You’ve finally decided to offer your amazing product for sale on your website! Congratulations! Whether you are selling company swag, delicious treats, or vacation getaways, one thing remains imperative, you MUST protect your customers and yourself from hackers, attackers and thieves. Adding an ecommerce capability is great for your business, but also opens your site to all sorts of new responsibilities and potential security risks.
For both you as the store owner and your customers, being the victim of an online security attack can have serious consequences. Hackers getting ahold of sensitive data, including customers’ personal details, credit card information or business data, will cause multiple bad things to happen for everyone involved. Firstly, customers will lose trust in your business and may avoid business with you in the future (especially with your ecommerce site that was compromised). This could ultimately hurt your brand and reputation. An incident gaining media attention could take years for your business to regain past and potential new customers’ trust again.
In October of 2015, we described some basic website security concepts in Web Security 101: Making Your Website Safe(r). All of the items we presented should be evaluated for every site, no matter what purpose. In this article, we go to the next level of detail specifically focusing on ecommerce website security, which is extremely important for you as the shop owner and for your customers. We suggest these additional four tips to ensure that you, your customers, and your business are putting the safest foot forward when dealing with ecommerce websites and transactions.
1. Use a well established ecommerce platform.
There are multiple options when either integrating an ecommerce capability in your existing site or standing up a new one. Make sure you choose a platform that has a large usage and support community. The platform development should be active providing updates regularly, especially soon after major bugs or vulnerabilities are discovered. The other benefit of a well established and actively maintained ecommerce platform is that many of these products have done extensive testing and compliance verification due to the potentially sensitive nature of the information they work with and services they provide. Anytime financial and Personally Identifiable Information (PII) is involved, you enter in a new level of responsibility as a product and service provider, and a good ecommerce platform will help relieve you of the complexities of this responsibility. In general, the more popular the platform, the more tested, vetted, maintained, updated, and compliant it will be.
2. Always use a secure connection.
So what does this mean? This means protecting the information between the customers’ computers and web browsers to the ecommerce site handling the online transaction. This is accomplished by encryption and prevents important financial and personal information from being stolen. So how do you do this or are you doing this already? If the address to your site and/or ecommerce site to the outside world start with “https://” or, depending on the browser, you see a green padlock (or no red X) in the address bar, your site uses secure connections. If access to your site starts with “http://” (missing the “s”) or there is no padlock in the address bar, the connection is not secure and could be snooped by hackers. Using a secure connection requires purchasing a digital certificate from a trusted provider like a dedicated digital certificate firm or from your hosting provider that partners with one. This is commonly called a SSL (Secure Socket Layer) certificate. For ecommerce, you need to be using SSL for ALL online transactions (actually you should use the newer TLS, but that is a topic for another time). Secure websites are also just good practice in general nowadays and have other benefits like SEO ratings where popular search engines will even give your site a search engine results page (SERP) boost just for using secure connections. It is best practice and helps protect you and your customers during online ecommerce transactions.
3. Minimize storing sensitive data.
What do we mean by “sensitive data”? Detailed information about your customers is considered sensitive, like name, mailing address, billing address, phone number, age, social security numbers, etc. Now some of this information may be essential to your business, but understand that this is type of data is considered Personally Identifiable Information (PII), and if you store it, you have a responsibility to keep it safe. If you don’t, and this information is stolen from your site from improper protection, you may be held legally responsible for any damage incurred. However, the main thing to NEVER store is customer credit card information. The risk of being hacked and losing this data greatly supersedes convenience for returning customers. This is where compliance, rules, and law fits in, and if you are a small business, trust us, you don’t want to have to worry about PCI DSS compliance. The most basic rule is: If you don’t store it, it can’t be stolen. This is the safest and easiest approach for online shop owners and ecommerce. This also gets back to tip #1 above where well-established platforms will help you by taking care of the compliance and security details of sensitive data.
4. Set up system alerts and regularly monitor your site for suspicious activity.
Regularly monitor your ecommerce site for anything that appears strange or suspicious. These types of events may be the sign of potentially fraudulent incidents. Many ecommerce platforms and other third-party tools can aid you in this process, but the best detection tools is human analysis. If you keep tabs on your ecommerce transactions and you get an alert from the tools and something doesn’t seem right, chances are something bad may be occurring that needs to be addressed.
While this may sound confusing and maybe even somewhat scary, an ecommerce capability is a huge benefit to most businesses and lets them reach customers that a traditional brick and mortar shop never could alone. There are many tools and resources out today that help make this very easy for business owners to stand up an ecommerce site, but there are many things to consider and responsibilities that come along with doing so. At aJuxt, we can help you give your business a digital sales presence and guide you through the complexities of ecommerce websites.
Questions? Concerns? Contact aJuxt to see how else we can help your site’s security.
### Written by Seth Hellbusch — aJuxt’s Site Security Specialist