Many software products for online shops are insecure

[hasan018542]

A large amount of sensitive consumer data is processed via online shops. In addition to personal contact details, this often also includes bank details, credit card details and other payment details. It is no wonder that online shops have long been the focus of cyber criminals. The Federal Office for Information Security ( BSI ) has therefore investigated the security properties of online shopping platforms as part of a study /Publikationen/DVS-Berichte/onlineshopping-plattformen.html?nn=132646). These are software products that online retailers use to create their web shops. The results show important needs for action.

The cyber security situation in Germany is considered to be tense According to the BSI, this also applies to areas of the digital consumer market. In this context, attacks on customer databases of online shops are a particularly important issue. These mostly involve unauthorized access and the disclosure of sensitive consumer data - so-called data leak incidents. As part of a study that has now been published, the BSI has therefore examined software products for online shops for vulnerabilities and found a total of 78 security gaps - some with serious consequences for the IT security level of consumer data.

Almost all of the products examined as part of the BSI study had inadequate password policies. JavaScript libraries were identified in seven out of ten shop software products that were vulnerable to known vulnerabilities. france gambling data In half of the products examined, the BSI identified software that had passed the official end-of-life date and therefore no longer receives security updates. The BSI addressed the identified vulnerabilities as part of the so-called coordinated vulnerability process and sensitized the affected software manufacturers to the problem. The BSI calls on manufacturers of shop software to provide updates for identified IT security gaps immediately and appeals to operators of online shops to implement these as quickly as possible or, alternatively, to switch to secure products.

BSI Vice President Dr. Gerhard Schabhüser makes it clear: "This study shows that the responsibility for secure online shopping lies with both the manufacturer and the retailer. In order to reduce the risk of future data leaks and to achieve a sustainable increase in the IT security level of online shops, software manufacturers must regularly carry out vulnerability analyses - from the BSI's point of view, this should already be done during product development." In their own interest, online retailers should pay more attention to IT security when selecting their shop software in order to protect their customers' data as best as possible, says Schabhüser. In the final report of the study, the BSI provides online shop operators with appropriate guidance.

A survey of consumers conducted alongside the BSI study showed that around a quarter of all respondents had already been affected by data leaks when shopping online. Half of those surveyed expressed concern about possible data leaks. However, the high proportion of those who said they shop online at least occasionally (91%) and the proportion of those who said they shop online frequently (55%) show that online shopping remains attractive for the majority of consumers despite the known risks. BSI Vice President Schabhüser stresses in this context: "Consumers can and should also take responsibility for the security of their data when shopping online."