Search Go hack yourself with Detectify

An EASM blog from Detectify

How to choose the right e-commerce platform

November 17, 2016

In e-commerce, there is no one solution that fits every online store perfectly. When it comes to picking an e-commerce platform, there are many aspects of your business that need to be taken into consideration before you can make an informed decision. In this article, we have gathered some key points that can help you decide on a platform that suits you best.

E-commerce platform

1. Define what you are

The first step is to define what you are. First off, will you sell physical or digital goods? This may not have much to do with security, but it is good starting point that can help you narrow down and evaluate your options.

How many different products will you offer? If you go with a webshop-as-a-service solution, the price often varies depending on the amount of products. The question that naturally follows is whether what you want is an online store with the primary goal of selling a range of different products or a website with a lot of information and just a few products. Most CMS solutions available on the market today offer e-commerce support, which makes them a great alternative for businesses looking to focus on content rather than just e-commerce.

2. Budget

How much are you prepared to spend? This is something that might seem obvious, but it is a good idea to plan your budget before you start looking into different e-commerce platforms. Without a budget, you might end up picking something unnecessarily expensive, or settle on a cheaper option that doesn’t give you all the functionality you need. That said, a strict budget is not optimal either; if possible, aim for flexibility that leaves room for negotiation.

3. Self-hosted or shop-as-a-service

There are two main categories of e-commerce solutions and your options here depend on your technical competence. The first one is the self-hosted shop where you host everything on your own server and the alternative is the shop-as-a-service where you pay a monthly fee and leave the e-commerce magic to your platform provider.

Opting for a shop-as-a-service solution allows you to focus on running your business and let experts deal with running the site. Drifting an online store and making sure everything is up-to-date can be much harder than it sounds, so we would recommend choosing the shop-as-a-service option. Even if you are technically proficient or can hire someone who is, avoiding the hassle of hosting your online store can save you both time and money.

The main takeaway here is that there is no good reason to host your e-commerce site unless it’s absolutely necessary.

4. Security

Always look up the reputation of the service or platform that you plan to use. History is not everything, but repeated cases of security breaches often indicate a pattern. In this case, the best course of action is to do some research and ask a security expert for their opinion. Be aware that this could backfire as well, as people sometimes say they know more than they do.

While we, of course, believe that security is extremely important, it is vital to keep in mind that it is just one of the parameters to consider. When choosing an e-commerce platform, the decision needs to balance a large number of criteria. The most secure solution would most likely be host a .txt-file with instruction to email orders, but this is obviously not the best or most user-friendly option for an e-commerce business.

Detectify scans your website for over 700 vulnerabilities and can help you monitor your e-commerce solution’s security status. Sign up for a free 14-day trial and check if your site is vulnerable »

5. Vulnerabilities specific to e-commerce

If you coded your e-commerce solution yourself or are in any way technically involved in running your online store, it’s important to map out business logic-specific vulnerabilities alongside the more general security issues.

For example, an attacker might be able to figure out your stock levels by adding a product to their shopping cart until the website says the product is out of stock. Information about your inventory could be used by a competitor to plan future campaigns. These vulnerabilities are difficult to find using automation, but being aware of them and knowing how to spot them can help you keep your store safe.

6. Realise that consumers trust you

As an online retailer you want to have as little to do with credit card credentials as possible. However, even if you are using an external payment processor and technically have very little to do with the transaction, users do not see it that way. If you were to be hacked and someone switched out the payment process with a link to their own faked payment processor, a regular user could not tell the difference.

As soon as you start selling products online, you get a lot more attention from potential attackers. At the same time, your customers need to know that you are worthy of their trust. This is an issue you need to tackle regardless of whether you are hosting your own platform or using a dedicated solution, but again, the shop-as-a-service option is probably the best alternative for the majority of e-commerce businesses.

7. How long should the store be online?

We often find forgotten sites left behind after a limited campaign that has expired. These sites are rarely up-to-date and are often vulnerable, but can still contain sensitive customer information. If the shop you are setting up is used for a campaign that will eventually expire, make sure you are able to successfully delete it afterwards. This should be a relatively easy task, but it is often forgotten, leaving sensitive information at risk.