Klarna Docs - Security recommendations

Security recommendations

Klarna is always taking security seriously and we would like you too as well. Please see our security recommendations below, let's fight against fraud together!

For Magento users: Read how to defend your webshop from Magecart here

Your website is your brand, your storefront and the first contact with customers. It is your identity. If it is not secure, business relationships can be compromised and a single security breach can be a death-knell for your business.

The threats can come in many forms:

  • Infecting a website with malware in order to spread that malware to site visitors
  • Stealing customer information like names, email addresses, credit card and other transaction information
  • Adding the website to a botnet of infected sites
  • Hijacking or crashing the site

Security breaches may not only affect your consumers, it also affect you and your business. Breaches can come with high fines, penalties and other costs. Your business can be only successful if you build up trust and a vital relationship to your customers. Even if a security breach at a small business website maybe doesn’t trigger a data breach, it can still have a huge impact on customer trust.

The most reason why people don’t lock up their website is lack of awareness of the risk and consequences. Many falsely believe being a small business means being too small to be noticed by hackers. Most hackers are using automated tools to find vulnerable sites and they don’t differentiate between small and enterprise businesses. Threats and attacks are everywhere, be prepared now.

If you see anything suspicious, the checkout looks weird, or you detect anomalies in your transaction processing - reach out to your established Klarna contact (for example delivery manager or merchant support) immediately.

  • Keep your merchant software up to date by always installing the latest patches
  • Scan for security problems if a scanner is available (e.g. https://www.magereport.com if using Magento)
  • Keeping up to date applies to all software in use (operating system, web server, frameworks, plug-ins etc)
  • Limit the number of user accounts to the merchant software with administrative access rights to as few as possible.
  • Delete accounts for employees or contractors that no longer work for you (also delete any unknown accounts)
  • Don’t share the same account between users (so that it is possible to track who has done what if something happens)
  • Use strong passwords (10 characters or longer)
  • Enable two-factor authentication (2FA) if available
  • Enable logging of admin actions in the merchant software
  • Monitor for suspicious admin activities