eCommerce isn’t just growing, it’s evolving. Worldwide, eCommerce sales passed the $1 trillion mark for the first time in 2013, and more than 1 billion online shoppers and growing are buying products online. Big numbers like these are almost irresistible for hackers and scammers. While eBay’s data breach was one of the largest and made big news, small businesses that provide eCommerce solutions are just as vulnerable, if not more so. To keep your business and your customers protected, follow these five best practices for accepting eCommerce payments.
5 Tips For Accepting eCommerce Payments
1. Choose a Secure eCommerce Platform
Not all eCommerce platforms are the same. In fact, some are much more secure than others and taking the time to select a quality platform as the basis for your business can make all the difference. Saving money by selecting a cheaper system may not be the way to go if security is compromised.
2. PCI Compliance and Use of SSL Certificates
There are a few standards that are simply non-negotiable when you are in the eCommerce business. The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards set for merchants who process credit card payments. To be compliant, you must guarantee protection for cardholder data and implement strong access control measures. Among these are the use of SSL authentication on your website. Secure Sockets Layer (SSL) provides a layer of security between your server and your customers.
3. Don’t Store Customer Data
There are strict standards that must be met if you plan on keeping customer’s data on file. If you can avoid it, do so at all costs. Small businesses run a much larger risk of experiencing a total data breach if hackers are able to get into your payment systems. It’s been determined that nearly 95% of credit card breaches come from small businesses. Most security services recommend that you never store credit card numbers and that you regularly purge old customer records. If you keep certain records for marketing purposes, be sure that they are secure, and that you weigh their value versus the potential risk.
4. Protect Your IT Environment
Just because you have an SSL Certificate on your website, that doesn’t mean that it is secure. Your choice of web host, web server, and other security measures are crucial to maintaining the security of your payment systems and customer data. A firewall solution should be deployed to protect all aspects of your site. You will also need to set up intrusion-detection systems/intrusion-prevention systems (IDS/IPS) to monitor and block malicious traffic.
5. Keep Systems Up to Date
It’s a fact that out-of-date systems are vulnerable to attack. As soon as an update is available for any aspect of your system, it should be implemented immediately. These updates often have security patches in them that can save you from being compromised. Updates may come for common programs such as WordPress, Joomla, ZenCart, or Shopify. On the server side, there may be updates to c-panel, SQL, PHP and security systems that are running as part of your IT environment. One thing that many breached websites have in common is that they run on old versions of software. Keeping these updated can help you avoid disaster.
Protecting eCommerce sites from being hacked may sound like a full-time job, but it’s not. Keeping your data as well as your clients information secure is an integral part of doing business and maintaining trust. While it is serious business, doing these simple practices can ensure that your business and its’ future remains safeguarded.