Seven Steps to Secure Ecommerce Trading
Chris | Sunday 1st February, 2015
Millions of people across the globe choose to shop online every single day for all manner of goods and services, from the weekly grocery shop to household appliances, clothing, electric goods, Christmas presents and everything in between. Consumer confidence in online retail has grown over the years but savvy consumers are still only going to purchase from websites that they are assured are secure ecommerce sites, especially in cases where they are required to enter credit or debit card details or other personal information. There are several steps online retailers can take to ensure both that their website is secure and that customers know this.
1. Using a Secure Payment Gateway
A payment gateway refers to an application that sits between your website and your consumer, it authorises and processes payments securely. Online payment gateways are secure and allow you to accept payments in a variety of formats without putting your customers’ details at risk. Other advantages to your business include being able to accept payments at any time of day or night and in multiple global currencies.
With most providers, you will have the choice of how exactly payments are taken. Your digital agency or web developers should be able to set up either seamless payments on your website, or taking your customer to a payment page within the payment provider hosted area, making payment and then coming back to your website for confirmation of their order.
Where customers are able to pay using trusted online payment service providers such as PayPal or SagePay they automatically feel reassured that their payment will be processed securely. This adds an extra layer of comfort and security as customers are not required to enter their credit or debit card details on each shopping site they use but can simply enter their PayPal details and use their preferred payment method that way.
2. Set up Secure Socket Layers (SSLs)
Secure socket layers or SSLs automatically encrypt any information passing to or from your website, the illustration above demonstrates how this looks on John Lewis’ website. Installing an SSL Certificate makes your website more secure and keeps consumer data safe from hackers by encrypting the data. It also helps to reassure customers about site security – where you have an SSL Certificate in place the beginning of your website address changes from http to https and a padlock symbol often appears in the user’s address bar. Consumer advice suggests looking out for sites with an https address and / or a padlock symbol, meaning your customers will feel confident using your site when these appear.
3. Become PCI Compliant
Once of a certain size, this decision will be taken out of your hands as an online retailer and you must comply or face penalties or a lack of willing payment partners. PCI DSS compliance (Payment Card Industry Data Security Standard) can mean many things, from changing your hosting status to changing the way you accept payments. Companies such as trustwave enable retailers to have their website scanned, in turn a report created will advise whether PCI compliance is met or in contrast, what areas are failing. A competent web development team can then make the necessary changes to comply.
4. Enable an Address and Card Verification Procedure
Setting up an address verification system and ask for the card verification value to help reduce the risk of fraudulent activity on your website.
The Address Verification System (AVS) is a fraud prevention inspired process used to confirm the address of a person claiming to own a credit card. The system checks the billing address of the credit card that the user has entered, with the address held on file by the customer’s credit card provider.
AVS is used when the retailer verifies credit card data, such as the customer’s billing address and post code, against the Visa/MasterCard billing information entered. The billing address held on file for the credit or debit card must obviously match the address that was entered by the customer. However, AVS only verifies the numeric element of the address, so certain issues can occur, such as flat or apartment numbers which could cause incorrect declines.
5. Use Layered Security
One of the best ways to prevent hackers from using tools such as Structured Query language injections to attack your site is to set up layered security. Begin with firewalls and add extra layers of security, not forgetting to include these layers within applications such as contact forms. The more different and varied types of security you can provide, the lower the chances of someone breaking through all of them. The negative effects of hacking is a costly and time-consuming affair, potentially causing brand and search engine presence problems, it’s something that all appropriate measures should be taken to avoid.
6. Provide Employees with Security Training
All the technological security measures in the world are no good if an employee sends out an email containing sensitive information or credit card details. Provide all employees with regular security training and ensure that every individual is aware of all laws and policies relating to the secure handling of consumer data. Keep written records of training and provide written policies and protocols to ensure each member of staff is fully up to date at all times.
7. Publish a Privacy Statement
While publishing a privacy statement does not in itself make your site any more secure than it already is, it does reassure customers. Privacy statements should include information on how personal data is stored and processed and whether or not any information is shared with other companies or organisations. Customers associate lack of a privacy statement with disreputable websites and are unlikely to consider your site secure without one.
If you are worried about your own website security, please contact Wish Digital today, we would be happy to advise.