The vision of a lone hacker sitting in their basement tapping away at a computer may make for a good character in a movie but today’s hackers are sophisticated and increasingly part of organized crime. With the massive amount of money trading hands online through eCommerce, it’s a tempting target for bad guys.

Identity theft, fraudulent transactions, and data breaches have caused havoc for businesses. A single data breach alone now costs an average enterprise $3.92 million in 2020.

Application Attacks

Businesses use a range of applications to take care of their customers, including web pages for processing and storing customer data. Hackers are finding ways to exploit these applications and gain access to business databases. Web application attacks might include such tactics as:

  • Command injection
  • SQL injection
  • Cookie-poisoning
  • File-path traversal
  • Cross-site scripting (XSS) attacks
  • Distributed denial-of-service (DDoS) attacks


Nearly 38% of all web traffic is estimated to be done by bots, and many of them are used for malicious intent.

  • Bandwidth choking or artificial traffic to slow down business sites
  • Cart blocking so customers do not see available products
  • Account takeovers
  • Credential stuffing

Phishing Email & Social Engineering

Not all of the attacks on businesses are high-tech. Phishing emails are one of the oldest tricks in the hacker’s playback but they are still the most common way threat actors gain access to computer networks, steal identities, and commit online fraud.

Businesses get hit a couple of ways. Scammers will often mimic your brand and use fake emails to get your customers to provide sensitive data which they’ll use to take over their accounts and commit fraud. They may use the information they get from your customers against you by making fraudulent purchases and sticking you with heavy fees from chargebacks on top of it.

The more sophisticated attacks use target social engineering to make phishing threats appear even more legitimate.

Malware & Ransomware

Often, these phishing attacks lead to two additional problems: malware and ransomware. Once threat agents get into your systems by injecting malware, it works silently in the background to exploit vulnerabilities in business software and systems. This can lead to breaches and give the bad guys access to proprietary information.

Ransomware has made a bit of a comeback in 2020. Ransomware encrypts data and demands a payment to de-encrypt it. Businesses that pay the fee may get the key to unlock it – or not. Rarely can the data be recovered by other methods. Agencies like the FBI do not support paying the ransom as it is funding organized crime.

eCommerce Fraud

Global eCommerce fraud is growing at an astounding rate. With the massive shift to online shopping due to COVID-19, even more dollars are being spent online and even more fraud is occurring. By 2024, researchers expect online payment fraud losses to top $25 billion annually.

Scammers are using stolen identities to purchase items and rack up credit card bills. Merchants are seeing significant increases in Chargebacks from customers claiming fraudulent charges. Many are outright fraud. Others are fraud on behalf of the customers that get refunds from credit card issuers but keep the goods they’ve ordered. Merchants lose the cost of the goods and shipping and significant fees from the card issuers.

Fighting Back Against Cybercriminals

Fighting back against cybercriminals means businesses have to take proactive measures. This includes:

  • Making sure all firmware and software is updated and the latest security patches have been installed
  • Educating and training staff on the importance of security procedures
  • insisting on strong passwords and two-factor authentication
  • Segregating, encrypting, and backing up sensitive data
  • Managing an increasingly mobile and BYOD workforce

For eCommerce retailers, it means deploying the right software solution to detect fraud and high-risk users before purchases are approved. That starts with IP Analysis to wade through the maze of VPNs, proxy servers, and masked IP addresses to surface threats. IP Analysis, device fingerprinting, and email/phone lookup can tell businesses a lot about who is on the other end of an order and identify high-risk transactions.

Security Breaches Continue to Increase

Accenture reported there has been a 67% increase in security breaches over the past five years. Fraud targeting eCommerce businesses continues to grow as well. Take proactive steps to prevent your business from getting added to the list of victims.