The e-commerce business is growing at a very fast rate and it is important to keep your sites protected. They include very sensitive customer data that, if stolen, can be devastating not only to the consumer but the business as well. Most customers buy from e-commerce sites trusting that it is safe and businesses need to avoid breaking that trust and losing customers forever.
There is a constant flow of hackers trying to get to customer data. Many hackers are after customer credit card details and this can ultimately lead to identity theft, which can be a costly and a stressful thing to deal with.
Security measures should be the most imperative aspect of e-commerce websites.
Magento is addressing security vulnerabilities by releasing a series of security patches this year. Each one protects against a unique vulnerability and if you haven’t already installed them on your site, they are a must to keep your site secure and healthy.
SUPEE-6237 Magento Security Patch
This is a security patch in Magento that deals with the USPS API and was released June 18th, 2015. It ensures Canadian international shipping rates are returned correctly. This way, upon checking out, the customer can see all shipping options that are available to them.
This security patch was included in the Magento Enterprise 22.214.171.124 release. The first two patches applied to both Magento Community and Magento Enterprise. The second two patches were for the Magento installation only. The SUPEE-6237 was created as a preventative measure. It offers protection against issues such as request forgeries, information leaks and cross-site scripting.
SUPEE-5344 Magento Security Patch
This patch is a critical security patch that was created against a remote command execution vulnerability and was released February 9th, 2015. It allows a hacker to remotely execute code on the software using a special request. This patch is available for Magento Enterprise only. This is a patch that you have to manually apply and is critical to your site.
With this security patch, it protects attackers from potentially getting access over the website’s store and its sensitive data such as customer information. It is imperative to protect your customers’ information for several reasons and this patch has not been widely implemented yet.
SUPEE-1533 Magento Security Patch
This security patch helps prevent attackers from executing arbitrary code on the Magento server and was released October 3rd, 2014. Without this, there is a vulnerability allowing the hacker with a Magento login to run PHP code on the server. This person would need to know the admin login information. This patch can be used on either Magento Community or Magento Enterprise.
This is concerning because the code can be exploited by trusted users that have a back-end login. They can then upload a .csv file containing PHP code on the backend. It is best to stay safe and make sure the admin access is blocked for users that are not trusted.
Testing of sites should be frequently put into action for security. All sites should require strong passwords, address verification systems (AVS), and card verification value (CVV). Another helpful setup is to have system alerts for suspicious activity as well as firewalls for security. Sites need to be monitored and backed up regularly as well.
The Magento e-commerce platform has several security patches that are released at different times to help with all of these issues. There are patch releases for both Community and Enterprise systems. A few of these include SUPEE-6237, SUPEE-5344 and SUPEE-1533. Give your Magento developer company Customer Paradigm a call today 303-473-4400 to see how these can be implemented on your site.