Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks

Online shopping websites often lack basic security protections when it comes to PII, allowing malicious actors to capitalize on consumer data or perpetuate retail and hospitality scams.

The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online — to the tune of $11 billion in 2022.
However, amid the purchasing spree, consumers routinely share sensitive personally identifiable information (PII) on e-commerce platforms, including credit card details and addresses, and a recent
survey
by CyCognito explores the question of whether these sites prioritize security and compliance.
The report unveiled concerning insights on the risk of compromised PII, of which many remain unaware – and discovered substantial pitfalls in the security landscape of Cyber Monday e-commerce platforms.
Even though more than half (52%) of e-commerce Web apps exist in the cloud, the research indicated they arent immune to security vulnerabilities.
The study revealed 2% HTTPS, the the secure version of HTTP and a protocol for secure data transmission. This poses a risk to around 520,000 of the estimated 26 million global e-commerce stores.
Researchers discovered more than a quarter (28%) of these platforms operate without a Web application firewall (WAF), and nearly one in four (24%) e-commerce Web apps that collect PII are missing a WAF.
Additionally, nearly six in ten (58%) e-commerce Web apps collect user PII, raising concerns about data handling. Equally worrisome is that 78% of these platforms dont seek user consent for cookies, a compliance red flag.
The array of security issues doesnt stop there, with 13% of ecommerce Web apps throwing up certificate validity issues, and just under half (48%) of platforms have one or more cryptographic vulnerabilities.
The report also found that 2% of ecommerce Web apps carry critical security issues, half of which involve PII, and more than three quarters (76%) of these critical issues are easily exploitable.
Rounding out the research findings was the discovery that 7% of all e-commerce Web apps monitored had at least one issue from the OWASP Top Ten list, a commonly used awareness document for developers and Web application security.
On the individual shopper front, its worth a reminder that Holiday spending perennially catches the eye of threat actors, who exploit consumer behaviors and prey on the surge of online payments and digital activities
during the holidays
.
This has risks for organizations, too: Companies
continually battle
credential harvesting, phishing, bots, and various malware variants, with a recent Malwarebytes Labs report
warning
of a 50% uptick in credit card skimming in 2023 — and thats only set to get worse during the holiday shopping season.
Vandan Pathak, senior application security consultant at Optiv, says scammers are going to activate their plexus network of techniques to entice victims with fake promotions.
Individuals are highly advised not to entertain any messages or calls they receive which offer them direct holiday discounts, he says. In the past, we have seen individuals fall for these traps frequently and the number is going to increase during the holiday season.
He notes that individuals must be aware of scammers and fake gift card offers — often, these offers come with the light lift of filling out a survey.
Only, the survey is fake, and the sole result is your personal information is now in the hands of a bad actor, he explains. These have historically been quite successful tactics during the holiday months.
He adds security front liners, such as network security engineers or analysts, should be attentive to upticks in unusual activity in company environments.
Attacks on organizations during this time of the year are successful often due to teams guards being down, Pathak cautions.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks