Securing Your E-Store

Although online shopping is widely accepted, many Americans still proceed with caution when shopping online. This is partially due to a lack of trust in the internet. In addition to this, many Americans have also had firsthand experience with personal information being stolen. In 2016, 41 percent of Americans encountered fraudulent charges on their credit cards and 35 percent received notices about sensitive information being leaked.
Therefore, to compete online against the big brands like Amazon, you need to make your customers feel safe and secure when they share their credit card numbers and personal information. There are several levels of security you can embed in your ecommerce site along with best practice processes you can employ to help gain customers’ trust.
  • Security certifications. The standard method for encrypting financial information sent over the Internet is called Secure Socket Layers, or SSL. When you install this capability, your site address will begin with https, with the “s” standing for “secure.” Not everyone knows to look for the “s” in the browser address bar, so consider adding visual cues, such as colored icons or badges promoting your SSL certificate.
  • Authentication layers. If your customers forget their login information, you can give them some peace of mind by requiring more than one verification layer before restoring their username or password. One popular authentication is to set up security questions that must be answered before sending a password reset email to a verified address.
  • PCI compliance. If you decide to accept credit and debit card payments directly, your ecommerce site must pass Payment Card Industry (PCI) compliance testing. If you use an off-site payment processor, like PayPal, they are responsible for meeting this guideline.
  • Data storage. It might be convenient to store personal information for your regular customers in an effort to make their future purchases easy and fast, but the more information you have on your servers, the greater the chance of cyber criminals getting their hands on it. Always encrypt any information you store.
  • Password requirements. Your ecommerce software can be configured to require long passwords, which are more secure. Also, set up a system to remind customers to change their passwords at some preset interval, such as every six months.
  • Server firewalls. A firewall is another layer of security that can help prevent Trojan and virus attacks on your server. Firewalls monitor traffic on the server and can be configured to allow only certain kinds of queries.
  • Employee education. Any employee who has access to your ecommerce site needs to be aware of online security issues and be taught ways to prevent cyber attacks and data breaches.
  • Software updates. As with personal computers, always install software and system updates as soon as they are released. Ecommerce software should have built-in security measures, which may need to be updated whenever a new hacking scheme is discovered.
  • Data backups. Always maintain redundant backups of all data. Even if you are hacked or lose data due to a server crash, you can at least restore important customer contact information so you can alert customers and provide instructions on the steps they need to take to protect their information.

Game Plan

  • Three of the most popular security companies are GeoTrustVeriSign y Thawte. These firms all offer full authentication and the latest encryption technology. Your site host must create a key and a Certificate Signing Request, which you then provide to the security company. Cost will depend on the size of your site. Shop around for the best deal.
  • SSL certificates expire, so keep your certificate current. If it expires, your customers will see a notice telling them their information may be at risk  when they proceed with their purchase.
Need Business Insurance?

Need Business Insurance?

For more than 200 years businesses have trusted The Hartford. We can help you get the right coverage with an online quote.
Iniciar cotización
The content displayed is for information only and does not constitute an endorsement by, or represent the view of, The Hartford.