HOW TO SECURE YOUR ECOMMERCE WEBSITE
Setting up an ecommerce site is easy these days. Keeping your site safe from hacking, fraud and copycats,
does not require much.
- TRADEMARK YOUR COMPANY NAME AND LOGO
The most important tip for business owners to protect their site and brand is to ensure their name is clear
for use as a trademark. Too many entrepreneurs mistakenly think that because a domain name is available
or that they were able to form an LLC or corporation with their local Secretary of State that their business
name or brand is available as a trademark, but that is not the case.
To ensure that no one else can use your company name and logo, you need to trademark them. This is an
entirely separate process that must be do through a trademark attorney. Registering the name (of the
brand) as a trademark also protects against future copiers, infringers, knockoffs, etc. who may try to steal
or capitalize upon your brand. - USE A TRUSTED ECOMMERCE PLATFORM
Building your store platforms like WooCommerce, Shopify, Click Funnels or WordPress means that you
are paying for people (or you do them yourself) to help you build and host your store as well as take care
of problems like security. A good ecommerce provider will constantly monitor all stores on their platform
for security issues and deploy solutions as problems are found behind the scenes to take care of any
security issues before they become a problem. - USE HTTP WITH SSL = HTTPS
Secure Sockets Layer [SSL] is the standard security technology for establishing an encrypted link
between a web server and a browser. This link ensures that all data passed between the web server and
browsers remain private and integral. SSLs are vitally important to ecommerce transactions, helping to
ensure sensitive financial and personal information is protected throughout the purchase process, while
building trust for your online store and giving shoppers additional peace of mind.
HTTP over SSL is known as HTTPS and offers more security (encryption).
However, a surprising number of websites still don’t support HTTPS, HTTPS protects your customers
and your business from sniffing and impersonation attacks.
For an even higher level of security, i recommend enabling HTTP Strict Transport Security (HSTS).
HSTS tells web browsers to automatically redirect HTTP requests to HTTPS and prevents users from
overriding invalid certificate warnings. This reduces the possibility of fraudulent modifications to your
user’s web requests and helps to prevent man-in-the-middle attacks. - MAKE SURE YOUR SITE IS PCI DSS COMPLIANT
If you’re processing online payments, you’ll need to make sure your site is PCI DSS compliant,
Fortunately, many payment integrators, like Paystack, encrypt and store credit card info for you, so none
of the critical payment data is stored on your side. - KEEP YOUR SITE UPDATED
Unpatched applications and extensions will make your ecommerce site an easy target.
Hackers love low-hanging fruit and often use automated web crawlers to look for sites with unpatched
applications. Keeping your website and backend software updated with the latest security patches is the
single biggest and often simplest step a small business can take towards stopping an attack.
A website that isn’t completely up to date with its security patches is vulnerable to attack. For this reason,
it’s imperative that ecommerce retailers ensure that all available patches have been applied to their online
platforms. Stay on top of release cycles to ensure that those are always up to date. Also use a firewall in
front of the ecommerce store to help protect against vulnerabilities that might be discovered. This is an
additional measure of protection that provides some time before patches are applied. - REQUIRE STRONG PASSWORDS
One way hackers can gain entrance into your site is to use a brute force hack, which basically starts
putting combinations of letters into your site login, hoping to get lucky and crack your password. Using
randomized and long passwords makes this a lot less likely. So, have employees use strong passwords, a
combination of upper- and lowercase letters, numbers and symbols, or use an online complex password
generator to protect yourself. Also have people change their passwords every 6 months, if not more often. - OTHER POINTS
The easiest way to protect yourself against credit card fraud for online orders, and the resulting charge
backs, is to ship only to the verified credit card billing address. If the buyer wishes to have a different
shipping address, the merchant could require that the buyer give the alternate address to the credit card
company. Then the merchant can verify this. And have signature required for the delivery, to ensure the
package was in fact received by the buyer.
You can also use an AVS (Address Verification System). An AVS will confirm the billing address
entered by the client, with the address on the credit card company’s data file. This should pre-warn you of
any possible fraudulent orders. You can then do some manual due diligence on the order to confirm its
authenticity. HOW TO SECURE YOUR ECOMMERCE WEBSITE
Visit www.wehostafrica.com for guidelines on how to secure your ecommerce website.
