There has literally never been a better time to open an ecommerce store and sell your products or services online. If you’ve just done so – congratulations! You’ve already done most of the hard work of deciding what to sell, choosing your ecommerce platform and setting it up for success. But before you can really get down to business you need to make sure your website is secure for both you and your customers. The last thing your business can afford is to put your customers and brand at risk.
It’s important to protect your online store against cybercriminals who are out to commit fraud and identity theft. Although malicious attacks may come in many forms, including Structured Query Language (SQL) injections, phishing, malware infections, Cross-Site Scripting (XSS) and Denial of Service (DoS) attacks, they all have the same goal: to access important information like your passwords and your customers’ credit card details. If this were to happen it would be disastrous for your customers and your brand’s reputation. Existing customers would be hesitant to return and new shoppers would be extra wary about shopping on your online store.
How to keep your ecommerce store secure
If your business involves getting paid online you need to make sure that your website is secure for both your and your customers peace of mind. We’ve asked PayFast's Risk & Compliance team for their top tips on what you can do to make sure your ecommerce website is secure.
1. Conduct regular security audits on your website
Keeping your online store secure is an ongoing process that you need to take seriously. Ever so often you should conduct a security audit by going through the following checklist:
- Is your shopping cart software and plugins up-to-date?
- Is your SSL certificate current and working?
- Is your online store PCI-DSS compliant?
- Are you backing up your online store often enough, i.e. at least once a week?
- Are you using strong passwords (Passphrase) for admin accounts, hosting dashboards, content management system (CMS), database and File Transfer Protocol (FTP) access?
- Are you scanning your website regularly for malware?
- Are you encrypting communication between your store and your customers and suppliers?
- Have you removed inactive plugins?
If you aren’t tech savvy or don’t have the time or resources to monitor your website’s security, it’s recommended that you hire an online security specialist to assist you.
2. Make sure your online store is PCI compliant
If you accept credit card payments online then you must be PCI compliant. PCI, which stands for Payment Card Industry, are standards for compliance that were developed and managed by the PCI Security Standards Council to ensure the security of credit card transactions in the payments industry.
If you choose a payment gateway like PayFast then this is one important step you won’t have to worry about, as we handle it for you. PayFast is a PCI-DSS Level 1 Service Provider, and since we process payments on our secure payment engine you’ll never have to worry about being PCI compliant because credit card details will never be handled on your website.
3. Choose a payment gateway that uses 3D Secure
One of the most important things that you need to make sure of is choosing the right payment gateway to facilitate your online payments. While it’s beneficial to choose a payment gateway with low fees, it’s important to make sure that it’s reliable and meets all of your security requirements.
It’s highly recommended that you choose a payment gateway that employs a compulsory 3D Secure on credit card transactions. 3D Secure is an authentication procedure that provides an extra layer of security for all online transactions using a credit card, where the shopper is required to to enter a password or a one-time pin to confirm the transaction. 3D Secure not only ensures that the payment gateway is protected against chargebacks for fraud, but it can also in most cases defend against any chargeback received, reducing loss of fraud should you be targeted.
You can’t ignore ecommerce security
Running an ecommerce website should be a rewarding experience as long as you follow all of the necessary security precautions outlined above to help keep your and your customers sensitive information safe. Making sure your ecommerce store is secure is a worthy investment for your business that you can’t afford to ignore.