How and why should you protect your e-commerce site?
Over the past number of years, there has been a monumental increase in the amount of business conducted electronically, and as a result, this has led to a lot of security issues particularly in mobile commerce. E-commerce Security includes a number of areas including privacy, integrity, authentication, and non-repudiation. A breach in any of these areas can result in major problems chargebacks for an online vendor, a purchaser, or both. Hackers try to steal credit card and other sensitive information from eCommerce sites daily. To protect and reassure your customers, it’s important to know how to protect your e-business and your sensitive customer data. One major breach chargebacks, system someone stealing your business name or copying your products; could mean the end of your business. Hack The main cyber-criminal activities can be grouped into the following themes: Defacing – Involves editing or replacing content on your site and is sometimes known as ‘digital graffiti’. This could be a targeted attack to undermine your clients’ trust in your business, or perhaps something politically motivated to further someone else’s message. Spamming – Sends out emails, sometimes with advertising and sometimes with phishing scams. Messages are often sent out repeatedly and in bulk, and it could be to any email address including those associated with your website or hosting. Your server can be blacklisted because of spamming, preventing you from sending legitimate emails. Phishing – Exploits the trust of a user to obtain login details, personal details or financial information. This can be used to gain access to email inboxes or other password protected areas. Malware – Designed to infect a system and cause it harm, making changes against the user’s will and knowledge. It’s a general term covering anything from viruses to advertising software (adware). It can force the user into a network of other hacked devices controlled remotely by the hacker. These networks are often used for DDoS attacks. DDoS attacks – Use the network of devices behind them to bombard a site a system with waves of traffic or requests that overwhelm the system and take it offline. Your site could be a victim of this, or if it is part of the network used to attack others, it could be taken offline by your host or server provider when it is detected. Some of these attacks, e.g. DDoS, will also affect other websites on the same server.  So when you are considering your hosting options please check if your provider applies security updates to all the software. Content injection – Black hat SEO technique (Search Engine Optimisation in violation of the search engine guidelines) that involves inserting links to other websites into your site. This could be to increase the traffic of another website or to generate click-through revenue. Some of these will be visible and some of them won’t be, but search engines will be able to find them and may blacklist your website from SERPs (Search Engine Results Pages) meaning your customers wouldn’t be able to find you. Interception of data – Containing credit card numbers or addresses is a possibility on insecure sites. The data is used by criminals to sell on, make purchases and all sorts of other criminal activities. If your site handles this kind of information, and you have not taken appropriate measures, such as installing security updates and implementing HTTPS (SSL) to encrypt data for all sites that take payment online, then you could be prosecuted under the UK Data Protection Act (under paragraphs 18-27). Any of these types of attacks are bad for business. Your site could go down completely or your customers could become confused or annoyed at suspicious emails or advertising emails not related to your brand. In extreme cases, personal details of your clients or commercially sensitive data could be stolen. Your website could also suffer a fall in traffic and rank due to search engine algorithms no longer classing your site as trustworthy. Here are some ways you can protect your site:
Choose a secure eCommerce platform. 
If you’re with a cheap host that offers as much disk space and bandwidth as you want, all for a couple of pounds a year, you should think again. You’re probably squeezed in with thousands of other bargain hunters. The chances are they’re careless about updating their software so hackers can exploit them and at worst they’re probably sending tons of spam relating to all sorts of dodgy products and services. The problem here is that pretty soon the server gets a bad reputation. That means it’s IP address is probably on loads of blacklists, in turn your emails don’t get through and your position in the search engine results in decreases. So if you’re serious about E-commerce the best way to avoid these issues altogether is to migrate your website over to Certa or move your site to a Virtual Private Server or VPS for short. With VPS you get full control over the hosting and you’re not sharing with other businesses. VPS is very powerful, you can have dedicated resources allocated to you that you don’t have to share – things like CPU and RAM. This means your site will not only be more secure but also much, much faster.
Stop collecting or saving customer data 
Hackers and identity thieves cannot steal what you don’t have. Do not collect or save any private customer data through your e-commerce site that is not essential to your business. When it comes to processing credit cards, use an encrypted checkout terminal to eliminate the need for your own servers to ever see the customer’s credit card data. This might be slightly more inconvenient at checkout time for your customers, but it comes with high benefits that overshadow the risk of compromising their credit card numbers.
SSL/TLS encryption 
You must encrypt all communications between the website and browsers when transmitting confidential information. However to keep hackers at bay, maintain current encryption algorithms such as the latest versions of SSL (Secure Sockets Layer) or TLS (Transport Security Layer). Although some refer to TLS as SSL, and there is a technical difference, it’s probably not something you need to worry about. What’s important is that you avoid vulnerable versions of the encryption library. SSL is the standard when it comes to securing online transactions. SSL certificate authenticates the identity of users and encrypts data while at store and transit. Implementing SSL is essential for E-commerce websites to establish secure connectivity between the end-user systems and your website. The padlock icon with HTTPS in the address bar is an essential requirement for providing their personal details and credit card information. If the consumers believe that a vendor is doing everything possible to secure their transactions, they are more likely to do business with them.
Consider Two Factor Authentication
Stolen or compromised user credentials are a common cause of web security breaches. There are multiple ‘phishing’ ways to steal or guess valid user credentials and compromise the security of your online store. That is where the need for a proven user authentication mechanism arises. It is a foundation for securing your online store from hacking attempts. Many E-commerce sites are implementing two-factor authentication (2FA) to add an extra layer of security to their online stores. Two-factor authentication is a security process in which a valid user needs to provide two means of identification one is typically the username/password combo, while the second one is usually a code generated in real-time and sent to a verified phone owned by the user. Hackers might crack the password, but they cannot steal this code, which usually expires after a short duration.
Check your updates
Regardless of what technology you use for your Website (i.e., WordPress, Joomla, Drupal, non-CMS) you have to be mindful of tools, plugins, extensions that are integrated into your platform. Security updates fix vulnerabilities in systems to prevent them being exploited by unauthorised users. Keep your website secure from known vulnerabilities in the CMS software. Additionally, the server software should be updated regularly. This is the responsibility of the company hosting your website – so be sure to check your hosting company has these measures in place.

Add a comment

Your email address will not be published. Required fields are marked *