How to Protect Your Web or Mobile E-Commerce Project from Identity Thefts and Fraud
February 7th, 2017
We're living in a time when you can buy pretty much anything online - from 30-Day emergency food supply to life-sized Bigfoot statue to a house in Nevada. However, what should be done in regards to security measures to ensure that your e-commerce customers’ data will be safe and sound and away from thieves? Let’s talk about that.
Security is critical for both B2B e-commerce sites and users since it involves bank and credit card details, e-mail, as well as the physical address of a person or business. Considering the implications of an identity theft, here ar a few things to consider when you are thinking about starting (or revamping your old) e-commerce project.
Use Safe Platform
There are ready-made solutions like Wordpress CMS and other that are alluring because they are so easy to set up.
However, the experts say it’s better to avoid popular platforms if you don’t get too deep in it. The reason for this advice is simple: if someone found a vulnerability in that system, it will be applicable for most of the websites as well. Also, avoid standard database structures.
If you don’t want to re-create a bicycle, then at least make sure you use the latest stable version of your platform.
Setup Alerts
Alert systems that detect suspicious activity are incredibly useful as well. Alerts might be triggered by activity from a single account or IP address, where multiple disparate transactions are taking place and use different credit cards. Another thing to look for is shopping with too many shipping locations.
Chances are it might be one person who is buying a bunch of presents for his friends and shipping it to their homes around the world… but that does not happen every day, does it?
Follow PCI DSS
PCI DSS stands for Payment Card Industry Data Security Standard. Make sure your store is proactively protecting your customer's data and complies with all the requirements.
Visa and MasterCard require this standard to be in place for all the merchants using their systems.
The standard is separated into six “control objectives” or steps:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Install SSL (Secure Sockets Layer) & Secure Hosting
You might have noticed that many sites have switched to https in January of 2017. That additional “s” stands for “secure” and shows that an SSL certificate is active on this site.
Partly, that’s because people understand the dangers of sharing sensitive information freely. Partly, it’s because Google now demands sites to be secure if they want to have a chance to be in the search results’ top.
It is relatively easy to comply with this requirement: buy a certificate and install it on your website. There are even organizations like Let's Encrypt that offer free certificates. One thing to keep in mind, however - double check the links on your website to make sure they all work and take the customer back to unsecured part of the website.
Since we’ve talked about SSL, it would be good to mention secure hosting or VPS (virtual private server) as well. These instruments offer an additional layer of protection from DDoS attacks.
Delete it if you don’t need it
On the one hand, it’s convenient when the website auto-fills your information for you. No need for all that typing and checking.
On the other hand, it is better to get rid of sensitive information that is useless for you as a website owner. Storing the information for longer than necessary creates an unnecessary temptation for hackers.
What to do? You can save the sensitive info for a period when customers can return their purchase (so that all the data is there). Tracking your orders will also be helpful here since you can identify and fight chargeback frauds.
Another reason to keep sensitive data for some time is if you are holding a contest or special offer (maintain the data until the day the results are announced).
Require strong passwords
It can be a pain in the neck sometimes, but your customers will be grateful that their data is secured not by a password like “12345678” or “Password,” but with something more substantial.
Aside note: your users will be more compliant if you explain that this is a necessary step to avoid hackers guessing their passwords in brute force attacks.
Have an Antivirus & Backup
Last, but not least, these two things might seem too banal even to mention. However, the up-to-date website malware scanners and automated backup systems are a must.
You can never know what might happen, but it’s better to protect oneself from the issues that are identified.
Need e-commerce project development? We work with ORO Commerce, OpenCart, and Magento.
