Cyber-attacks are on the increase and many companies remain unprotected. There are more online transactions at Christmas than at any other time in the calendar year and companies must ensure their ecommerce site is secure and trusted in order to keep their reputation intact.
When customers go Christmas shopping online, they are looking for a protected, safe method of payment – failure to deliver this service could result in devastating consequences for your business. Just look at some of the recent high-profile cases including the TalkTalk hack, which has seen the company sluggishly attempt to recover.
Only high-profile cases of data breaches are reported by the media but many thousands of smaller cases do happen on a regular basis. Since the start of August 2015, there have been 45 million hack attempts against online retailers detected, according to ThreatMetrix. That’s an increase of 25% on the previous quarter. And according to the security technology company, there were 11.4 fraudulent transactions over the Christmas period last year.
Ashley Madison, eBay, AOL, Target, Home Depot, Sony, Anthem and JPMorgan Chase are just some of the high-profile companies which have seen their data protections breached in the past. The results can be long-lasting and financially crippling when your company’s security is found to have been breached.
Hackers are becoming increasingly sophisticated and according to the BBC, more than two thirds of firms say that they feel inadequately protected from what is a growing problem for small-to-medium enterprises (SMEs).
Protecting your reputation
In order to protect your company’s long-term reputation, you must ensure that your ecommerce security is paramount. Customers put a huge amount of trust in your system when buying products from you, so you must ensure you have a secure server to protect them. Here are five tips on maintaining security:
- Don’t keep payment data: Once the customer’s payment has gone through, there’s no real reason to keep their personal payment details on record. They expect their details to be protected and secure, so that must be done. It’s fairly simple with today’s processes, as providers such as PayPal, Braintree and Authorize.Net offer services directly through them, therefore bypassing your system completely and minimising the risk of details being hacked.
- Train your staff: Your employees should be legally trained on the laws and policies of protecting customer data and keeping information secure. Make sure they are fully aware of protocols, guidelines and policies in order to cut mistakes. Be vigilant and enforce these regulations in order to keep security paramount.
- Secure your server: Perform regular PCI scans to monitor for issues that hackers know your ecommerce site could be vulnerable to. You also need to make sure your software is fully updated – this is one of the most common ways for hackers to breach a system. There are many services that will scan your website for possible vulnerabilities and malware. Try to avoid shared hosting too.
- Secure your ecommerce platform: Regular scans will monitor vulnerabilities which hackers may find. Patches are released to fix those vulnerabilities, so make sure yours is as up-to-date as possible. There are two common ways which hackers are able to get into your site. One is an SQL injection, where hackers use a form on the site to inject a malicious data. The second is cross-site scripting, where hackers inject an error into your system. These can both be prevented with constant development of your ecommerce platform, which could save your company thousands of pounds in the long-run.
- Follow regulations: Quite simply, there are a set of rules and regulations which must be abided by for merchants who process card payments. You need to use SSL-certificated gateways for your check out and be PCI compliant in order to protect the cardholders’ data. Hold strong access control measures and use a Secure Sockets Layer (SSL) authentication to provide secure communication between the customer and your company’s server.
Get in touch with me at firstname.lastname@example.org or on +44 (0) 203 542 8689 if you’d like to discuss protecting your ecommerce reputation.