

According to a study, 13.1% of the cases of phishing reported in 2021 were aimed at eCommerce.

4- DDoS - Denial of Service

This type of attack is capable of jeopardizing your store for hours and even days if you don't have the necessary tools to combat it. Specifically, a cybercriminal will use a network of infected computers under their control to launch thousands of connection requests per second to your eCommerce. 

As a result, the server will not be able to handle all requests and your store will be inaccessible for the duration of the attack.

5- E-skimming

E-skimmers are fragments of malicious code that steal customer credit card data during online transactions.

Why is security in eCommerce important?

When you think of providing a good customer experience, security is probably one of the last things that comes to mind. However, a secure eCommerce is indispensable to build long-lasting relationships with our customers. 

Cybersecurity has become a real headache for eCommerce owners as laws hold them accountable for potential security breaches. So this is a threat that must be taken seriously, making it a major challenge and a top priority for merchants. 

It is estimated that the eCommerce sector accounts for approximately 30% of all attacks, causing merchants significant losses in business finances, market shares and reputation. As an additional fact, almost 60% of small stores that are victims of cyber attacks cannot survive more than 6 months due to the irreparable damage they suffer. 

The particular case of eCommerce, where a large volume of commercial transactions are carried out daily with users' personal information, requires further strengthening the security of both the site and the users. 

Cyber attacks increased by 50% in 2021 compared to the previous year and represent a greater proportion every year. For all this, it is crucial to put in place security measures that protect your business from the threat of cyber attacks.

What is security in eCommerce?

eCommerce security is the set of best practices accepted worldwide that guarantee Internet transactions and protect customer information from third parties. Each of these measures include protocols that protect both companies and customers who share personal information in order to purchase these products.

Most eCommerce sites don't usually make security a priority because they focus more on sales and UX than on data protection. 

Threats to the security of an eCommerce are constant, so you must actively defend yourself to keep your data safe and ensure that your users can safely browse your entire store. If you have an Adobe Commerce store, here are some keys to reducing the risk of a security threat.

5 security measures to keep your eCommerce safe

Adobe Commerce recommends a set of security measures for all of its customers. Let's explore what they are: 

1. Enable two-factor authentication for your admin panel and all SSH connections

Magento two-factor authentication (2FA) is an additional protection measure that improves the security of your eCommerce by requiring two-step authentication to access the administration UI from all devices. 

With this tool, you can:

  • Enable authenticator support for the administrator.
  • Manage and configure authenticator settings globally or per user account.
  • Reset authenticators and manage trusted devices for users.

If you want to know how to set up and manage 2FA, we recommend that you consult the following guide provided by Adobe Commerce.

 2. Set up and use a non-default administrator URL

A simple administration URL makes it easy to automatically look up passwords to attack specific locations. To prevent such attacks, Adobe creates a random administration URL by default when installing the product. 

While using an admin URL will not protect your site, using it will help prevent large-scale automated attacks. You can further secure access by:

  • Two-factor authentication: 2FA prevents brute force attacks and unauthorized access.
  • CAPTCHA provided by Adobe: The reCAPTCHA are combinations of letter and number codes designed to verify human response.

3. Install the latest updates and security patches

80% of incidents occur due to security breaches that have probably already been resolved in new versions. Adobe offers two ways to keep your store secure throughout the year:

  • Patch versions: includes bug fixes for security, performance, quality and high priority.
  • Security patch versions: include fixes and improvements to keep the site secure and are easier to implement.

Keeping your store updated to the latest version and with all the current patches is the first and best line of defense against possible attacks. Adobe releases an annual release schedule to make the planning process easier for merchants. 

Versions 2.4.0 to 2.4.3 (based on PHP 7.4) arrived on EOS on November 28, 2022 when PHP 7.4 reached the end of its useful life (EOL). Based on these two EOS events, it's important to upgrade your store to version 2.4.4 or higher.

In line with the Adobe Commerce lifecycle policy, versions 2.4.4 and 2.4.5 will receive quality support and security patches until November 2024. If you want to know more about the importance of keeping your store up to date, we have prepared the following article.

If you want to update your store with a certified team, contact us.

4. Implement “lock config” and “lock env” environment variables

There are a number of advanced configuration commands that you can use to:

  • Set any configuration options from the command line.
  • Lock any configuration option so that its value cannot be changed in the Administrator.
  • Change a configuration option that is locked in the Administrator.

You can use these commands to set up Magento settings manually or using scripts. Configuration options are set using a configuration path, which is a delimited string that uniquely identifies that configuration option.

5. Set up and run the Adobe Commerce security scan service

Adobe Commerce Security Scan is a service offered by Adobe that allows you to scan your site for security risks and receive patch updates and security notifications.

Including the Adobe Commerce Security Scan service can help you:

  • Get information on the security status of your store in real time.
  • Schedule the security scan to run weekly, daily, or on demand.
  • Receive reports with the results of more than thirty security tests and the recommended corrective actions for each failed test.
  • Maintain a history of security reports in your Adobe Commerce account

The Security Scan service is available free of charge from your Adobe Commerce account dashboard.


We have reviewed the problem of security in eCommerce and the importance of having the right security measures in place. If you are an eCommerce owner, it is essential that your site communicates trust and security to your potential customers.

A loss of data can have a negative and lasting impact on your brand's trust, causing irreparable damage. To avoid this, it is essential to have robust protocols and security measures that protect the site from malicious attacks by third parties. 

Due to the load of tasks related to the administration of their stores, merchants do not have time to devote to increasing their cyber defenses. So turning to the technical support of professionals who take the right measures to keep your store secure is a good option. 

Our Support and Maintenance Services includes the implementation of periodic checks, software updates and the activation of multiple layers of security. As a final result, we alleviate workloads so that you can concentrate on your business without worrying that technical issues are not being resolved correctly.

Strong security against potential attacks is the first step to a successful business. Discover how OH can help your company defend against a cyberattack.