The Blog

Attackers Targeting Magento For Credit Card Details

Posted on the 21st March 2017

Attackers are still focusing their efforts on Magento, the ecommerce platform, as a way of obtaining credit card information from shoppers. The latest attack is a malicious function that has been embedded into one of the platform’s modules, so that it can be used to steal credit card information.

The code was injected into one of the script files for SF9 Realex, which stores credit card data for the one-click checkout that is used by repeat customers. The module can interact with the Realex RealAuth Remote and Redirect features, which are popular solutions amongst Magento store owners.

The ‘sendCCNumber()’ function is used to reroute credit card information that the customer enters into a Magento storefront, and send it to an attacker’s email address. The data is JSON encoded and sent to the attacker’s inbox, and the victim is unaware that anything untoward has happened.

The attacker then uses binlist.net to find out the bank that the card is associated with, so that it can start using the details.

Attackers are going to greater and greater lengths to obtain card data, especially with ecommerce platforms such as Magento. Right now, it may feel like Magento card thefts are scarily common, but the fact is that the attackers could be going for any platform. It is important to remember that Magento is not inherently insecure – rather, it is simply one of the industry standard platforms, so it is natural that there would be more attacks targeting it.

The vulnerability is not with Magento itself. Attackers are using a different vulnerability in the website where the platform is being hosted, and they then inject the script and use it to take over SF9 Realex. There are also other man in the middle attacks in operation, and even methods for scraping credit card details using publicly viewable image files to anonymously get access to the information.

Researchers are working with RiskIQ to monitor attacks such as the ones that have been uncovered recently. The company said that the attacks appear to be originating from a single hacking group, which is not just targeting Magento, but other ecommerce platforms such as OpenCart and Powerfront CMS, in particular with web-based keyloggers. It is important that you keep updating your website every time there is an update – especially a SUPEE security patch for Magento, but plugin updates as well. These updates will help you to keep your site safe and secure.

How AI Is Affecting Ecommerce

Posted on the 1st November 2016

AI could be the next big thing in the world of ecommerce. It is hoped that AI will achieve something that loyalty programs have been trying to do for many years – building customer loyalty by developing an understanding of the needs of individual customers.

AI has managed to make its way into many aspects of our lives, and there are even toys for kids that have rudimentary AI systems in them. However, it’s not just “smart” devices that are having an impact. Today, AI is becoming a tool for customer service too, and more and more companies are using AI to try to figure out what to sell to you, and how to support your shopping habits.
Read more

Verified By Visa Gets an Update

Posted on the 26th September 2016

Visa has updated its Verified by Visa service to bring it up to date with the new era of e-commerce. The changes to Verified by Visa and the associated Three-Domain Secure service mean that it will be even more secure. It will also be more convenient, not just for customers, but for financial institutions as well.

Read more

Ecommerce Holiday Calendar for 2016

Posted on the 24th September 2016

The holiday season is just a few months away, and now is a good time to start reviewing sales dates and considering your plans for what you will do over the next few months. The more sales data you have, the better equipped you will be to take advantage of the most common promotions and buying periods over the autumn and winter.

Read more

Magento Ranked Number 1 Ecommerce Provider

Posted on the

Speaking at the Internet Retailer Conference and Expo earlier this summer, Magento Commerce announced that 31% of medium-to-large ecommerce companies use Magento for their online stores. That makes Magento more popular than any other vendor, including large ecommerce providers such as Hybris and Demandware. Magento now powers more than one quarter of all of the ecommerce sites listed in the Alexa top one million, too.

Read more

Ecommerce Companies Embracing the Real World

Posted on the 12th September 2016

In a bizarre reversal of the traditional story, digital-born businesses are now taking to physical retail, looking to harness the concept of the ‘experience economy’, in a bid to grow their audience. Traditionally online companies such as Warby Parker, an eyeglass retailer in the United States, are opening bricks and mortar branches to allow consumers to try their products in person.

Read more

UK Payments Faster With PSD2

Posted on the 2nd September 2016

The ecommerce market in the UK is the largest of all the European markets. It is set to reach £90 billion by 2020; up from £60 billion last year. While the ecommerce market is growing, the way in which consumers pay for things is also changing.

The Payment Services Directive 2 (PSD2) is set to come into force in the UK in two years’ time, and it is going to make a significant difference to retail and commercial banking. New payment categories are being introduced, including the AISP (Account Information Service Provider) and the PISP (Payment Initiation Service Provider). These new categories will change the way in which consumers interact with third parties and with banks.
Read more

Magento Taking Precautions to Protect Against Ransomware

Posted on the 31st May 2016

Following the news of ransomware attacks which were apparently targeting Magento-powered websites, the developers of the ecommerce platform have released patches to protect against the malware, and have also removed an extension which they are concerned may have provided the malware developers with an attack vector.

Read more

Why Magento 2.0 Should Excite Store Owners

Posted on the 17th May 2016

Magento 2.0 was released last year, and while those in the development and service provider areas of the ecommerce industry have been talking a great deal about it, when it comes to store owners, the platform has been all but ignored. From the perspective of users, it seems as though Magento 1.9.x “works”, so they’re reluctant to go through the upheaval of rolling out a new platform.

Read more

Almost Half of Ecommerce Purchases Now Made on Mobile

Posted on the 11th May 2016

In the UK, almost half of all ecommerce purchases are now made on mobile devices, with the top platform being the iPhone – ahead of the iPad.

These statistics come from performance marketing technology firm, Criteo, which found that 48.9% of all ecommerce transactions in the first quarter of 2016 were made on phones or tablets – up from 43% for the same time period last year.

Read more

How PHP 7 Improves the Performance of Magento

Posted on the 4th May 2016

Magento 2 has been publicly available for a while now, and it’s clear that out of the box it offers some significant performance improvements over Magento 1.9.x. What many people don’t, however, realise is just how much more performance you can get out of the platform if you use the right hosting configuration.

Read more

Magento as a B2B Solution

Posted on the 29th April 2016

We hear a great deal about the use of Magento as a B2C ecommerce platform, but over the last few months the developers of Magento have put a lot of effort into targeting a whole new sector. The way in which B2B purchasers operate is changing, and companies that operate in the B2B space will need to adapt if they want to remain competitive.

Read more

UK Ecommerce Traffic is Increasingly Going Mobile

Posted on the 17th April 2016

According to a recent study conducted by SimilarWeb, 65% of the ecommerce traffic in the UK came from mobile devices in January; the greatest percentage of mobile traffic for any of the countries in the study, beating even the US and India. However, while two thirds of ecommerce traffic is coming from mobile devices, this doesn’t necessarily mean that mobile is the most important platform.

Read more

Are We Entering a New Era of Innovation in Ecommerce?

Posted on the 14th April 2016

The launch of Magento 2.0 has raised a lot of questions about the future of ecommerce. Is this new platform worth migrating to? Are there any benefits to upgrading from 1.9.x, given the potential teething problems and the lack of certain extensions and themes? What does the platform have to offer to someone who is currently deeply invested in a different ecosystem?

Read more

How Magento 2.0 Is Giving Retailers New Hope

Posted on the 22nd March 2016

Magento 2.0 has been out for a while now, and it is offering brand owners, retailers and businesses the chance to deliver fast and cost-effective omni-channel shopping experiences for their customers. When Magento 2.0 was first released, many retailers were reluctant to make the leap from Magento 1.x to Magento 2.0, because of concerns about extension compatibility, themes, and the lack of certain features.

Read more

Think we can help?

Give us a call on 033 33 444 505 or send a us a message,
we would love to hear from you

Get in Touch!