Upon reading the article “E-Commerce grows 25% in Brazil” published on one of the Brazil’s largest technology consumer publication — Infoexame, we are faced with a subject that makes us feel happy but, on the other hand, forces us to be on the alert, as far as security procedures for these new e-commerce portals are concerned.

“Brazilian e-commerce trends have presented a 25% growth in 2009’s first quarter, thus generating a total turnover of 2.3 billion reais.”

The article begins with the amount of the quarterly turnover of e-commerce in Brazil which represents a low value if compared with traditional sales results but still is a figure deserving respect.

“In accordance with survey carried out by e-bit, a company specialized in e-commerce information, emphasis was given to the increase in the participation of low and medium-sized retailers. These have won more than 37.26 million reais, compared with the first quarter of 2008.”

“Small and medium-sized companies, which in 2008 represented 8.07% of sales, were the unique ones which increased their market share and closed first quarter with 9.69% of total. Turnover has increased from 185.61 million reais to 222.87 million reais.”

According to the article, what has really drawn our attention was the turnover amount circulating among small and medium-sized companies, something really profitable which shall attract malicious glances. It is worth reminding that it has not been mentioned what Infoexame considers as being small/medium-sized companies and metrics used to define such standard.

“As the entrance barrier is narrower, there is a great volume of lower investments, which do not leave quality behind, though. Another factor that has benefited small companies are the available tools, such as search and price-comparison sites which allow that they are found by those who were not aware of the brand.”

Another point mentioned (and here I believe that talking about web security is our concern) is the facility factor to start an e-commerce shop. Sometimes, the smaller XPTO shop has a price lower than those practiced by the big portals, as many major e-commerce sites have a big infrastructure which is added to product’s final value and thus we ask:

1. How many of them use opensource tools in the automatic mode?
2. Should they develop their own shop, would they use something from OWASP?
3. Do they perform blackbox and/or whitebox tests?
4. Are they in compliance with general industry standards (such as PCI)?
5. Do they rely on security professionals and security teams?

Before purchasing it is worth keeping in mind that you can and must do researches on the shop where you are buying online, as to check whether some negative incident has been reported about it and if it is possible to ask whether such shop uses some continuous process for security checking, bearing in mind the great financial turnover volume involved and the ongoing growth of amounts being negotiated in e-commerce that makes such sites targets for attacks.

If you are the owner of a small e-commerce shop please perform security tests using our tool (or request an evaluation version) as the results may surprise you at the end. Do know your vulnerabilities before criminals do.  Get details at:

http://nstalker.com/products/enterprise/.

Source with complete article here (in portuguese).

N-Stalker Research Team