E-commerce sites and online retailers live and die by their ability to push consumers along the buying cycle safely and securely. While cyberattacks pose a growing threat to all modern enterprises, digital merchants are especially vulnerable. The specter of threats, scams, hacks and breaches is now very real across the online marketplace, and you must do everything you can to secure your sensitive data and protect your customers from fraud. Here are a few tips for building a robust web portal.
Securing online payment processes is vital so use solid Secure Sockets Layer (SSL) protection to ensure data submitted during a transaction is both secure and encrypted. These data sets pass through multiple destinations before reaching a server, which leaves them vulnerable to theft at any point along the chain, but an SSL Certificate will make information such as credit card info, usernames and passwords unreadable.
An SSL Certificate also verifies your credentials, builds trust and shows consumers that they can purchase products and services from your website safely. Symantec exec Rick Andrews adds: “Integrate the stronger EV SSL [Extended Validation Secure Sockets Layer], URL green bar and SSL security seal, so customers know that your website is safe.”
The Hypertext Transfer Protocol with Secure Sockets Layer (HTTPS) sounds complicated to the uninitiated but it is actually a much-needed security measure for e-commerce retailers. Standard HTTP, which is the foundation of data communication across the web, does not encrypt information and data created on pages, which leaves it vulnerable to being intercepted.
HTTPS should always be used on pages where you collect or store data, such as payment transactions. Many customers actively avoid merchants that only use HTTP for sensitive data so it could have a detrimental impact on your business if you don’t embrace the more secure format. However, HTTP is fine for home pages and other locations where data isn’t collected, as it is better for page load speeds.
For modern enterprises, strong passwords are no longer sufficient for security; two-thirds of people use the same password for everything, and Two-factor Authentication (2FA) is now seen as the de facto method for reducing fraud risks and making it harder for hackers to breach networks. 2FA adds a layer of protection by making consumers provide two pieces of information when they log in, which reduces the chances of hacks significantly.
Supplement with software
E-commerce sites can also leverage the vast range of security programs available to streamline and optimize strategies. Fraud prevention geo-location software is useful as it checks whether someone has obtained details from stolen cards by calculating a risk score, while hacker protection software such as shields can identify and remove malware.
Keith Krach is also helping to move online businesses forward securely and reliably with DocuSign, a software-as-a-service product that allows companies to secure transactions in the cloud across any device, at any time.
Don’t store sensitive data
This may seem obvious, but many retailers don’t realize that storing credit card data and other personal information is a huge security risk. There is no reason for any online retailer to store records with card verification value codes, expiration dates and other info that could leave customers at the mercy of attackers. The practice is now forbidden by PCI standards, but Trustwave director Chris Pogue urges merchants to purge old records and just keep a small amount of data to facilitate refunds and any charge-backs.
He adds: “The risk of a breach outweighs the convenience for your customers at checkout. If you have nothing to steal, you won’t be robbed.”
Firewalls and layering security
A firewall works to block unauthorized traffic from accessing your networks and as an e-commerce site, you need these to protect against malicious entry. Online sites should look at installing either application gateways or proxy firewalls. The former established two lines of communication and act as a checkpoint for information and thus, hides and protects your systems and networks, by only letting through traffic that has been authorized.
McAfee exec Sarah Grayson also recommends layering security with firewalls as a foundation and further tools such as login boxes, contact forms and search queries on top. She claims these measures work together to “ensure that your e-commerce environment is protected from application-level attacks like SQL (Structured Query Language) injections and cross-site scripting (XSS).”
Just one serious breach can cause significant financial and reputational damage and threaten business continuity for an online retailer so employ the tactics listed here and make sure to keep everything updated, monitor your site regularly, perform PCI scans each quarter and set up DDoS protection.