Highest Voted 'e-commerce' Questions - IT Security Stack Exchange

1

vote

1 answer

Why do scammers use emails like yahoo?

I was doing a Cyber Security and IT audit for a company. I was told that they had very little in terms of fraud protection, one of the only ways that they detected potential fraudsters was by manually checking if the email address was Yahoo or not.…

asked May 23 '18 at 09:27

user5623335

381
1
4
12

1

vote

5 answers

How to decide where to host an online store?

How can one know whether it is more secure to host the store on our own servers or on those from external vendors? Answer: Do a risk assessment. 1.) Summarized Answer 2.) Detailed Answer 3.) Answer that might help you, if you're in the same…

web-application web-hosting e-commerce third-party

asked Aug 29 '17 at 13:32

Lizzy21

21
4

1

vote

2 answers

PCI DSS 3.2 SAQ A and SAQ A-EP - 2 different web shops

I did a pre-assessment of 2 web shops of one company today. One web shop uses Direct Post based forms to insert and forward cardholder data. Doing this means the company is eligible for an SAQ A-EP. It's hosted in Azure, in a small environment,…

pci-dss compliance e-commerce

asked Mar 10 '17 at 22:31

0x90

113
5

1

vote

2 answers

PCI DSS for web servers not storing credit card info

I plan on deploying our new company website to a dedicated server through a hosting provider. I will personally maintain the server with the exception of dealing with the physical hardware. The company itself does possess credit card info through…

pci-dss audit compliance e-commerce

asked Jan 21 '17 at 02:46

AirmanAJK

11
1

1

vote

1 answer

Reusing an “anonymous” user entity across orders

I wonder if it would be a good idea if a shopping system would reuse existing user accounts across multiple orders. For example: A person buys a concert ticket in an online shop. The ticket is mailed to them. The person does not create a user…

account-security e-commerce

asked Dec 15 '16 at 20:07

lxg

111
5

1

vote

1 answer

Hosted checkout page - who holds liability if there is fraud case?

We are planning to use the hosted checkout page - does it minimize our liability and security measures? In the event of hacking of our website or poor security of the website, does it affect the customer's credit card information? If there is a…

web-hosting payment-gateway e-commerce

asked Oct 05 '16 at 03:00

anandmongol

11
1

1

vote

4 answers

Is it a vulnerability if an application cookies carry sensitive information?

I am assessing a small e-commerce web application. I have found that the application passes the order details, the cost, the order ID etc as a part of the cookie. Tampering with it does not affect the operations. However I wanted to know if this is…

web-application cookies e-commerce

asked Jul 05 '16 at 00:12

Tim

19
2

1

vote

0 answers

SAQ D PCI Compliance for Custom Shopping Cart

We use a custom developed open-source e-commerce software. We are SAQ D and I am trying to figure out which of these requirements applies to our cart if: We aren't storing credit card information We transmit credit card information from the user to…

pci-dss e-commerce

asked Feb 29 '16 at 21:46

dubloons

111
2

0

votes

2 answers

Library or service for rate limiting credit card transactions by IP

I have a simple product ordering form. A hacker is attempting to validate stolen credit card numbers by making two orders per minute with a bot. 99% of the orders are declined but some are completed. Which tells the hacker that credit card is a…

brute-force credit-card fraud e-commerce

asked Mar 11 '15 at 20:27

dbasch

101
2

0

votes

2 answers

E-Commerce website with REST backend : do I have to secure Backend URLs accessed by Front end public pages?

I have an e-commerce website with a REST backend and a Single page JS as front end. I intend to secure my REST backend with OAuth2. I don't want to oblige the user to authenticate when he first comes on the website, because as a e-commerce website,…

oauth rest e-commerce single-page-app

asked Sep 22 '13 at 22:24

rico

361
3
8

0

votes

1 answer

Is this insecure to show in cookie Google Tag?

While researching one site, I found that if you enter document.cookie (Firefox) I can see this filed in cookie _gat_gtag_UA_XXXXXXXXX_1=1. There were plain text. As I know gtag is for Google Tag Manager. I was using Google Analytics and Google Tag…

cookies google e-commerce

asked Oct 02 '21 at 17:30

dokichan

137
7

0

votes

1 answer

Is it legal to post card data from an ecommerce checkout to a PCI compliant 'store'

Let's say I want to charge a user's credit card with their permission after a sale takes place. But, I don't want to have to ask them their credit card a second time. Is it legal to store the credit card information as they're filling it out on the…

pci-dss credit-card compliance pci-scope e-commerce

asked Apr 18 '20 at 01:51

Tallboy

105
4

-1

votes

2 answers

How to use VirtualMerchant without PCI-DSS?

I want to use Elavon VirtualMerchant to make credit card payments on my website. I don't want to do PCI DSS certifications other than SAQ A, so don't want to process or store card data on my site. I want to use VirtualMerchant payment forms so user…

pci-dss e-commerce

asked Jun 10 '13 at 10:56

Andrey Regentov

57
4

Questions tagged [e-commerce]