Security and customer experienceWould you shop at your local store if you suspected, even for a second, that your card might be swiped for data? We’re guessing not—and all your customers feel the same way about shopping with you. Security for e-commerce is a must-have; you need to constantly reassure shoppers about your security operations—in both subtle and obvious ways. Don’t launch headfirst into running an e-commerce business without appreciating the features of retail security.
- Invisible security – The website works fast and returns minimal errors.
- Visible security – Overt trust signals like secure payment gateways and guarantees are displayed to the consumer at regular intervals.
The security risks your need to knowIt’s hard to believe that people would actually target your new store, but online hacking is indiscriminate, and any store is immediately vulnerable just by being ‘live.’ So, what sorts of things do you need to protect yourself against? Here are some common security risks:
- Denial of Service or Distributed Denial of Service attacks — This is when your site and server are flooded with malicious queries that stop your website from working properly. It basically overwhelms your site, paralyzing it. These attacks can keep your site out of action for a long time and negatively impact sales. These are to be avoided at all costs. Keep your server and site safe; DoS attacks can come from a variety of different sources, including through applications, traffic flooding, and an overwhelming amount of server-side requests.
- SQL injections — This is where people attack your web forms or any other query parameters on your site (like dynamics URLs ) to gain access to your database. They can then inject rogue code into your database that can gather your data as well as delete it. (To protect yourself against this, you will want to use parameterised queries — limiting the queries people can request through your site).
What does a secure online store look like?No matter how you choose to sell online, you need to select an e-commerce environment that is secure and frequently updated. The key is your ability to control the shopping environment, as code changes can be deadly.
- Popular open-source e-commerce technologies like WordPress and Magento may be slightly more vulnerable to large scale attacks, but that doesn’t mean they should be avoided or that they aren’t secure. (Here is your guide to WordPress site security.) You just need to make sure you install as much security functionality as you can and that your site remains frequently updated.
- Third-party plugins and ads open your site to vulnerabilities, so make sure they are secure and updated. Some software like Java and Adobe Flash aren’t very secure. Try to avoid sites that rely too heavily on these.
- A hosted web environment like Shopify is a secure option that’s good for beginners as it’s relatively hands-off; take advantage of their 24/7 online store support to quiz them on security option. Afterwards, you may want to install an additional security element.
- Third-party marketplaces have varying degrees of security; they are generally good, but big sites like Amazon do tend to become big targets for hackers. Just make sure that you use secure passwords and that you periodically back up and wipe unnecessary data.
- Selling through social media is easy for both the consumer and seller, but there are many potential security risks with social media, especially when you’re accepting payments through an application that wasn’t designed to do so.
- Your hardware and server safety are super important, too. Don’t skimp on hosting and hardware costs. As your business grows, you are going to need robust systems that allow for that growth.
Payment and customer data securityOne of the biggest e-commerce vulnerabilities is your payment process, and any security breaches involving customer payment data tend to get A LOT of press. Storing people’s payment details is your most important job as an online merchant, so make sure that you are clued up on payment security.
- Renew SSL certificates and ensure total PCI compliance. (Tripwire offers PCI compliance 3.2, which is ideal.) The requirements do change, and you need to regularly update certificates, so try to keep on top of this.
- If you are using a third party vendor, ensure that you understand how they are dealing with customers’ details. This is still your customers, and they won’t let you off the hook if something goes wrong for them. PayPal is popular with people as it’s easy and offers great protection for buyers, but the system does have its own quirks: they are allowed to freeze assets whilst they investigate transactions, which can be tricky for cash flow.
- Prominently display payment trust signals and logos on your payment pages. Make paying easy, but don’t unnecessarily store customer data, either. Encourage customers to use strong passwords.
- Verify card and address details to reduce the risk of fraudulent transactions. This can sometimes cause minor inconveniences for customers, but it’s all part of operating a safe business. Use unique tracking numbers for every transaction to combat chargeback fraud. Geo-targeting can also help eliminate fraudulent transactions. (Watch out for non-monetary fraud too, like the distribution of fraudulent voucher codes.)
Importance of staying up-to-dateUpdates are super important for security; vulnerabilities or attacks are often caused by slow or inadequate updates to software, code, and hardware.
- When doing a major update, back up your store and its assets for safety.
- Updates to your content management system and its plugins all need to be implemented rapidly. Third-party plugins can be especially vulnerable to attacks, so only install the ones you definitely need.
- Slimming your backend code from time to time is a great way to spot any lurking issues or vulnerabilities.
Create a culture of safetyFor new retailers, a lot of security comes down to attitude. Don’t spend all your efforts on expensive marketing and product photography and then invest peanuts in the actual security and longevity of your business. Security is something you need to take seriously, and with all the possible solutions out there, it’s not that hard to partly outsource your cyber security.
- Don’t just buy security software and expect it to do all the work for you. You need to educate yourself about different layers of security to be in full control.
- In the need for speed, customers often go for easy passwords. Encourage customers to set secure passwords using a traffic light system, and make the use of special characters and numbers compulsory.
- Make sure that staff understands how to treat sensitive customer details. The biggest security breaches still come from human error.
- You want to have no vulnerabilities in your supply chain. Make sure that your retail outfit is as secure as your web one.
- Security extends to hardware and servers too. Make sure they are checked and maintained by certified IT professionals.