The figures speak for themselves:
78% of ecommerce websites are at risk of breach according to 60,000 scans on Magento sites carried out using Foregenix handy scan your website tool. The 78% of sites are missing critical patches where 5% are confirmed to have “harvesting malware stealing their customer details” according to the article.
DATA breaches are nothing new from Adobe, ebay to Yahoo having all been targeted, but the bigger risks are for the smaller ecommerce websites where the consequences could be difficult to cover especially where fines concerning credit and debit card data are concerned.
This is why as a fully PCI compliant provider our terms and conditions exclude the use of API based payments whereby payment is collected on our clients websites as discussed here direct payments integration disabled. This essentially means that the payments are PCI covered via the likes of SagePay taking a great deal of stress and responsibility from our clients who are free to concentrate on running their ecommerce sites
Obviously the above data is not primarily concerned with card details and any customer details from logins, names, addresses and email accounts can and are targeted by fraudsters. There is also a growing trend whereby fraudsters are migrating to online targets especially where chip and PIN has made fraudulent activities more difficult. The knock on effect is not just for those directly hacked but by many ecommerce businesses where some people become reluctant to buy online in particular with small traders.
The easiest solution to reduce the risk from such attacks is to ensure your Magento site is kept up-to date with all critical security patches applied.
We do offer to patch your website with the caveat if there are problems the best we can do is to roll the site back, at which point you will need to contact your developer.