New ZeroRisk Research Promises Critical Insights into Best Practice Merchant Security

ZeroRisk provides much needed insights that Merchant Service Providers (MSPs) can use to enhance security and reduce risk across their entire portfolio. Learn more.


Most Small and Medium-sized Business (SMB) owners aren’t IT experts. They choose off-the-shelf e-commerce packages with the expectation that everything will be taken care of by the software provider. Unfortunately, this isn’t always the case, and gaps in protection can create serious security and compliance risks.

To highlight where these risks can appear and what can be done to tackle them, we’ve just completed a major study of nearly 20,000 merchants operating in a European country. The results are enlightening. Only one business was found to be completely secure and a few businesses qualified as “Trusted”.

A Unique Approach to Risk

Our research uses ZeroRisk’s unique scoring system to remotely scan for and appraise the criticality of various security issues that e-commerce businesses exhibit. These include:

  • Expired or unsecure versions of SSL certificates
  • Unnecessarily open network ports
  • Security Response Header violations
  • Unsecure email configurations

All of these (except unsecure email) and other issues we have uncovered could indicate serious merchant risk and be in violation of PCI DSS compliance rules.

Why are they occurring across so many businesses when owners are choosing pre-packaged e-commerce software? That’s perhaps a question for another occasion. But there could be concerns that many entry level products and services simply aren’t configured securely, or don’t offer the levels of protection merchants may expect given the bold marketing claims they’re exposed to.

Going Deeper

We’re excited to share the results of the full report with you shortly. It will provide each merchant with a simple “critical”, “high”, “medium”, “low” and “trusted" risk score. Crucially, we’ll also offer contextual information to highlight the common mistakes those in risky categories make, and what they can do to lower their risk. We also highlight the best practices exhibited by those in the “low” and “trusted” risk categories.

It’s the kind of visibility ZeroRisk is hoping to drive across the industry. With zero interaction required from the e-commerce business itself, we can provide much needed insight that Merchant Service Providers (MSPs) can use to enhance security and reduce risk across their entire portfolio.

Let's get started

Thank you!
‍Our team will contact you as soon as possible.
Oops! Something went wrong while submitting the form.