Five Website Security Do’s and Don’ts for Online Merchants
As we get closer to the end of summer, most merchants are already in the midst of preparing for another busy fall/winter shopping season. However, amid the chaos, it’s important to take a look at your website’s current features—most importantly security—in order to assess what needs improvement before it’s too late.
Aside from cosmetic and content updates, the right security measures are necessary to provide customers with an optimal shopping experience. Below are some do’s and don’ts merchants should be aware of with regard to website security.
Do: Implement a Strong Firewall
Firewalls are essential for stopping cybercriminals before they get into your network and gain access to critical information. Web application firewalls will ensure that your eCommerce environment is protected from application-level attacks like SQL injections (Structured Query Language) and cross-site scripting (XSS).
Additionally, your firewall should include intrusion prevention and detection capabilities to guard against denial of service attacks (DDoS). The consequences of not having these measures in place will be much worse in the long run, and if shoppers see your site is down, they may lose confidence in your business.
Don’t: Forgo SSL Encryption
Aside from firewalls, another level of mandatory protection is SSL (Secure Socket Layer) session encryption. This level of encryption should be assigned to every transaction made by customers on your site. SSL certification is represented by web addresses beginning with “https” and ensures that payment data is encrypted at every stage of a transaction.
In order to achieve this, you must purchase the SSL certification service and renew it every one to two years. While some merchants may feel like it is an added expense, without it you risk losing potential buyers as well as leaving your site vulnerable to wireless sniffing and other attacks.
Do: Incorporate Trustmarks
Aside from employing backend security, displaying a security seal or trustmark is a great way to take that additional step and provide assurance to new visitors, especially during the holidays. There are multiple types to choose from, and finding the right combination for your business will improve conversions and consumer confidence.
Perceived security is a huge factor in the success of online retail stores, and the result on both desktop and mobile sales conversions is undeniable when trustmarks are displayed on the home and checkout pages.
Don’t: Skimp on Additional Security
Justifying the additional costs that some security measures add can be difficult in the beginning, but the consequences of a breach are far more expensive. One way to add in an extra layer of security is through partnering with an outside security vendor. Through vulnerability scanning and additional services, they can help merchants find and patch weaknesses that may have otherwise gone unnoticed.
Being aware of your site’s vulnerabilities not only helps avoid potential breaches, but also may uncover other system inconsistencies.
Do: Help Protect Customers From Fraud
More often than not, it is the customer that notices fraudulent activity before the merchant does. However, the consequences of fraud impact merchants just as much as shoppers, so make it a priority to take an active role in watching for it. Consider a fraud management service that will help protect customers in the event malicious activity does occur.
Implement internal checks and always be on the lookout for suspicious activity on user accounts. Numerous login attempts from the same IP address or changes to account data are some potential red flags.
Don’t forget to follow us on Twitter at @McAfeeSECURE for the latest in eCommerce news and events.