January 29, 2016
It seems that you can’t shop anywhere online without having to be wary of where you enter your credit card information. What with stories about shadowy online hacking groups, Target’s data hacking scandal, and Chick-Fil-A’s credit card records being breached, online customers are jumpy.
It’s a given that you want your customers to feel safe and sound when they shop with you. However, in today’s online environment, hacking and identity theft are not idle threats, so, if your customers feel like their data is being taken care of, they are more likely to remain loyal. Now, the question is, how do you ensure not only that your customers are secure, but that they also feel like they are?
Although it may seem like a good idea to store your customers’ information in your database, think again. Data is one of today’s currencies, and, the more you have access to, the more likely your business will become a target for fraud. Keeping just enough data for handling chargebacks and refunds for your customers is sufficient. Purging the rest of their information helps ensure that your data won’t be mined and your customers remain safe.
This security measure is so critical that “it is forbidden by the PCI Standards,” says Chris Pogue, director of Digital Forensics and Incident Response at Trustwave. He emphasizes that “The risk of breach outweighs the convenience for your customers at checkout.”
Securing payments is another important facet of protecting your clients’ identities. When accepting payments from credit cards, require the card verification value (CVV) in order to reduce fraudulent transactions. Additionally, activate an address verification system (AVS) to double check that the credit card being used is indeed in the possession of its original owner. Taking both these precautions can help offer peace of mind to those interacting with your e-commerce site.
On the off chance that these security measures are somehow breached, make sure that you have a system set up to alert you. Set your system to track strange patterns such as:
Passwords help customers protect themselves. While it is your responsibility as the business owner to protect your customers’ data on the back end, giving a strict set of guidelines to customers when they create their passwords can help them feel more secure. Passwords should generally be complex. Six to ten characters with numbers and symbols mixed in make it significantly harder for anyone to hack accounts from the front-end.
Layering is more than just fashionable; use the trend with your cyber security, too. Using multiple levels of security is one of the best ways to keep out cybercriminals. When setting up your tiered security system, your first security layer should be a firewall. Use a firewall to restrict access to your network and servers. If you leave your network open to prying eyes, then you leave your customers’ data out on a silver platter. You can add extra layers of protection to your firewall with data encryption, contact forms, and login fields. Each additional layer between your business and the open Internet allows your customers’ data to remain that much more secure.
Also make sure to perform regular Payment Card Industry (PCI) scans and patch your systems. Always have the latest versions of any third-party software that you use, and patch everything immediately. Any software that is not up to date opens a hole through which criminals can access your data. A few hours of development maintenance, now, can save your business in the future.
In addition to providing security on your online site, make sure that you provide security training to your employees. Each member of your business should be educated on the laws and policies surrounding customer data and be trained on how they can safeguard it.
Use 21st-century analytics to your advantage and track your website in real time. Observe how your customers are navigating and interacting with your site. Paying close attention to behavior on your site will help you catch suspicious activity before it reaches a critical level. Furthermore, make sure that whoever is hosting your website routinely scans for malware, viruses, and hacking attempts. Protect your data from every direction!