It is unambiguous why many e-commerce companies chose to use SAP S4/HANA as the application offers a reliable commerce platform that can help them reach the target audience easily while providing them with meaningful and consistent shopping experiences to customers. However, like all other emerging technologies, the enterprise resource planning software finds it being targeted by cybercrime, with at least 1,500 SAP application-related attack attempts recorded between June 2020 and March 2021 [1]. Why does this happen, and how can eCommerce companies prevent this?

The emergence of COVID – 19 since early 2020 accelerated e-commerce penetration and digital transformation drastically. Instantly, e-commerce became a critical sales channel for merchants worldwide as it provides a lifeline to a sector essentially shut down by the pandemic. It was recently reported that in Q1 2021, eCommerce sales reached USD 196.6 billion in the US alone [2], and is forecasted to grow globally by almost $11 trillion between 2021 and 2025 [3]. Even with restrictions being lifted and regions beginning to reopen again, the market is expected to reach $5 trillion in 2022 and $6 trillion by 2024 [3]. To meet the ever-increasing consumer demand, many eCommerce businesses integrate S/4 HANA into their operating system, which is understandable as the ERP software offers various benefits of digital transformation with a powerful web content management system. SAP S/4 HANA allows users to access high–quality content and production information with the advantage of SmartEdit for real-time page development and editing.

The myriad of cyber threats

With many eCommerce businesses using S/4 HANA, it is surprising that these companies are paying none or too little attention to cyber security, especially when at least 300 out of 1,500 SAP application-related attack attempts were successful last year [1]. One of the reasons cybercriminals are targeting the ERP software is due to the system's vulnerability, where 77% of the world transaction revenue goes through an SAP application, making it a lucrative prey [1]. And undoubtedly, e-commerce companies are the top target for cybercrime with their high volume of transaction values. MediaMarkt, one of the biggest eCommerce sites, got hacked by cybercriminal gang Hive last year, demanding €43 million ransom [4]. But exactly how and why are these fraudsters targeting eCommerce businesses?

Here are three ways these criminals take advantage of online retailers:

Account takeover fraud

Account takeover fraud occurs when cybercriminals gain access to a victim's login credentials and use them to steal money or information. Some hackers utilize phishing, malware, mobile banking trojans, SIM card swapping to steal login credentials. Once criminals take over an account, they can make payments to fraudulent companies, go on a shopping spree with stolen credit cards or make purchases on eCommerce sites where the victim has an account.

Bot attacks

Cybercriminals are also using bots to exploit online vulnerabilities of eCommerce sites. These fraudsters use bots to create, test and build fake online identities, monetize these fake accounts by taking advantage of free trials and bonuses and then selling them for profit. Bots can also be exploited to make small purchases using stolen credit cards, which are done to test the cards' validity before moving on to larger purchases.

Click – and – collect fraud

Due to Covid, one of the rising retail trends is to make shopping contact-free and to reduce face–to–face contact. Subsequently, the demand for "click – and – collect", the practice of buying online and picking up in-store, has also increased. The service is convenient for shoppers and fraudsters alike as it helps cybercriminals evade in-store point of sale defenses and gain same-day access to stolen goods.

Protect your S/4 HANA system from cyberattack

Staying ahead of cybercriminals requires a 24/7 approach to security that involves every stage of the customer's buying journey, which means taking steps to ensure that your eCommerce platforms integrate securely with payment processing applications and SAP back-office systems. Some measures on how eCommerce businesses can protect their S/4 HANA software from cyber attacks can be:

Securing systems integration

To protect customers' data from prying eyes, eCommerce sites must ensure communications between their SAP systems and third-party payment processors are secure. Hence, it is advised that these companies use SAP eCommerce integrations that meet SAP security standards.

Data digitalization

Manual processes are highly beneficial for cybercriminals as they do not scale to meet rising transaction volume. Thus, digitalizing processes and data by eliminating manual order taking and reconciliation can protect organizations from cyberattacks. Businesses should replace paper order forms, spreadsheets and sticky notes with a solution that integrates their eCommerce store with a payment processing system and back-office S/4 HANA systems.

Layers of cybersecurity

Ecommerce fraud tends to start with compromised customer data. Therefore, the first line of defense against cyberattacks should be a robust defense against phishing, malware and other attacks that hackers can use to steal customers login credentials and credit card numbers. For the first line of cybersecurity systems, companies should include:

  • Anti-virus for SAP solutions.
  • Protection against content-based attacks.
  • Solutions that protect web-facing SAP applications.

Due to e-commerce sites - especially with SAP systems - being prone to cybercrimes, companies must take preliminary measures. Systems integration, data digitalization, and simply investing in a thorough cybersecurity roadmap are crucial to protect themselves from the attacks that could cost their businesses a fortune.

Author Tran Diep Trinh