Building A Safer And More Secure eCommerce Presence
Cyber criminals are getting smarter. And with more automation in the industry, cybercrime has increased year after year, with small businesses particularly vulnerable. Doing everything you can to protect your site and your users has become fundamental, whether they interact with your traditional or mobile site. Here are some tips to preserve the safety and security of your site, and reassure your customers that you’ve taken every necessary step to protect the integrity of every transaction. If they don’t believe it, they won’t transact.
1. Start with a secure and highly sophisticated object-orientated eCommerce platform. Separate administrative functions from public-facing computer servers and stay abreast of security updates and install them. Out-of-date software is a major reason sites are breached. Once a patch is available, update your site with it immediately.
2. Secure your infrastructure inside and out with tiers of security including firewalls, internal password protection, employee background checks, intrusion detection and protection against denial of service attacks — designed to bog down your site with a flood of bogus transactions. If users see your site is down, they lose confidence and you’re at risk of losing more than one sale. Being aware of your site’s vulnerabilities and development cycles will allow you to understand where any bottlenecks may naturally occur, and how any malicious user could most likely target your site, with queries that could overload a computer processor or the upload of oversized data files. Invest in third-party firms who will test your site and expose the weaknesses in your website infrastructure. And build audit trails to highlight your site's strong foundation of internal controls.
3. Stay Payment Card Industry (PCI) compliant and perform regular PCI scans. And again, staying on top of updates with an ounce of security development can prevent more than a pound of cure if your site is hacked. In addition, include language on your site that you don’t solicit and store personal identifiable information. It’s forbidden by PCI standards, and there’s no reason any longer to store it. In addition, get rid of old data. Purge your records as soon as you can. The less information you have, the less information you have to lose.
4. Use strong Secure Socket Layer (SSL) authentication to protect your company and your customers’ financial or other important information while the website is in session. Include address verification for credit card transactions to provide additional protection against fraudulent charges for your consumers. SSL certificates are foundational for doing business on the web, and beyond information protection, any savvy customer will recognize and appreciate the website address change to ‘https://’, which indicates a secure site.
5. Structured Query Language (SQL) injection is still one of the most common ways to perpetrate data theft. And hacker forums are regularly filled with posts on the successful execution of SQL injections. Smaller businesses (who may think they are “too small” to be under attack) are particularly at-risk from highly-automated SQL injection attacks. Along with back-end coding adjustments, add extra layers of security such as complex password requirements to help ensure your site is protected from this common, yet still effective threat.
6. Enforce strong password protection. The more robust password strength you require, the better. Combinations of case-sensitive letters, numbers and special characters drastically increases your users’ password strength and your site’s front-end security. And using multi-stepped authentication can take it a step further. If you request the customer to setup a random user id/name and require both a password and the answer of a security question for authentication, you strengthen both your security and the customer’s faith in a secure interaction.
7. Implement fraud detection procedures. Despite your own best efforts, fraud does happen. Consider a fraud management service both to protect your customers, and to remove yourself of some liability if fraud occurs on your site.
8. Buy your brand terms/keywords on the various search engines. Spend the money to be the top-ranked paid search result. If a user types your company’s brand into Google and clicks on the top paid search result out of habit, it is critical to them and you that they land on your site. If you don’t buy your brand terms, your brand can be hijacked and the user could be directed to a counterfeit, look-a-like site. One bad experience is all it takes to permanently tarnish your relationship with your customer.
9. Keep your content fresh. Think of your site like a produce stand. If a user visits your site and sees an updated marketplace with fresh and ripe content, they are much more likely to transact than if they see old content with an out-of-date experience. To a user, a stale site may mean stale products, out-of-date security, and old quality standards.
10. Be transparent. Make your security commitment and privacy policies visible. It’s in your best interest to post these statements and be clear to your customers about how you operate your site safely and securely. Contact information should also be clearly visible on the site. Letting your customers know there’s an easy way to get in touch with you is an easy way to communicate openness and security.
11. Use visual cues. Place third-party endorsements and visual cues strategically. Safety seals and even a lock icon next to a password further communicates your site’s security.
12. Notify your customers of changes. Send out notifications when anything changes in their profiles (text messages, emails, even snail mail can be used). The more communication, the more secure your users will understand your site to be and the more they know you are serious about protecting their information.
13. Provide security training to your employees. Your employees need to understand your company’s security policies to the letter that you do. By making them accountable for not sharing or revealing sensitive information through mandated security practices, you help to protect your company, and you give your employees pride in doing their part to protect the people who bring them the paycheck.
There are penalties associated with not keeping your site safe and secure. And you can’t conduct business on the web without taking every step possible to protect your customers and your company, no matter the size. The security you provide will not only protect your site and your users, but it will give your users the reassurance they need to regard you as a trusted eCommerce business.