Editor´s note: This is a guest post by Megha Parikh, an interactive DIGITAL MARKETER with the passion for achieving success.
Like the wolf’s eyes that always preys on the hen’s pen, a hacker’s eyes always scurries to steal your online store’s data. Hackers are ripping off credit card information, personal identity credentials and even sensitive organizational data (including those of governments) from online databases. The Internet is not a safe place to hoard your data anymore. For eCommerce businesses, the risk is even grave. The entire business model is pillared on trust. In the words of Jack Ma, the founder of Alibaba, “For eCommerce, the most important thing is trust.” We can’t agree anymore. The moment customers start losing trust on your website, they will start logging into your store. With that conversions will go down a spiral pulling your store’s profitability along with it. That said, the security worries of eCommerce business owners are mounting. They are left clueless about:
- How to keep sensitive information safe?
- What counteractive measures should one adopt?
- What common mistakes must one steer clear of?
We’ll explain all this and much more in this article.
Choice of eCommerce Platform
The first step to guarding your online store begins with choosing a reliable eCommerce platform. An eCommerce platform is what a foundation is to a building. The stronger the foundation, sturdier the building will be. There are a number of secure and reliable eCommerce platforms in the market like Magento, Shopify, BigCommerce, WooCommerce, Prestashop, etc. to pick from.
Be informed that each platform has its own native features and extensions which can make a sea change to the way you transact your online business. While making a final choice, check for scalable security provisions. Preferably, third party security extensions should also be easily integrable with the platform. Also, make it a point not to pick a platform that runs on expired or near-expiry versions. For instance, Magento has several versions starting from 1.x to 2.x. The older versions may not boast the level of security and functionality that recent versions offer.
Choice of Hosting Provider
Choose a hosting provider who is vested in online security as much as you are interested about your store’s security. It is practical to opt someone who offers all or most of the following:
- AES encryption
- Scheduled/Regular backup program
- Network monitoring
- Round the clock technical assistance
- Immediate disaster recovery
- Swift service
At the least, ensure you go with a hosting provider who can keep your store up and running without downtimes interferences. A safe bet will be to opt for quality and reliability over cost-affordability.
Have Less, Lose Less – Don’t Store Sensitive Information
If you have 20 dollars, you have the possibility of being stolen of 20 dollars. If you have nothing on you, there is no chance you are going to be robbed. The same with sensitive information. Critical records of customer accounts, usernames, credit card information, etc. need to be kept far from the reach of hackers.
The best way is to store them in offline servers which can be accessed when need arises. As for the what to store online, keep only those records relating to immediate chargebacks, returns or exchanges that need to be processed.
Give Green Signal to HTTPS Encryption
Google hinted in its 2014 I/O Conference that it is going to introduce HTTPS encryption as a major ranking signal for search engine ranking. Apart from the boost that Google will give to your page, you can also make your customers trust your store with an EV SSL certificate. An EV SSL certificate can make your website look trustworthy in the eyes of customers. It works by adding a green HTTPS prefix to the URL and a green padlock symbol on the address bar. The primary benefit of SSl certificate (some refer to it as TLS) is that it encrypts transmission of data between points, i.e. the web server and the browser. Studies like these from Digicert have also proven that websites with HTTPS encryption enjoy higher conversions than without HTTPS encryption.
Stay Compliant, Stay Safe with PCI Compliance
The PCI (Payment Card Industry) requires every website processing credit card or online financial transacting websites to perform certain security tasks. Annual vulnerability risk assessment is one such requirement for PCI compliance. There are various levels to PCI compliance. Depending on the number of transactions your business transacts in a year, the level of PCI compliance will vary. If your online store has 20,000 transactions or less, then it is required to conduct an annual risk assessment using a self-assessment questionnaire.
Bonus Tip: leave too much of time gap between successive assessment. Do it periodically based on schedules.
Update Software, Plugins, Templates, etc.
All eCommerce websites have at least few plugins, extensions or templates running in the backend. They are easy to configure, deliver results that are quite difficult to achieve through coding.
Well, they have their own downsides too. To begin with, these plugins may not be so good at withstanding hacking attempts. They might have potential loopholes which can be exploited to gain backdoor entries into your store and its databases. An ideal way to ensure that the extensions, plugins and everything else you use in your website is always updated for security. Most extension publishers release periodical security updates that can thwart the latest hacking trends and practices.
Strengthen Perimeter Defenses
Do you know? Most of the hackers get into your websites by exploiting weak or broken links in your website. Things like firewall, VPN, etc. go a long in preventing that. Compare such security measures to a home’s perimeter defense. When the perimeter defense is equipped with a card wire, there is no possibility of infiltration. Similarly, your entry points when guarded with a firewall ensures that only authorized users are allowed entry. Alternatively, you can also set up a user password system where the user must use a minimum strength password. Without setting up such a minimum strength password, the user must not be allowed to log into the store.
Address & Card Verification System
An Address Verification System or a Card Verification Value is a great way to weed out the possibilities of fraudulent charges. It is a win-win situation for you as well as your customers. The CVV is the three or four digit number that is imprinted on the back of user’s credit or debit card. The user and none else has access to it. Combined with One Time Password, it is a formidable security measure that can prevent online credit card information leaks. Asking for direct input of CVV on checkout has become a default process for most online stores. It ensures that only those payments which the customer is sanctioning is getting through.
Employee Training and Awareness
When it comes to organizational information security, employees seem to be lethargic in practicing password hygiene and safety. We all have that peer in our office, who keeps the username and password in broad daylight to be seen by all. Nothing could be more dangerous than this. This login credentials in wrong hands can spell doom to the entire organization.
It is never too late to make your employees aware of the pitfalls in sharing passwords, login credentials, use of USB devices, unsecured networks, etc. Even if they are shared, they must be immediately replaced with a new password to sustain security.
Some headers to make your employees practice password safety:
- Suggest them to use strong passwords containing a combination of alphabets, symbols and alphanumeric characters
- Set a password expiry period. Every password must be changed every month or quarter
- Deactivate user accounts and their credentials as soon as they leave the organization
- Instruct employees to abstain from writing down passwords anywhere
In a Nutshell
Let’s face the hard truth. Protecting your eCommerce store and your customers from harm’s way is not easy. Each day the cyber crime rate is increasing by arithmetic proportions. So swift that nations are setting up separate agencies to monitor and curtail fraud and scams targeting eCommerce. While they are doing their part to ensure online safety, you as a business owner must also ensure that the eCommerce store is geared up in all possible manner to prevent cyber attacks.
What we said till now, is a brief compilation of proven practices. Implement them. Stay secure. Sell more.
Author´s Bio: Megha Parikh is an interactive DIGITAL MARKETER with the passion for achieving success.