Our new security screening has been in place for a couple weeks. This service works by screening every visitor to our site for valid IP addresses in relation to the location and identity provided of a user. With a dramatic increase of hacking attempts that rely upon finding vulnerabilities in websites it was imperative that we took measures to protect you, your data and our own.
Over the last few months we were seeing a large number of fake user accounts created using known previously compromised email accounts. Their mission is to find a backdoor to hack our database or to find a means to access connected services – such as our payment gateway. Although there was no signs of this actually happening, a known vulnerability in our eCommerce system existed. We were only informed of the existence and severity of this vulnerability when a fix was implemented by our software provider. It is common for not releasing the details of such a vulnerability before it is fixed as a means to not hand out instructions to hackers on how to exploit it. Since we don’t have a very robust infrastructure for our website, we are relatively in a better situation than others. We opted for this service over using CAPTCHA, which requires an extra step or 2 in the process and is not always user friendly.
Since we have implemented this screening process we have also seen a decline in actual web traffic, and zero new user account created. This is concerning to us as it may be an indication of “false positives”. With the growing use of personal VPNs (virtual private networks) it is possible that those who use a VPN will get flagged when using our website despite not having any nefarious intent. To keep it simple, VPNs work by creating a partially hidden path when exploring the internet. They can even spoof what country you are in by routing you through a server in another country. This is a legitimatized version of what hackers will do. There are other ways a person accessing our site can get flagged. If your email was being spoofed to be used by others. Much the same way as robocallers are spoofing legit phones numbers to scam people, they have been doing it with email longer.
If for any reason you are unable to create a user account when shopping with us, or unable to complete a transaction, please notify us immediately. We wish to make sure this system works as intended without creating a problem for legitimate customers. If our shoppers cannot shop with us then there is no point in this protection. Ultimately we wish for your experience to be safe and secure as well as reliable.
Customer Service: email@example.com