One in 20 online shopping sites has been infiltrated by hackers who are actively stealing customers' payment card details, according to new research by cyber security experts Foregenix.
It says that the number of insecure e-commerce sites is rising rapidly as criminals turn their attention away from conventional card fraud and look for easier pickings online.
The results show that 5% are infected with rogue software or 'malware', which is stealing customers' card details. Furthermore, four out of five sites (78%) are considered at risk of security breaches because they are running outdated versions of the software, which makes them easy targets for hackers.
The data comes from security scans carried out in the last month on 60,000 online stores built using the most popular e-commerce software, Magento.
The findings are in line with the growing number of high profile breaches of customer data, involving companies including Oracle, Cisco and Yahoo.
E-commerce sales to consumers grew by almost 10.6% in 2016 to reach £133bn - the biggest growth in five years.
However Foregenix co-founder Benjamin Hosack said the rise in cybercrime could undermine confidence in online sales if left unchecked, while heavy penalties imposed by card providers on traders for breaches of customers' card data could put many smaller traders out of business in the year ahead.
Visa for example imposes a fine of up to €18 for each stolen set of card data from European merchants, according to Barclaycard.*
"As in-store payments become more secure, cyber crime is migrating online," says Benjamin. "With lists of online stores readily available, it's easy for hackers to attack them en masse. The massive growth in online crime could make consumers more reluctant to buy online, especially from smaller traders.
"Breaches of security are also getting more expensive and it's the small firms which are worst affected. Given that it takes six months for the average trader to realise they have been hacked, those for example with 100,000 transactions a year, could face a fine of roughly €450,000 – a sum beyond the means of many SMEs.
"Magento and other e-commerce platforms release regular software updates in response to threats. However, most website developers and owners are very slow to update software because it's a fairly complex and costly process, or the assumption is made that the web developers will automatically take care of security which is generally not the case."
The scans were carried out using Foregenix's free online scanner, WebScan - http://webscan.foregenix.com