Why are ecommerce sites such popular targets
Think about it – you have credit card details, sensitive customer information and valuable products up for grabs. If an e-commerce shop was a bricks-and-mortar store, you would have layers of security in place: burglar bars, an alarm, cameras, product tags, door sensors and more. You’d aim to reach the security standards of ‘Ford Knox’ – the famous American gold vault. Rumor has it that Fort Knox is protected by a lawn laden with landmines, ground-sweeping radars, laser triggered machine guns and a vault door that weighs more than 20 tons. And, if that weren’t enough, around 30,000 soldiers, tanks, helicopters, artillery and more will be waiting for you just outside the gates.
If you had to compare the top-notch security of Fort Knox to your site, how would you compare? Here are some of the basic e-commerce security controls to know:
Ecommerce security basics
Even if you are using payment gateways, you must take a few vital steps to protect your customers’ data. Make sure that every web page on your site that deals with secure data is SSL (Secure Sockets Layer) certified, and that your payment gateway is compliant with the Payment Card Industry Data Security Standard (PCI DSS). This is a set of standards that the credit and debit card industry has set for merchants who process card payments.
Don’t store customer data
Experts advise companies to regularly clear out old customer records. All you really need are email addresses or other contact details for marketing purposes, so delete all credit card numbers, CVV numbers and expiration dates (this is not allowed under PCI regulations anyway).
Choose a strong address and card verification system
To reduce fraudulent transactions, it’s imperative to enable an address verification system (AVS) and to require the card verification value (CVV) for credit card transactions.
Advocate strong passwords and offer extra password security
Most shoppers these days know what makes a password more difficult to hack. For those who don’t, prompt them to use a strong mix of numbers, characters and symbols when signing up, and ensure there’s a minimum character limit. When it comes to resetting passwords and other sensitive data, two-factor authentication is a must. SMS verification remains a popular way of safeguarding your shoppers. By asking shoppers to provide a mobile number at sign-up, the user will receive a randomly generated one-time PIN (OTP), which they then enter on the web page they are trying to access. You could also offer optional opt-ins for added security – for example, send an OTP at every login attempt.
Add multiple layers of security
Just like a real-life shop, the more layers a cyber criminal has to break through to get to secure information, the better. From firewalls to application-level controls such as cross-site scripting and SQL injections, be as thorough as you can to build your customers’ trust.
Keep an eye out for security patches
As soon as a security patch is released, you should jump at the chance to install it – especially with popular software such as Wordpress and web apps like OSCommerce.
If your site is not implementing at least half of these controls, then your e-commerce security is not so much Fort Knox as it is rusty padlock. But thanks to Clickatell, you can do something about it right now. Read more about our 2FA plugin for Wordpress e-commerce sites and how you can easily integrate it into your site.