CitiBank Hacked – How To Protect E-Commerce Sites

CitiBank Hacked – How To Protect E-Commerce Sites

December 22nd, 2009 | Filed under Blog,Security

Critical News Alert:

CitiBank has just been hacked, resulting in tens of millions of dollars stolen.

You may read more details at FoxNews: http://www.foxnews.com/politics/2009/12/22/fbi-probes-hacks-citibank-govt-agency/

PCI Compliance laws couldn’t come soon enough, however they do not mean a merchant’s site will have 100% protection from the elements.

We strongly caution merchants with this bit of truth:

If a hacker wants into your site, they will get into your site. Earlier this year hackers were able to tap into the Whitehouse, Pentagon, and even the Dalai Lama’s personal staff office (an office that is secret, constantly mobile to avoid detection, and otherwise very secure).

Our suggestion to merchants…

How To Protect Your E-Commerce Site

1) Change your password regularly to your website shopping cart admin, hosting account, FTP, and credit card processing gateway; do this at least once a month.

2) Use strong characters in your password (contain at least one Capital letter, some random lower case letters, a few numbers, an asterisk*, and an exclamation point !).

3) Ensure your admin login is not in a simple directory like /admin/ or /login/ , rather an obscure directory like /Hg*9jMM4!/

If your admin login is in a simple directory, it reflects the work of amateur e-commerce programmers, which is a sign they may not have taken other security precautions with your site.

Hacker Robots can easily guess your directory, if it is a simple directory, and are therefore already half-way through cracking your site’s walls.

4) Replace your SSL Certificate every 3 months.

Many hosting companies suggest buying a 1 year or 3 year SSL.  In truth, a Hacker Robot can usually crack through an SSL within about 3 months.  You should refresh your SSL regularly with new codes, especially if you are a high-volume or high-ticket site.

5) Do not save credit card numbers to your own hosting database. There is no need to do this in modern times, as Automatic Recurring Billing and Repeat Orders can now be saved much more securely via the ISO Company’s back-end processor.

6) Have a notable e-commerce firm, such as A Creative LLC, install your shopping cart and your gateway.

7) Process with a notable ISO company.  Contact us, we are happy to consult you.

Comments are closed.