It has never been easier to set up an eCommerce website. Anyone with a wisp of industrial spirit can build an online store over the weekend, without possessing extensive knowledge of programming and payment gateways.
This is good news. We can all become entrepreneurs simply by taking pictures of all the junk pilling up in our garage and a stable internet connection.
However, when it comes to eCommerce, the hard part isn’t setting up the store, but ensuring that the site is secure. As soon as people start inputting sensitive information such as credit card details into a site, the webmaster has the huge responsibility of ensuring the safety of that information.
By nothing more than negligence, lapse webmasters can find themselves in deep water if the weaknesses in a site’s defenses are exploited.
This should not put anyone off from setting up a web store, it should merely impress upon them the importance of doing adequate research beforehand and implementing the necessary safety measures when the site is live.
Below we have outlined three of the most important factors that webmasters entering the world of ecommerce should consider.
It may seem too simple to warrant a place on this list (let alone at the top) but weak passwords and faulty password security procedures are the main reason that sites are hacked. Webmasters need to ensure that all access to the cardholder data environment (CDE) is protected by strong passwords.
The least amount of people possible should know these passwords and they should be changed regularly – especially after a suspected attack, or following a change of staff. A
ll staff passwords, even those that do not grant access to the CDE, should be strong (long, and with a variety of upper and lower case letters, numbers and punctuation marks) and regularly changed. Furthermore, customers who can log-in to your site similarly need to be aware of the importance of strong and regularly updated password.
SSL is an acronym for Secure Sockets Layer. This is an encryption technology that allows for a secure layer between your web server and your visitors web browser, allowing for the safe passage of sensitive data.
When one has acquired an SSL Certificate, they are able to implement SSL upon their site. Sites with SSL can be identified by the padlock icon in the web browser bar at the top of the webpage.
SSL Certificates can easily be acquired through established web host providers, like this like this one here from 1&1. Though the presence of an SSL Certificate shows customers and site visitors that you utilize SSL, it does not guarantee that you yourself are trustworthy.
To install this extra layer of confidence in potential customers, you can apply for an EV (extended validation) SSL, whereby the entire website and business is vetted by an external authority. An EV SSL Certificate will turn your URL green.
PCI Data Security Standard
Even with strong password practices and an SSL Certificate, sites can still be broken into and sensitive data stolen.
To reduce the likelihood of this, and to ensure that you are legally protected if a breach does occur, make sure that you are complying with the PCI Data Security Standard. This entails installing and maintaining a firewall, implementing systems and practices to guard against malware, and identifying and monitoring access to network resources.
The PCI Data Security Standard is an intimidating set of measures for a young and inexperienced eCommerce entrepreneur, but following its guidelines is wholly necessary to keep safe and secure online.