About The Client
Our client is a prominent eCommerce website selling various sports gear. They experience traffic from all over the world with an average conversion rate of just 1%
The Problem
Our client’s Magento website was compromised when hijackers got access to their admin credentials. They injected malicious codes that was disguised as a 3rd party tool to capture customers’ credit card details. Whenever a customer made a purchase, chase, the code routes their credit card details and delivers it to the hacker. It’s simple but cleverly hidden as none of the traditional security scans could detect it. Also the hackers were clever enough to not make use of all the credit card information to tip the eCommerce admin that crucial information was leaked through their website.
The scariest part was that the client never really knew they had such a problem. The real reason why the client approached us was that there was a drastic fall in their traffic and wanted their site back on track.
How We Found The Security Threat
As a routine step in our audit, we ran the website through a series of standard security tests and it passed. It was only when we loaded the website on an independent server, we witnessed the additional ping to an external site. After further manual code reviews, we detected the malicious codes and cleared them.
We have access to some of the most premium security scan services and none of it could actually detect the threat. It really is any eCommerce website’s worst nightmares. Thankfully, none of the client’s customers had any complaints of unknown charges credited on their credit cards
How We Secured The Website
The only way the hackers could have planted the malicious code on the website is through someone who had access to their login credentials. The site had not been hacked from outside. We did the following on the site
- Set up an admin activity tracker so we got notified every time someone used the admin credentials to log on to the website. This kept unwanted hands off the website.
- Set up a Sucuri Magento scanner to frequently scan the eCommerce website for any malicious activities.
- Version controlled the entire website code on Git to reflect any changes made within the website
- Installed Fraud Block to only let legitimate transaction to take place. This made use of the shopper’s IP address, number of payment attempts, etc. to stop any stolen credit card transaction
- Enabled 3D Security for all Master and Visa credit card transaction
- Enabled Signifyd module to reduce fraudulent transactions and boost chargeback protection. We then educated the client about the importance of secured website credentials and the consequences of what could happen to their website if someone had complete control over it. This cleared up the website issues and also helped customer reduce their transaction and chargeback worries.
How We Helped Them Improve Their Conversion
The client had a pretty good traffic and retention rate due to their unique product catalog. But, they struggled with their conversions, which was hovering around 0.9%. To improve conversions
- We optimized the website for a better site loading time.
- Incorporated the low price guarantee module to let shoppers know that they are getting the best deal out there.
- Performed SEO optimization to regulate the traffic and get in targeted customers onto the website.
- Incorporated Google rich snippet to attract targeted customers.
- Installed reviews module to help improve on page ranking for targeted keywords.
The Result
In 3 months after the changes, we have not witnessed any security threats. The conversion rate has also increased by 0.5%. The client is extremely happy and have extended their services to incorporate more conversion based changes to improve their ROI.
