You know it’s important to hire a certified Magento developer for all that they bring to the table: access to the Magento Resource Library and Technical Support, and experience in the Enterprise and Community. But what happens when you don’t use a certified developer? Unfortunately for a recent client, our Magento team found out during a site audit.
We inherited a recent B2C client’s Magento Community environment, which had been initially implemented by an offshore development partner. When it was time to update their site, the client came to our team of certified Magento developers for the job.
To kick off the project, our team executed a full site audit. Below are some of the issues that they came across:
Credit Card Skimming
The client had been using the default credit card module in Magento but upon our team’s audit, a core code modification was discovered. With this modification, a customer’s billing information was sent off to a third party’s email address upon checkout.
Given the setup of the modified code, it is very unlikely that the site had been hacked. This means that the previous development team had set up a code to collect credit card information as well as the customer’s personal information. A certified Magento developer would not illegally distribute customer information, and they would ensure that everything involving payment methods is PCI Compliant.
Additional Code Changes
Additional core code modifications were made that distributed admin and customer credentials to a third-party email address. This meant that each time someone logged into the site, whether admin or customer, their username and password was being sent off to an unknown party.
This customer login information was being sent to one email address, while admin login information and the previously mentioned credit card info were being sent to a different email address.
Incorrect Theme Implementation
This Community site was running the basic Magento Ultimo theme, however when it was installed it was not properly extended. Instead, when updates or changes were made, they simply overrode the theme without making it duplicate.
This setup makes it difficult to update the site without accidentally overriding any changes made to the theme.
In order to fix these preventable issues, our Magento team will have to complete a full Magento reimplementation. The code could have been compromised even more than what was previously discovered, and a full-site code review would take just as much time as, if not more than, a reimplementation. This fix will also ensure that the site theme is extended correctly.
For the past two decades, we've made it our business to help you work smarter. From commerce challenges to ERP customizations, we support the power of your big ideas by helping you work more strategically, more intuitively, and more efficiently.
2658 Scranton Road, Suite 3 Cleveland, Ohio 44113 216.369.3600