intrus.io
Retail & E-commerce

Pentest for Retail and E-commerce

Offensive security in e-commerce, marketplaces, POS, omnichannel and loyalty platforms.

Request a retail proposalSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Digital retail is industrial-scale fraud. ATO, chargeback, catalog scraping, coupon abuse, inventory manipulation, free-shipping fraud — every vector that escapes is margin evaporating from EBITDA.

Applicable regulation

LGPDPCI-DSSCódigo de Defesa do ConsumidorLei do E-commerce

/attack-surface

Vectors we test in retail & e-commerce

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

E-commerce and checkout

Price, coupon, shipping manipulation, payment fraud.

02

Marketplace

Seller onboarding, payout fraud, review manipulation.

03

POS and ERP

Storefront, acquirer integration, cash drop, replenishment.

04

Loyalty program

ATO, points abuse, redemption fraud.

05

Omnichannel

Click & collect, ship from store, cross-channel return/exchange.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Large-scale e-commerce operations.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Retail & E-commerce

Do you cover PCI-DSS?

Yes. ASV scan and penetration test per PCI-DSS 4.0, requirement 11.4.

Can you audit marketplaces?

Yes. Seller onboarding, payout fraud, catalog and review manipulation.

/contact

Ready for a serious pentest in retail & e-commerce?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers