How safe is your online shop?

Published on August 21, 2012 How safe is your online shop?

If you are opening an online store, ensuring your site offers a secure shopping experience is not only important, it’s essential.

This guide is a quick list of some of the things you need to ensure you check before making your online store website live. Please note that Ozcart™ websites help you cover off all of these.

Compliance with mandatory PCI DSS standards

The principal payment processors of the credit card industry, primarily Visa and MasterCard have come up with a set of mandatory security standards known as PCI DSS standards – which cover both the technology that processes your payments to the business processes that you use. If you don’t use a shopping cart that adheres to these standards and your payments are compromised, it’s like driving a car without at least third party insurance. Don’t get caught short.

You’ll need to cover off things like your policies for setting password lengths and how frequently you change them, what you do when you get contractors to do work on your systems, and how you manage credit card information given to you outside of your website – e.g. over the phone. Your web server at your web host will also need to pass a set of over tens of thousands of security tests and be audited on at least a quarterly basis by an approved security scanner in order to be compliant.

SSL encryption

SSL is a technology that protects private information from being snooped on when it’s being transmitted from your website to your payment provider. It’s like putting your information in a safe before it’s taken to the bank. SSL encryption is not always offered on hosting accounts so it’s worth checking if your hosting provider offers it. SSL comes free for the first year on all Ozcart packages, and renews at competitive annual prices after that.

An SSL protected site shows a padlock on the secure pages of your site (login and checkout) to show customers your site is protected. It’s not mandatory for you to have this technology for some payment processors, but well recommended – because end customers don’t know the ins and outs of whether you needed it or not.

Security Features to look for

Some other essential security features to check when choosing a shopping cart, include:

• How credit card payments are collected – do they redirect to a certified, secure, payment processor’s website or are they collected via your own website? If they’re collected via your own website how secure is that website and does it comply with every security requirement of the credit card payment industry?
• Does the site’s software or the server have processes in place to prevent against “cross site scripting” (XSS) attacks? These are attacks where certain “commands” are put in to the url of a request to your web server to attempt to trick the web server into doing something it shouldn’t like divulge private information or allow login as an admin – akin to a computer virus for a web site
• Does the site’s software or the server have processes in place to prevent “denial of service” attacks on your website?
• Does your hosting provider proactively make changes to the software scripts you are using for your shopping cart to incorporate fixes for the cart as they become available?

Security is essential to your site for generating positive pre-sale perceptions amongst customers and avoiding a lot of bad press.