Our client is a prominent eCommerce website selling various sports gear. They experience traffic from all over the world with an average conversion rate of just 1%
Our client’s Magento website was compromised when hijackers got access to their admin credentials. They injected malicious codes that was disguised as a 3rd party tool to capture customers’ credit card details. Whenever a customer made a purchase, chase, the code routes their credit card details and delivers it to the hacker. It’s simple but cleverly hidden as none of the traditional security scans could detect it. Also the hackers were clever enough to not make use of all the credit card information to tip the eCommerce admin that crucial information was leaked through their website.
The scariest part was that the client never really knew they had such a problem. The real reason why the client approached us was that there was a drastic fall in their traffic and wanted their site back on track.
As a routine step in our audit, we ran the website through a series of standard security tests and it passed. It was only when we loaded the website on an independent server, we witnessed the additional ping to an external site. After further manual code reviews, we detected the malicious codes and cleared them.
We have access to some of the most premium security scan services and none of it could actually detect the threat. It really is any eCommerce website’s worst nightmares. Thankfully, none of the client’s customers had any complaints of unknown charges credited on their credit cards
The only way the hackers could have planted the malicious code on the website is through someone who had access to their login credentials. The site had not been hacked from outside. We did the following on the site
The client had a pretty good traffic and retention rate due to their unique product catalog. But, they struggled with their conversions, which was hovering around 0.9%. To improve conversions
In 3 months after the changes, we have not witnessed any security threats. The conversion rate has also increased by 0.5%. The client is extremely happy and have extended their services to incorporate more conversion based changes to improve their ROI.