top of page

Cyber Criminals continue to target e-commerce websites. What can you do to protect yourselves?

Do you use an ecommerce website? If so, read on to discover how you can reduce the chance of it being compromised by cyber criminals.

As an online vendor you might be unaware that cybercriminals can infiltrate your systems to defraud shoppers. Within the last couple of weeks Europol, the EU’s police agency, said it has notified 443 online merchants that their customers’ credit card or payment data was compromised as a result of digital skimming attacks. 141 were in the UK.

Sign on traffic light saying ECommerce
Protect your website and you protect your customers

These digital skimming attacks are conducted by criminals exploiting website vulnerabilities and planting surveillance software that steals customer payment details as they input them on the website.

Europol said

“Customers are usually not aware that their payment details have been compromised until the criminals have already used them to carry out an unauthorised transaction. Generally, it is difficult for customers to find the point of compromise,”

As an operator of an e-commerce site, it is both a moral and legal requirement that you ensure that customer data is protected – a breach leading to a customer being defrauded further on down the line could come back to you in the form of a legal claim, and with it both financial and reputational damage.

Is my website secure?

As time moves on, a company with good cyber hygiene will almost certainly have an increased competitive advantage against those that do not. As such it makes sense that you take those all-important first steps to ensure that your website is secure, and both your company and its customers are protected.

One of the first stages of checking your website is secure is by scanning it regularly.

Here at the Eastern Cyber Resilience Centre, a Police led, and Government funded organisation specifically setup to support the needs of small and medium businesses, we understand that you may not know where to start. So, we offer free membership to all, signposting the key police and NCSC guidance around website vulnerabilities so that you can start to understand whether you are in a good place or not. And all of this is free to access!

ECRC background
The centre can help your organisation build its cyber resilience

We also offer a range of affordable services that specifically look at website vulnerabilities – our scanning package – the First Stage Web Site assessment (FSWA) – is less than £200.00 and is an excellent way to start the process. All of our affordable services are provided by university undergraduates from across the region. The work that they do additionally helps them to prepare for a career in cyber, one of the most under resourced sectors in the UK currently.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. It will also cost you money. But all is not lost.

Here at the centre, we would recommend that you -

1. Join our community for free . You will be supported through implementing the changes you need to help protect your organisation.

2. Take a look at our range of affordable services provided by Cyber Path students in full time education. Particularly those related to web vulnerability assessments and FSWA.

3. Access our Cyber Essentials Partners – local cyber security companies who are partnered with the CRCs and who can support organisations attain and maintain the government backed Cyber Essentials standard.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing.

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page