Most Small and Medium-sized Business (SMB) owners aren’t IT experts. They choose off-the-shelf e-commerce packages with the expectation that everything will be taken care of by the software provider. Unfortunately, this isn’t always the case, and gaps in protection can create serious security and compliance risks.
To highlight where these risks can appear and what can be done to tackle them, we’ve just completed a major study of nearly 20,000 merchants operating in a European country. The results are enlightening. Only one business was found to be completely secure and a few businesses qualified as “Trusted”.
Our research uses ZeroRisk’s unique scoring system to remotely scan for and appraise the criticality of various security issues that e-commerce businesses exhibit. These include:
All of these (except unsecure email) and other issues we have uncovered could indicate serious merchant risk and be in violation of PCI DSS compliance rules.
Why are they occurring across so many businesses when owners are choosing pre-packaged e-commerce software? That’s perhaps a question for another occasion. But there could be concerns that many entry level products and services simply aren’t configured securely, or don’t offer the levels of protection merchants may expect given the bold marketing claims they’re exposed to.
We’re excited to share the results of the full report with you shortly. It will provide each merchant with a simple “critical”, “high”, “medium”, “low” and “trusted" risk score. Crucially, we’ll also offer contextual information to highlight the common mistakes those in risky categories make, and what they can do to lower their risk. We also highlight the best practices exhibited by those in the “low” and “trusted” risk categories.
It’s the kind of visibility ZeroRisk is hoping to drive across the industry. With zero interaction required from the e-commerce business itself, we can provide much needed insight that Merchant Service Providers (MSPs) can use to enhance security and reduce risk across their entire portfolio.