2019 was a bad year for data security and threats against ecommerce businesses are evolving. Retailers should pay close attention to these kinds of attacks.

Segun Onibalusi, digital marketing strategist and founder of SEO POW

2019 was the worst year ever for data breaches and online security—by a great deal.

Risk Based Security’s 2019 Year-End QuickView Data Breach Report found the number of reported exposed records in 2019 increased a whopping 284% compared to 2018. This doesn’t bode well for online retailers. A recent study by Signifyd confirms this fact.

The Signifyd study surveyed 2,000 online shoppers in the U.S. during the holiday shopping season starting Thanksgiving and ending Cyber Monday to know their perception of their security with online retailers.

The study came up with the following interesting findings:

  • 62% of consumers are not confident about the security of their data with retailers.
  • 25% of consumers said that they knew that their data is not safe with retailers.
  • 43% of people reported having been a victim of a fraudulent charge from retailers.
  • More importantly, 52% of people who have been victims of fraud said that the incident negatively impacted their view of the retailer (regardless of whether this was due to a hack, data breach, or whatever).

The above statistics have serious implications for online retailers, mainly when trust and consumer confidence in your brand is the only way to ensure success.

You can only ensure success by staying ahead of the game; by knowing which threats to watch out for and being proactive about addressing them. Below are four security threats you should watch out for in 2020:

1. Web applications attacks

Online retailers require different web applications to fulfill customers’ needs; these applications perform a range of tasks from delivering web pages to processing and storing sensitive customer information. Unfortunately, exploits targeted at web applications remain one of ecommerce’s most significant threats and this will continue to be the case in 2020.

Depending on the kind of attack, web application attackers could try to gain access to your database to access sensitive customer information or injecting malicious code to trick users out of sensitive information. Majority of cyber-attacks targeting retailers are web application attacks and could include:

  • Cross-site scripting (XSS) attacks.
  • SQL injection.
  • Cookie poisoning.
  • Command injection.
  • File-path traversal.
  • Automated threats such as denial-of-service attacks, scraping, and carding.

You can protect against most of these attacks by installing a web application firewall (WAF), regularly auditing your application databases to quickly detect vulnerabilities and performing regular security assessments of web applications, then fixing any vulnerabilities you come across.

2. Bad bots

It is no secret that a higher percentage of internet traffic is a result of bot activities, but very few retailers realize how much of a problem this could pose to them.

Bad bots could pose serious problems to an ecommerce website through different means that include:

  • Ecommerce scalping in which malicious bots target products available in limited quantity to inflate their price and later resell them at a higher price.
  • Bandwidth choking in which bots create an artificial traffic spike to slow down your ecommerce website.
  • Cart blocking in which bots attack your carts by manipulating product availability in a way that makes actual customers believe products are no longer available.
  • DDoS attacks in which ecommerce websites are attacked and paralyzed by unleashing lots of fake traffic that maxes out server resources.

You can protect yourself against these attacks by taking a few steps. Those include using WAFs and a content delivery network to ensure all users can access your site even during peak traffic periods. Also important is automating the monitoring and blocking of bad bots with increasingly suspicious activities on your website.


3. Customer journey hijacking

A major security threat specifically targeting online retailers that is likely to become even more pronounced in 2020 is that of customer journey hijacking.

Customer journey hijacking happens when hackers inject unauthorized ads into the browsers of visitors to your website and then have these ads display on your website. Not only will these ads be irritating and intrusive and negatively affect user experience, but they will recommend competing products, include distasteful (and potentially unsafe) ads, and redirect visitors to your website to competing websites.

Malware powers these nefarious ads. Users can download such malware by connecting to unsecured WiFi networks, downloading free software bundles, and through bad connections and are designed to look as if they are part of your website.

Customer journey hijacking is an even more serious threat because it is a consumer-side infection rather than a server-side infection. In other words, it’s all on the user’s computer and there is nothing you can do about it at your end. Despite this fact, a study by Namogoo shows that 78% of people who are victims of customer journey hijacking are likely to have a negative view of the retailer’s website on which this occurs.


The best solution to this is to educate users about this fact and encourage them to install antivirus software, antimalware software, and also use a virtual private network.

4. Phishing and spear-phishing attacks

Phishing attacks are one of the oldest kinds of web attacks, yet they continue to cause the most damage—still ranking as the most common cybersecurity attack.

Phishing culprits could target customers. To do that, the hackers could pose as your brand to steal sensitive customer information, or attackers could be target insiders in your organization to gain access to sensitive portions of your ecommerce site.

You can protect yourself by doing several things that include:

  • Ask all employees and people with sensitive information to always double-check the email address of people sending them emails requiring them to take sensitive action. You should train them to know that imitative domain names could look exactly like yours and they should learn to cross-check for this.
  • Train all employees and run regular phishing simulations in your organization to see if employees can genuinely distinguish between phishing emails or authentic ones.
  • Have IT put all inbound emails through a “sandbox” filter to ensure links in emails sent to users are safe.

In Conclusion

While there are other security threats ecommerce businesses should watch out for, and threats against ecommerce businesses continue to evolve, the above are four security threats you should particularly pay attention to this year.

SEO POW is a content marketing and an organic link-building agency in Ibadan, Nigeria.