[BreachExchange] FIVE ECOMMERCE SECURITY BEST PRACTICES
Destry Winant
destry at riskbasedsecurity.com
Wed Apr 3 07:44:44 EDT 2019
https://neconnected.co.uk/five-ecommerce-security-best-practices/
Even while consumers are exhibiting increasing comfort with shopping
online, many of them still express security concerns. It makes sense
when you think about it. Every year seems to bring a fresh round of
high-profile data security breaches. If hackers can get to the CIA and
Equifax, how much of a chance does the average ecommerce platform have
to ward off attacks? While nothing digital is hack-proof, you can at
least make it more difficult for interlopers to invade your site with
these five ecommerce security best practices.
PLATFORM CHOICE
When you’re deciding which platform upon which to base your ecommerce
site, you’ll do well to consider its built-in defenses. One of the
main questions you should ask any ecommerce platform provider, as well
as any potential hosting service, is whether the offering is PCI
compliant. Payment card industry compliance is absolutely necessary if
you’re going to accept credit card payments—the life-blood of the
ecommerce industry. You should also confirm all provided software is
the latest version. Updates are usually implemented after an instance
of hacking to defend against a recurrence.
SECURE SOCKETS LAYER CERTIFICATES
Type your site’s URL into the address bar of a browser window. If your
URL comes up with the HTTPS prefix and a green padlock when it loads,
your site has SSL encryption in place. This scrambles transmissions
between your server and your customer’s machines to prevent anyone who
might intercept the data from reading it.
Here, it’s a good idea to remember what ecommerce is. Shopify, a
leading provider of ecommerce platforms, defines it as the buying and
selling of goods and services over the internet.
This means payment information gets transferred. With SSL enabled on
every page of your site, as well as in your videos, blog and social
media, your data will be protected while it is in transit.
EMPLOY TWO-FACTOR AUTHENTICATION
Yes, we know everything you’ve ever read about optimizing your user
experience says to keep the shopper’s path to purchase as free of
obstacles as possible. However, this one extra step could save your
business far more than it costs in bounced customers.
After all, if a buyer’s personally identifiable data is
compromised—and it can be proven it was due to your negligence—you’ll
be on the hook for reimbursing the losses incurred.
Two-facor authentication asks shoppers to provide another piece of
information along with their password to prove they have the right to
use the payment method they employ. This can be as simple as requiring
purchasers to provide the three-digit code on the back of a credit
card to prove it’s in their possession.
PERFORM SOFTWARE UPDATES IMMEDIATELY
As we mentioned above, whenever a threat is revealed, the good guys
immediately start reworking the source code to eliminate the
vulnerability the bad guys exploited. A software upgrade is issued
when they’re done. If you put off your updates, you’ll leave your
customers susceptible to attack. Updating your software immediately
upon issuance is critical to sire security.
USE A PRIVATE SERVER
Your site is only as secure as the sites with which it shares a
server. In other words, if a hacker can get into one house in your
neighborhood, it’s just a matter of time until they figure out how to
poke around in yours too.
If you have a private server, you eliminate this possibility. However,
if this is cost prohibitive, choose a hosting firm capable of storing
your site on a virtual private server. These have partitions built in
to prevent the spread of disease among the sites on the server.
These five ecommerce security best practices will help you fortify
your site against interlopers. Another smart move is educating your
employees and your customers regarding the importance of security
measures. You’ll help your employees protect their jobs, even while
enabling your customers to aid in the defense of their data.
More information about the BreachExchange
mailing list