E-commerce sites are being urged to ensure that they have adequate DDoS protection ahead of the vital holiday trading season after attacks ramped up on Black Friday and Cyber Monday.

DDOS attacks reached their highest levels in November on two of the busiest online trading days of the year, statistics show.

On Black Friday, DDoS protection provider Link11 saw DDoS attacks on e-commerce providers increase by more than 70% compared with other days in November. On Cyber Monday, attacks increased by 109% compared with the November average.

Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps, with the average attack on both just under 6Gbps compared with an average of 4.6 Gbps for the months of July to September, which represented a 40% increase compared with the previous quarter.

According to Link11, attacks approaching 6 Gbps “far exceed” the capacity of most websites. In the light of that fact, Link11 is warning online merchants, payment providers and logistics companies to expect further large-scale DDoS attacks in the run-up to the Christmas break.

Marc Wilczek, managing director of Link11, said the e-commerce industry has high expectations of the Christmas trading period. “Both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry.

“The growing ‘cybercrime-as-a-service’ sector favour this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance,” he said.

To ensure they are better protected against DDoS attacks, which could see them out of business for hours and even days, e-commerce providers can either invest in expanding their infrastructure to absorb peak loads with their own resources or deploy an adaptable cloud defence system.

If e-commerce providers choose the first option, they risk DDoS attackers being able to deliver ever greater attacks to overwhelm services, putting companies with online infrastructures that offer delivery and or payment processing services at risk to DDoS incidents in the run-up to the Christmas holiday.

However, there are ways of detecting and mitigating DDoS attacks that any business dependent on the internet can and should use, he told the Isaca CSX Europe 2017 conference in London.

It is important that such organisations take time and effort to build their DDoS defence capabilities, he said, because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh. “Competitors and even disgruntled employees are able to carry our DDoS attacks that can result in loss of reputation as well as lost business worth a lot more than the attacks cost,” he said.

It is obvious that Cybersecurity is one of the most important feature of E-Commerce. Without proper protocols in place, online retailers put themselves and their customers at risk for payment fraud. Smaller stores face even greater e-commerce security risks due to insufficient internet safety from cybercriminals. Records show one in five small business retailers fall victim to credit card fraud every year, with 60 of those stores being forced to close within six months.

Outside of financial consequences, data breaches damage a brand’s reputation and can cause once loyal customers to avoid putting their information at risk again. However, using the right tools will minimize the threat of fraud and instill trust within your customer base.

Here are some of the best practices that can be followed to reasonably protect the business

1.) Make sure your e-commerce platform has multi-layered security.

The best way to keep your e-commerce business safe from cybercriminal activity is to layer your security. Make sure your platform host has protections in place on an application-level like contact forms, search tools and login fields.

2.) Monitor all transactions.

Ensure you and your hosting provider are monitoring all transactions for suspicious activity. Set up an alert system to flag potential threats like a billing address and shipping address not matching, or multiple orders being placed by a single user with different credit cards.

3.) Deploy regular PCI scans and updates.

Your e-commerce platform should issue frequent updates and PCI scans to field for any potential threats that may be targeting your online store. Automatic updates should also be a standard practice in preventing new vulnerabilities to viruses and malware.

4.) Utilize the Address Verification System.

To facilitate safer credit card processing, use an Address Verification System to compare the billing address a customer has entered to what the credit card issuer has on file. An AVS will automatically separate legitimate transactions from fraudulent attempts.

5.) Require a CVV.

Card Verification Value is the three- or four-digit code on the back of a credit card. Under PCI standards, retailers are not allowed to store this number, even if they record customers’ names, addresses and credit card numbers for future transactions. Additionally, many cybercriminals have a credit card number, but not the physical card. A CVV requirement makes it much more difficult for a fraudulent transaction to be processed.

6.) Require stronger passwords.

Hackers use algorithms that generate customers’ passwords. These programs run through all the possible combinations for a four-digit password, with the ability to find the right alpha-numeric password quickly. Longer passwords with at least one special character and a capitalization are more secure.

7.) Use SSL certificates to facilitate a secure connection.

SSL certificates authenticate the identity of your business and secure the data in transit during checkout. This keeps your company and your customers protected from having financial or important information compromised by hackers.

8.) Choose a hosting provider that is PCI compliant.

In order to be PCI compliant, and e-commerce platform must adhere to a strict set of policies and procedures that guarantee the security of payment via credit or debit card. Some of those measures include encryption, anti-malware software, extensive monitoring, risk analysis and more.

9.) Make sure your platform protects against DoS/DDoS attacks.

Most websites simply don’t have the bandwidth to protect against a DoS/DDoS attack, however, the e-commerce platform you choose should have the security in place to counter this threat.