When you’re just starting your online store, it can seem like a herculean effort simply to get enough customers to make the store profitable. But before you even start selling online, you should deal with another problem: the safety and security of your customers’ information.
If you make one of these three boneheaded security mistakes, you might just find out how quickl;y things can go from great to horror-movie-worthy. (Incidentally, you can be liable for $100,000 or more in fees if your customers’ data is compromised due to your website not meeting security requirements.)
Boneheaded Mistake #1: Not having an SSL certificate for transactions.
Sure, it’s possible to make purchases online without an SSL certificate keeping the transaction private. While most people who build online stores know that this basic security requirement comes with the territory, you’d be surprised at just how many people ignore it complete. Don’t be that online store. Instead, make sure that when you accept credit card payments your transactions are securely protected with an SSL certificate. It won’t prevent all problems, but it will be a vital – and necessary – first step.
An SSL certificate, which allows users to connect securely to the https version of your website, is the first step of ecommerce security:
Boneheaded Mistake #2: Storing your customers’ credit card information when you don’t need it.
An SSL certificate secures the connection between the shopper and your website – it doesn’t protect the data once it is stored in your database. That’s why it’s important that you don’t keep your customers’ credit card information if you don’t need it. And if you do need it, you should consider using use a third-party secure server like Authorize.net in order to make sure that that information is secure.
This is a common mistake because many people simply assume that no one will want to hack their customers’ information – don’t make that same mistake. Be vigilant against hackers.
Boneheaded Mistake #3: Not securing your forms.
Hackers can exploit poorly coded forms on your website to insert their own code into your site, so its essential that your website be coded to resists this type of attack (often called SQL or code injection). In many cases, this is a simple fix; you just have to be aware of the potential problem in the first place.
In truth, website security is a complex topic that involves multiple technical (and legal issues). If you are running an online store, hire an expert to help ensure that your website is secured against hackers. The consequences can be severe if you don’t.