Ecommerce is a blooming business globally, which draws more and more players to the market, but along with this internet attacks from malicious users in the form of bots, denial of service attack, eavesdropping, SQL injection and many others are growing. In this article, you will understand how the CloudCart platform provides you with the necessary protection against all these threats and ensures a high level of security both during the checkout process and when using the store as a whole. You will learn which are the features that help you as a merchant to filter fake orders, threats, attacks from different sides and to keep your business in good shape.
In this section:
- System for monitoring and analysis of usage. The Kubernetes platform
- System for monitoring your website - a trap for "bad" bots
- Tokenized system
- Security of the checkout process
- Orders - Fraud protection section
- Security - Block clients IP addresses
System for monitoring and analysis of usage. The Kubernetes platform
This is an example website that we can take a look at:
Under the hood, however, we have something very special. We have several systems that manage the processes related to your users or the bots which crawl your site. Based on these tools, we can mimic and handle some of the attackers, probably most.
You would hardly notice any changes when you browse the website as a regular user. In the background, however, we have a complicated process for monitoring and analysing usage. We have a complex system that monitors the usage of the platform. We can block, delay or slow down some users based on certain signals we identify.
This brings benefits to you as a merchant. Imagine that you are a very popular brand that works online. Maybe you want to enjoy great popularity - you invest money in advertising and brand awareness. In this case, the likelihood of attracting hackers' attention is considerable. If someone wants to do you wrong, i.e. crash your site, he will have to investigate your platform and your weakest points.
But in CloudCart, the risk of this happening is minimized because the CloudCart infrastructure is built on Kubernetes - a Google platform. Based on this technology, we have different servers at different times, and all these servers are constantly changing, so your site's files are not located on a specific server. They are distributed among different servers.
System for monitoring your website - a trap for "bad" bots
We have a system to monitor the use of your website. This means that if someone, for example, browses your website in less than a second and makes several requests per second, it is not a person.
We can slow down these users, probably bots, from crawling your website quickly. Of course, there are conventions in the world for creating bots and crawlers, and most of the good players, white bots like Google, Bing, Yahoo, etc., bring their functionality in line with these conventions. However, this is not about good bots or crawlers but bad ones.
Of course, we are constantly building a list of "bad" crawlers, we have bot traps across the platform to identify and ban them. Most popular "bad" bots are blocked for CloudCart users, but if someone builds such a brand new bot, we need to be prepared. This is the place of this system to identify the use of the platform, user behavior. Based on artificial intelligence technology, we investigate and obtain this particular user (bot) and ban it because it threatens us.
Tokenized system
Imagine you have a home key and can share it with your friends. However, this key only opens specific rooms in your home, not the entire home. If you take the key from one of your friends, that friend will be blocked, he will no longer have access. This is how our stores work.
We give our customers the keys to your "home" - your store. But if someone is somehow identified as a bot, we will take that key out of your "home" and lock it. This technology gives us the ability to stop unwanted traffic to your website. Nowadays, bad traffic is three times more than good traffic.
With the three security systems described above you have an extremely stable ecosystem that is constantly monitoring your website for malicious users and blocks them from the entire platform in a timely manner.
Security of the checkout process
The checkout process is one of the most advanced technologies in CloudCart. Here is an example of what completing an order looks like:
A priority for the online platform is for the order completion process to be as simple as possible. Still, at the same time, the goal of the checkout process is to give all the necessary information for an order: products, discounts, payment, shipping, customer, and customer address.
Different marketing tools such as BumpCart, Cros-Sell and UpSell and countdown discounts increase the possibilities of checkout. The goal is to persuade your users that they have limited time and must take action immediately. This makes your business successful and increases the average order value and the most important metric - the conversion rate. The CloudCart checkout gives you an almost 2.5 times higher conversion rate than the standard one.
The checkout process is the Holy Grail of online trading, and if the CloudCart platform has any weak points that allow malicious users access, 90% of your orders will be fake. If today you have 100 real orders, but the orders are 1000, how much will you have to invest in human capital to filter the real ones? The CloudCart checkout process meets high-security standards and protects you against this problem.
Above all, the CloudCart checkout process is not accessible for bots, even Google does not have the right to access here. What happens if someone mimics software like a real person? Currently, technology in this regard is still poorly developed, and the only thing that can be done is to find out exactly who this person is. And if a person tries to harm you by making fake orders, you have several types of protection in the administrative panel of your store.
Orders - Fraud protection section
Go to your admin panel, Orders section > Orders and open a random order.
Each order in CloudCart has a Fraud protection section in the lower right corner. This section shows you the real IP address of the user. The IP address is checked on the basis of several points and it is judged whether it is safe to shop from it or not. If it is safe, it will be green, as in this case. If not, you will be notified here to be aware that there is a problem. Pay attention to the Fraud protection section, because your CloudCart store is equipped with a fraud protection engine that monitors absolutely every order.
Security - Block clients IP addresses
Blocking these days does not mean blocking an entire page, because if someone finds out that an IP address is already blocked, that person can look for another IP address, and so on. and this process will never stop. That is why the option was created that when you block a user he can browse your website and even make purchases, but you will not accept their purchases - they will be canceled. The user, of course, will see that the purchase is accepted, but at the same time CloudCart will deactivate or cancel this order. You can find this feature in Settings > General settings > Security and select 'Block clients IP addresses'.
Here you can add as many IP addresses as you want and they will be blocked automatically. All orders placed from these IP addresses will be marked as canceled orders, but users who place these orders will not notice this. They will think they are flooding your website.
Automatic cancelation of orders only applies to offline payment methods - Cash on Delivery and Bank Wire Transfer.
CloudCart's high-tech security systems will protect your store from any malicious attacks on the Internet.