If you have, or are planning, an e-commerce store, it is vital to make sure that customer data is secure and that you have systems in place to prevent fraud and scams. The ‘padlock’ symbol emphasizes that sensitive information is protected, and it’s a good idea to have third-party certification of your e-commerce security.
Essential security measures
Having the right security measures in place is essential to maintain customer trust and confidence, and to ensure customer retention and loyalty. Alongside the basic tools of internet security – firewalls, anti-virus software, and password protection – an e-commerce website should meet requirements for:
- privacy: details such as credit-card information and addresses must be safely and securely stored, and only available to authorised people
- integrity: all communications with customers must be protected from interference by third parties such as hackers
- authentication: there must be systems in place to ensure that customers and the website can authenticate their identity
- validity: the integrity and validity of all data and communications must be proven, to prevent rejection of transactions
E-commerce solutions – whether bespoke or off-the-shelf – should include the following tools to meet these security requirements:
- encryption: this protects the privacy of communications by scrambling information sent over the internet between the e-commerce website and the customer, so that it can only be read by the intended receiver, using an electronic key or decoder
- digital signature: this is an electronic code which is attached to data sent between an e-shop and the customer, which proves the identity of each party and validates the data
- Secure Socket Layer (SSL) digital certificate: this is issued by a recognised third-party authority and gives an online retailer a unique, secure and recognised digital identity
Security standards and threats
If your online store accepts direct payments, the transaction part of your e-commerce solution should meet the Payment Card Industry Data Security Standard (PCI DSS). This is a series of tests and principles designed to improve the security of credit card data when it’s stored online.
Online threats are continually being developed, as are the security measures that combat them. It’s important for an e-commerce business to update online security on a regular basis to maintain the trust of customers.