How To Take Charge Of Security Threats To Your Ecommerce Business
A single hacker attack on your website. That’s all it takes to steal credit card information from your ecommerce site.
Once that happens, your business profits will be heading downhill like a very bad day on NASDAQ. However, while stocks can always rally back the next day, your business may not be that lucky.
If you want people to use your website for ecommerce you have to protect them and your data integrity.
As a self-made CEO, if you want to know about the dark side of the Internet, all you have to do is read the newspapers or consult news-oriented tech blogs. Not a day goes by without news of some group hacking a website, and ripping off sensitive data and credit card information.
With cybercrime on the rise, how do you protect your customers? How do you make it safe for them to shop with you?
Begin by making sure that no unauthorized people get access to your admin panel. You can do this from the very start of your business by picking the right ecommerce platform. This does not mean that the code has to be from a private tech company that will charge you top dollar. It’s fine to use open source. Just make sure that you pick one that that uses an object-oriented coding language.
The purpose of being picky about your ecommerce platform is that you want to make your admin panel only be available on an internal network. So avoid a platform that uses servers accessible to the public.
While this will go a long way to ensuring security, why not go a step further. As an additional precaution authenticate internal users. One strong way to do this is through multi-factor authentication that uses image-based challenges to generate one-time passwords. According to RevTap, this is how it works: “The user attempts a transaction on a website, such as logging in to an online account. An SMS text message is sent to the phone number registered with the user account. Contained in the text message is a hyperlink that, when tapped, opens an image-based challenge in the web browser on the user’s mobile phone. The user follows the instructions to tap the appropriate pictures, then taps to approve or deny the requested transaction. The user's selection is sent back to the Confident Technologies servers for verification. If the user completed the image-based challenge correctly, the web page on the PC proceeds automatically.”
Protect Customers at Checkout
What about the public side of your business—your online checkout features? You want to make sure that this is secure as well. You can be PCI compliant by using a powerful Secure Sockets Layer (SSI) authentication. This will protect web and data. For your business to grow, you must assure your customers that you have your act together so use SSL certificates. This does two things: first, it authenticates the identity of your company; second, it encrypts the data flying through the Internet.
You can even make your security even stronger by using the Extended Validation Secure Sockets Layer (EV SSL). Also be sure to display reassure customers by displaying the SSL security seal. SSL certificates makes it difficult for fraudulent purchases because it compares the address entered into the form field with the address the customer has with their bank or credit card company.
Besides SSL, another way you can improve customer security is by asking customers to only use alphanumeric passwords. This can be done by issuing simple, yet clear instructions when they register with your site.
Observe PCI Standards
When it comes to data breaches, the biggest news is usually about how huge department stores have lost hundreds of credit card information on file. However, this would not happen if their IT staff had observed clearly spelled out PCI standards.
According to PCI standards, a company should not store customer’s credit card information. There is no reason for it. Storing numbers and expiration dates and card verification value codes (CVV2) is positively dangerous. While it may be convenient for customers, it poses a big security risk. Of course, it may be necessary to hold some credit card information to handle refunds and chargebacks, but old customer records should be purged after a realistic period of time.
While you may do your best to ensure that you have secure systems in place, unless you train your staff to avoid compromising security, it may all be in vain.
Employees must be made aware that they should never text or email sensitive data when communicating with customers. It’s only too easy to leak information this way when customer service or technical supports are using chat portals and customers are insisting on getting this information because they have forgotten it.
Besides training employees in communication protocols, employees also need to learn about privacy laws and policies related to customer data and how to keep this information safe.