The most recent breach in security at GoCardless leaves many concerned about the security of online payments. This is the latest in a long line of eCommerce security issues that we are not doing enough to prevent.

From 2014 to 2015 the number of web attacks per day rose 117%, from 493k to 1.1m [1]. With website vulnerability also rising 2% [2], more and more websites are being affected by cybercrime.

This damages business. Approx. 16% of companies who have assessed the financial impact of a cyber-attack valued the loss at more than £5m [3].  You would be excused for thinking then, that companies are rushing to assess and mitigate the risks. Sadly, this is not the case. Over 60% of companies have not assessed the impact of an attack [4]. Nor have they taken sufficient action to avoid attacks happening.

In a 2015 study of Retail and eCommerce Security [5], 100% of eCommerce retailers had web vulnerabilities that could be exploited by hackers. These included:

– Vulnerabilities in the CMS, including publicly accessible admin portals and malicious plugins or themes

-Network administrative portals facing public internet

-Web application administrative portals facing public internet

-One or more OWASP Top 10 Web Application Vulnerabilities

-Legacy web application software (ColdFusion, Classic ASP, PHP)

-Legacy enterprise web applications for the purposes of business administration hosted on subdomains

-Default files left on server from initial installation of software packages

Hackers can take advantage of these vulnerabilities to access sensitive information such as customer credit card details. Between 2011 and 2014, malicious web shells (a method that allows hackers to harvest card data from a site) were the number one cause of card data breaches [6]. Criminals are no longer robbing banks, they are hacking websites. If you do not have suitable security policies, then you are at risk.

You can find more information on what you can do to protect your business here.



[1][2] 2016 Internet Security Threat Report – Symantec, [3][4] 2017 Cyber Threats: A perfect storm about to hit Europe? Marsh & McLennan Companies, [5] 2015 Retail and eCommerce Security Report – SecurityScorecard, [6] 2015 Payment Security Report – Worldpay


You can check if your details have ever been leaked by entering your email address here.

Leave a Reply

Your email address will not be published. Required fields are marked *