Any security risks comments on the above 'aggregator' sites will be much appreciated.
Also, Credit Cards customers will be directed from above sites to our secure webpage:
what are the precautions to watch out for? Any possibility of MITMA (but they are
using ssl ie https, so already mitigated against MITM?) or spoofed redirects to our page?
We are getting external provider to do 'tagging': the external vendor will
1. implement tagging on above 4 sites to track the no. of leads directed : 1st tag
2. implement tagging at our secure site to track the no. of leads directed: 2nd tag
3. implement tagging at our secure site to track the no. of leads directed: 3rd tag
No passwords/credit card/PII info will be stored in above tags, what other precautions
or mitigations we have to watch out for/put in place in the above process or how
do we assess the tags & the tagging process?
Is it crucial to have WAF at our secure site prior to implementing the above & tagging?
Is there any specific IPS signature/filter & secure coding to put in place (in case it is
prone to XSS & injections) ?
Above link lists some risks, so I'll need to know if the tagging we are going to implement with
respect to the four aggregators sites will have the following issues & how to mitigate them:
•Control and Ownership: When a site owner puts third-party code on their site, control over the data collection process is ceded to the third-party provider. The more tags, the more third parties with control over the site owner’s data.
•Privacy: Multiple tags on a website put privacy at risk because third parties have access to the data collected on the site (see Control and Ownership above). Also, many brands must adapt their sites to comply with privacy regulation across markets and geographies which becomes increasingly difficult when data collection is in the hands of third parties.
•Data loss: Sometimes tags fail to fire. For every failed tag, data is not collected and revenue opportunities may be lost.
•Piggybacking: It is possible for tags to be chained together through a process called “piggybacking.” This enables tags to be appended to existing tags already in place on the website without making any changes to the page code. Piggybacking can add dozens of tags to a site and introduce services that the site owner may not be aware are on the site. Read more about the history of tags, tag containers and piggybacking on the “History of Tags” page of our website. Control and Ownership: When a site owner puts third-party code on their site, control over the data collection process is ceded to the third-party provider. The more tags, the more third parties with control over the site owner’s data.