Security is one of the biggest concerns for a business operating in cyberspace right now. There seem to be more and more high profiles stories of data loss and compromised accounts, so the issue of data protection is in the public consciousness. A lot of companies aren’t equipped to weather the kind of hit their reputation would take if their ecommerce site were compromised, so it’s vital to know whether your users are safe.
First, you should check if you have the fundamentals in place. Any ecommerce site should be using Transport Layer Security, also called Secure Sockets Layer or SSL. If your site is secured in this way its address should begin with ‘https’ rather than just ‘http’ but this is just the start. For more complete information you should check the SSL certificate and whether it is up to date. Fortunately there are a number of services online who can do verify this for you.
It’s also worth noting that if your certificate is expired, many web browsers will issue the user a warning if they try to access your site, so even if your business isn’t targeted by hackers, out-dated security can still turn customers off of using your service.
Another important thing to do is ensure your system architecture is such that it doesn’t keep hold of any private information for longer than it needs to. This minimises the risk of any unauthorised persons having the chance to acquire it and is required by the Payment Card Industry Data Security Standard.
The best way to know what exactly your current security measures protect you from, and whether you’re safe from the most up-to-date techniques cybercriminals will use to try to acquire private information, is penetration testing.
Also called pen testing, this is where a business hires experts like the team at Nettitude to attempt to gain unauthorised access to their site and acquire data. These experts use every means at their disposal to do so, thereby showing how and if this can be done. Once you know where the holes in your security are, you can patch them, and once again doing this regularly to ensure the protection of your customers is a requirement of the PCI DSS.