Ecommerce sites have become commonplace nowadays, with more and more retailers allowing consumers to browse and purchase their items online.
With so many brands competing for attention in the vastly crowded online space, companies need to position themselves well above their rivals by guaranteeing that their site excels in three key areas; efficiency, ease of use and security.
It is easy to forget the high volume of personal information that consumers provide when using an ecommerce website. Paying for items online has become so ingrained within our purchasing behaviour that consumers have learnt to completely trust familiar websites, often entering their home address, card details and date of birth without giving it a second thought. Due to the common nature of online shopping, we often fail to consider just how damaging a breach of security could be, but it would be disastrous if this information fell into the hands of criminals.
Despite advancements in the technology used in ecommerce security systems, they are still a target for hackers and fraudulent activity. According to Symantec, web-based attacks increased by 23% in 2013, a figure which will no doubt continue to grow. Therefore, retailers need to ensure that they are vigilantly enforcing safety regulations to make their online ventures as secure as possible.
Use SSL-certificated gateways for your check out and be PCI compliant
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that merchants who process card payments must adhere to. To fully comply, ecommerce merchants must be able to ensure protection for cardholder data and hold strong access control measures.
All businesses that store, transmit and process cardholder data must make sure that their website is PCI compliant and uses a Secure Sockets Layer (SSL) authentication, which provides a secure communication between customers and the server. Consumers put a lot of trust in your sites by entering their payment information, so ensuring that you have a secure server is essential to protect your customers and your own company from getting their financial and important personal data stolen.
Don't store customer data for longer than you need it
There is no reason to keep hold of sensitive customer information such as payment card details, personal addresses or expiration dates for longer than you need them.
Perform regular PCI scans and patch updates
Perform regular PCI scans to monitor for issues that hackers know your ecommerce site could be vulnerable to. It is also crucial that your site is running the latest and most up to date versions of its software.
One of the most common issues that sites that have been breached have is not installing regular security patches on their software. Apps like OSCommerce and ZenCart are regular targets for hackers and should be consistently scanned for updates. Patch your system as soon as a new version of software is released. A few hours of extra development time could potentially save your company and customers a huge amount of stress in the future.
Make sure all employees are security trained
It is recommended that all employees should have a standard DBS (CRB) check before employment can commence. This guarantees that they have never been involved in any fraudulent or criminal activity, as they will be exposed to huge amounts of sensitive data. You can garner more information about standard DBS checks here.
Employees should also be legally trained on the laws and policies of protecting customer data and keeping information secure. You should provide them with written guidelines and policies to allow them to reinforce protocols and feel confident in the delivery of complete security practices.
By Heather Gilroy, Brand Development Manager at Personnel Checks.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus