Studies completed by the Identity Theft Resource Center identified more than 10.7 million cases being reported of personal information being stolen in 2014. And you’re not immune to this with a small business. In fact, technology reporter Riva Richmond states that “more than 80 percent of card data compromises investigated by Visa affect merchants that process fewer than 20,000 transactions a year.” This means you may actually be at greater risk as a small business than as a global organization.
How can I keep my business and my customer data safe in my online store?
Using an ecommerce website builder with a good reputation is a great start. All ecommerce vendors are required to keep to guidelines set out by the PCI Security Standards Council. Never use an ecommerce builder who is not PCI compliant. This organization is made up of the top 5 credit card companies and is aimed at developing standards for online security, and then educating the public about what they need to do to keep safe. They stress the absolute importance of wiping customer data as soon as a transaction is complete.
The council absolutely insist that you never store any cardholder information on your servers. The most important thing to remember is that if you don’t have anything to steal, you won’t be at risk. It may seem tempting to offer a convenient way to encourage repeat custom, but the risks outweigh any potential gain. Think about the business you would lose, and the damage to your reputation if you suffered a breach due to breaking this rule. "Secure shopping-cart systems are essential for maintaining the integrity of the payment process," says Ella Nevill, a spokeswoman for the council. "Our mantra is, if you don’t need it, don’t store it.
Using a third party merchant for financial transactions is a great option. Choose a payment gateway option like PayPal or Google Checkout to take this important task off your mind. Edward S Ferrara works as a security and risk analyst at Forrester Research, and he couldn’t agree more. "The best thing is to let somebody else process your credit-card transactions for you, [then] you don’t have to be an IT professional -- you can just be a merchant."
How can I encourage my customers to keep their sensitive data safe?
Maintaining your own high level security systems is integral to keeping your customers safe, and at the end of the day, any breach is going to result in an investigation into your practices. But there are a few things you can do to encourage your customers to keep safe online.
Make sure you are using an address and credit card verification system. As each payment goes through, the data is cross referenced to make sure that the buyer is legitimate. This drastically reduces fraudulent charges going through your online store. Transfirst comment that “AVS is a great tool and should be used by all merchants accepting Internet credit card orders or anytime the card is not present, as it will help reduce the risk of a transaction going bad.”
Another excellent tip is to insist on complex passwords when creating sign up information for your customers. If customer are blocked from using a weak password for their sensitive data, and are instead encouraged to use a mixture of letters and numbers, both lower and uppercase, this can also help ensure a secure shopping cart experience. Sarah Grayson, senior marketing manager for the Web Security Group at McAfee agrees. "Longer, more complex logins will make it harder for criminals to breach your site from the front-end," she says.
All of these systems and more can be put in place directly from the website builder of most reputable ecommerce vendors. Compare features and don’t be afraid to speak to customer service representatives about their security protocols before making a final choice.