Why is cyber security important to ecommerce retailers?
As shopping online becomes increasingly popular, customers are becoming increasingly savvy. They expect to be able to carry out their online transactions safely, without compromising their personal financial details, such as credit cards. Building trust with your customers is a fundamental aspect of a successful e-business.
What are the security risks for ecommerce retailers?
Ecommerce retailers need to understand the risks, both to their customers and to their business. Online crime – or cybercrime – is growing. Cyber criminals are opportunistic. They are looking continuously for weaknesses in computer systems, through which they can steal information for financial gain.
The risks include: hackers stealing your customer’s credit card details and business information, defacing your business website, diverting your website to a dodgy website, scams and fraud (e.g. bogus orders, use of stolen credit cards). All of this can have implications for the financial success and reputation of your business. It can also result in blacklisting of your website by search providers such as Google – with an obvious impact on how your business is advertised online.
What steps should ecommerce retailers take to ensure their website is secure?
There are a number of things ecommerce retailers - and their web developers - should do.
- Keep your software up to date – including the software on your web server operating system and any software or applications on your website (e.g. customer forms, customer management systems, log-ins, search queries).
- Use layers of security – including a Web Application Firewall and security plug-ins – to boost the security of your website.
- Make sure there are secure and encrypted communications between your website and internet browsers through SSL certification. This will make it harder for sensitive information such as customers’ credit card details, passwords etc to be hacked. Customers can recognise a secure website through the padlock icon and the use of https:// in the address bar.
- Use different and complex passwords to access the website server and business database. Limit staff access to the website server (and delete access for those who no longer need it such as former staff). Do not use default or obvious user names such as “admin”.
- Ensure that the website host company is scanning the site and can report, in real time, any unusual activity so that prompt action can be taken to limit damage from malware.
- Maintain a back-up of your website on a separate computer.
- Have your website security professionally tested (“penetration testing”).
How should ecommerce retailers ensure that they are using a secure online payments system?
This is really important both for your e-business and for your customers. Talk to your bank or a reputable payment company to ensure that you are doing all you can to provide a secure online payment process. Credit card companies require that businesses have taken adequate steps to protect credit card information.
This story was originally published in NZ Retail magazine issue 739, August/September 2015.