Preparing Your Online Business for Mobile – Focus On: Security
As more and more consumers and organizations alike rely on smartphones for everyday activities, having a functioning and secure mobile site is going to be even more important for retailers today. However, the bounce rates and low conversions for mobile sites still stand in the way of mCommerce becoming a viable channel for most online businesses.
Mobile commerce is the next frontier of retail, but before merchants can embrace it, they must step back and assess the necessary components for success. With 41% of consumers still worried about security when shopping on their mobile phones and tablets, providing a safe platform to do so is crucial to increasing sales.
Below, we discuss several security related must-haves for retailers creating their mobile sites.
Native Apps or Mobile Websites?
Before you can start checking boxes, it’s important to decide which kind of mobile site will work the best for your business. While there are some best practices that apply to both, the security requirements for native apps versus mobile sites can vary. To an extent, some consumers will still access your website from a smartphone or tablet even if there’s a stand-alone app, but prioritizing the form that fits your business model will make security easier in the long run.
Many of the security requirements for eCommerce websites apply to their mobile counterparts, but there are still some additional factors that merchants need to take into consideration.
Encrypting sensitive data like credit card numbers is an essential security practice for any form or eCommerce site, but it can often be often overlooked when establishing mobile channels. All information shared between the end user and merchant must be secured with an SSL certificate—meaning all pages where data is entered are preceded by “HTTPS”. Shoppers routinely access mobile sites and apps from insecure Wi-Fi networks, so protecting the data in-transit from snoopers and sniffers is imperative for safe mCommerce transactions.
While it’s a universal security best practice to never store sensitive customer data unless absolutely necessary, this rule is especially important for native mobile shopping apps. Customers entering payment details directly into an app that lives on their device are at risk if the information is left there unprotected in cookie form. Some web browsers store HTTP cookies as clear text unencrypted files, which can leave sensitive data vulnerable in the event that a user’s mobile device gets lost or stolen.
Follow PCI DSS Guidelines
With these user-end risks in mind, there are a number of mobile specific guidelines outlined by the PCI Security Standards Council that merchants need to follow. In February of this year, they published a fact sheet with specific steps to take in order to implement better mobile payment systems.
While these tips are just the tip of the iceberg when it comes to mobile security, working with developers to follow these guidelines will help keep customers safe, no matter how they choose to interact with your business. For more ways to create secure mobile websites, check out our other post on the subject.
Share your thoughts in the comments below, and be sure to follow us on Twitter @McAfeeSECURE for the latest eCommerce news and events.