Do you know Shoptet? The platform with the motto E-shop in a few clicks offers quick solutions for creating online stores and in our opinion, it’s currently one of the best products of this type on the Slovak and Czech markets. For some types of businesses, this is the ideal way to transfer their business to the online environment. However, when using it, it’s also necessary to take into account the risks. For example, data security. You can implement a number of third-party plugins into Shoptet. One of them allegedly accidentally downloaded the data of all customers of the stores where it was deployed on April 1. Thousands of names, addresses or phone numbers went to the MonkeyData headquarters.
The inconspicuous plugin is similar in functionality to Google Analytics – it helps you track product statistics and customer data – where they buy from, how often, how long it takes for them to complete their purchase, which products are most popular and so on. It initially refused to admit that along with this harmless data it had taken a huge number of others. One morning, owners of e-shops running on Shoptet with the additionally implemented MonkeyData plugin simply found a complete export of orders and customers made without their knowledge in the records. More complaints started coming in after the first one and Shoptet, although innocent in the incident, was forced to release a data leak statement at the end of May.
Finally, the MonkeyData plugin admitted to the unwanted export – the owner claims that the data was downloaded by mistake and it was automatically deleted. Whether this is true remains questionable. Discussions have heard from those who had their data downloaded, even though their e-shops were only in the testing phase, or those who had the plugin uninstalled already. Shoptet is therefore under pressure to improve security and additional control of the functioning of both the plugins and the rights with which they operate. We believe that its developers have learned from the incident and will soon bring an update that will make working with this e-commerce platform even safer.
How to protect client data?
Managing an entire e-shop on your own through an open source platform is a great idea, especially in terms of saving time and money. Everything essential is in the basic interface and if something is missing, just search for the plugin and download the most used one. When installing, however, few administrators read the terms of use or are interested in how the plugin was developed and whether a hacker can enter its code and completely change its functionality. They just need it to work. And it’s this ignorance that poses the greatest risk. An ordinary user has no chance to find out where the data is sent and what the plugin is using it for, or how to proceed if they want to delete their data from the plugin databases. Until this problem is solved systemically and globally, ensuring the security of users’ data is in the hands of e-shop owners.
So how do you make the right choice?
- For free? Instead of money, they may take something else – Free plugins and add-ons are usually developed on the basis of free access to codes – everyone can add what they like. At the same time, as these are free services, they rarely have any support behind them, an employee who actively deals with clients in case of problems or solves code errors.
- No reviews? Suspicious – Before installing, read the discussion on the plugin, ideally go deeper in the history. If something was wrong, customers would have definitely spoken up and written a sincere review of the add-on. And also watch out to see if any of the creators have responded to these reviews. If not, you probably won’t be able to get help in the future.
- Bet on something proven – Today, there’s a dozen systems on the market, behind which are teams of honest people who want to help small and medium-sized entrepreneurs break through online. Typically, these are larger platforms (e.g. Money ERP), which help shops connect their brick-and-mortar store or office business with the online world and thus make the services and goods offered by them available to a wider target group. In addition to linking information on inventory and accounting, they often offer additional improvements – statistics on sales of products and customers similar to those provided by MonkeyData or Google Analytics. However, these external systems connect directly to the e-shops individually and thus there’s no risk that data from one store will end up in the other or appear in the hands of an unknown third party.
With us, data is safe
We also use third-party plugins and services – each of our e-shops has, for example, implemented Google Analytics or SEO optimization tools. However, we are cautious and guard our clients’ data:
- Each online store managed by us has its own database, which is protected and is not shared with any other e-shop.
- Exports can only be seen by the eyes they are meant for and no unauthorized person can access them without authorisation or password.
- We program connections with external systems, such as Money ERP, ourselves and we determine which data these systems can use and in what way.
- We develop add-ons, such as a system for adding discount codes or competitions, ourselves in a closed environment, so that no one who could harm it can access the code.
- We draw attention to possible problems in advance – in order to prevent the entry of potentially dangerous or faulty data into e-shops, this year we plan to implement a system notifying the customer in the event of unusual data occurring in connection with an external system (product price is missing, loss of a group of goods, products are repeated, etc.).
And why are we so careful? We believe that our customers’ clients’ data is their greatest value. We value every piece of personal data, but also behavioural statistics or demographic value, and we treat them responsibly. Because only if you know people who buy from you, you can choose the right products and services for them. And people will only tell you about themselves if they know that this information is safe with you.
