Is my Shopify store safe from hackers?

Shopify is one of the best platforms to have an e-commerce store. Easy to use and easy to maintain, fully integrated with payment processing and feature rich. In fact, when a client asks about an e-commerce platform for a lightweight store, we recommend Shopify on the first of few candidates.

As in any Software as a Service (SaaS), Shopify does need security measures that are not always clear to the user. A common mistake is to associate that any cloud hosted application (like Shopify) is simply safe from hackers because it’s on the cloud. Apart from offering a good level of security, the store owner must take a few actions to protect his/her account from hacker invasions.

Yes, unfortunately, there are many people like her.

Small business-owner Andi Rosenberg lost tens of thousands of dollars last year when her Shopify account was hacked. 

Starting on November 23, 2020, payments from her Shopify sales began being deposited in an unknown bank account without Rosenberg’s knowledge. On her Shopify account, Rosenberg could see the daily sales being paid out. But, her bank account, which she only checks once a month, wasn’t getting any of the payouts.

On December 29, a Shopify support specialist emailed her about “detected suspicious login activity,” and she needed to confirm her bank account and identity. That’s when Rosenberg checked her own bank account and saw she was missing thousands of dollars from her Shopify sales. 

What happened to her store?

Apparently, a hacker was able to login to her Shopify account and switched the bank account for deposits. The store kept selling as it should, but payouts were directed to the criminal’s controlled bank account, so she lost $ 55 thousand in sales.

Indeed she might have received an email warning about “suspicious login activity”, but this is often hard to keep track of. We receive dozens of emails everyday.

Don’t worry, in this article you will be able to apply the basic security guidelines to your store and avoid hackers from hijacking your store.

Make your Shopify safer right away!

Ok! Let’s follow a few steps to increase the level of security of your Shopify store.

1. Log into your Shopify store account and get to the main dashboard

Get to the main dashboard:

On the top right corner, click your username and expand the menu. Click on the option “Manage Account”, as below:

2. Navigate to the security tab

In the “Manage account” click on the “Security” tab as in the screenshot below.

3. Make sure you have a confirmed recovery email

If your Shopify account or even your main email account gets breached or compromised, a secondary email will be used by Shopify to confirm your identity. So, make sure you add an confirm your secondary email address. To confirm, you just have to open your email inbox and click the Shopify link.

4. Enable two-step authentication

Enabling two-step authentication will prevent hackers from hijacking your Shopify account because they would need your phone to log into your account.

To set up two-step authentication in Shopify is very simple. Click on the button “Turn on two step”, as shown below:

After clicking, you may be required to re-type your password. Now, the most popular way to setup two-factor authentication on Shopify is by using an authenticator app.

So, make sure you see the page below and click “Authenticator app”:

Now, you need to download an Authenticator app to your phone. Either on Android and iOS devices, you can download one of the following Authenticator apps:

  • Microsoft Authenticator. For a complete solution, MarqSecurity recommends Microsoft Authenticator.
  • Google Authenticator: For a simple solution, MarqSecurity recommends Google Authenticator.

So, just go to App Store if you use iOS or Google Play is you use Android and download one of the apps above.

After downloading one of them, you just need to launch it and follow the steps to include a new account.

The main step is to launch the camera from the authenticator app and point it to the QR code is now appearing on your Shopify page. Once it recognizes the QR code, it will start generating 10-second codes. You are required to write the code on Shopify to confirm your two-step authentication process.

We’ve jammed our QR code from Shopify due to security reasons.

What changes?

Now, every time you want to log into your Shopify account you are going to be required to open you Authenticator app and paste the current code for Shopify. This is one of the best ways to prevent hackers from invading your account even if they have your password.

5. Recovery Codes

Doing this process is as important as setting your two-step authentication. If you somehow lose your phone (obviously losing access to you Authenticator app), the easiest way to log into your Shopify account again will be typing one of your recovery codes.

The safest way to store your security codes is by printing them and storing them somewhere easy to find but safe at the same time.

On the same page, you will see the “Recovery codes” section. Click on the “View codes” button and print them. Also, make sure you’ve been through the processes above otherwise you won’t be able to access your recovery codes.

Leave a Reply

Your email address will not be published.