In an effort to push digitalization, retailers across the world are building their eCommerce websites using third-party ready-to-use frameworks such as Magento. In addition, they are using several plugins of the framework, developed by third-party application developers and companies. With this approach, brands are not only saving a lot of time in building eCommerce websites from the scratch, they also don’t need to re-invent the whole wheel of “eCommerce website/Software Development.” They are getting the basic building blocks in no time. This is good in the sense that it is cost effective and provides a good ROI. But the original code-base has not been developed by the retailers who are using these frameworks to sell products on the Internet.

The internet is complex and not secure. It’s hard to spot online cyber threats while doing online transactions. Especially when it happens in the backdrop of branded eCommerce websites.

And it’s not India’s problem alone; many well educated tech savvy customers across the world, are facing cyber threats on a day-to-day basis. One such incident concerns the American departmental store chain Macy, whose eCommerce checkout page was hacked by unknown cyber criminals by putting Javascript code in the Magento’ code base. Using the code, hackers could steal customer information, which includes names, email address, billing & shipping address, phone numbers, credit details, etc. This is known as MageCart Security breach in the Cyber world.

Macy Management released a clarification to their patrons (ref Notice of Breach) stating that their team identified the cyber-attack on time and responded to it the same day. Federal law enforcement agencies are investigating the matter further. Apart from this, they have also informed various card brands about the breach along with the transaction and card details. Moreover Macy has tied-up with Experian IdentityWorks to provide Identity Service protection for 12 months free of cost to customers.

I am sure a company like Macy must be having a team of cyber security to take care of security events. Then how come this happen? Is their security team not capable of handling such attacks? The fact is that new kinds of cyber-attacks are happening across the world on a daily basis. This is despite the fact that there are specific forums and groups, whose job is only to discover cyber threats and alert everyone, but still many big brands are unable to safeguard consumers as well as their own data from cyber criminals.

Now the question is: should we as customers trust every website? Or should we not? In India, the awareness about cyber threats is little. Many customers don’t even know what to do in case of data breach? Some customers don’t even bother about data breaches till they face financial losses. Moreover “Indian” legal systems still don’t have a strong law to prevent identity theft or data-breach.

The bigger question is for Indian retailers, who have limited resource to compete with eCommerce giants like Amazon and Flipkart. How will they safeguard customer’s data as well as their own? It’s really not that easy to build a whole new eCommerce website from scratch, but one should start thinking of building their own code-base if they really want to reduce cyber-attacks, as third party applications can never be 100% secure. Moreover, we need to invest more in cyber security than what we are currently doing. This should prevent some losses. It is high time, cyber security is prioritized.

Leave a Comment

Your email address will not be published.

You may also like