Ecommerce Web Design Blog

With so many stories about online fraud, it is easy for those setting up new online shops to shy away from accepting credit cards, opting for bank transfers, money orders or a third party service like Paypal. These are all valid options, but the downside of these options are that you are either making customers wait to get their products while they set up a bank transfer and wait for you to acknowledge receipt of it, or redirecting customers to a third party site - that your customers may never pay or come back from.

Accepting credit cards online can seem daunting, but by taking a few precautionary steps it can make them less of a risk to you and keep your customers on your website longer.

• Make sure your ecommerce or website host is PCI DSS compliant. This is a series of compulsory security and process standards set by card issuers such as Visa and MasterCard for web hosts and merchants. This ensures that your web host has industry-accepted security standards in place for websites that are accepting credit cards and addressed the 1,000s of known website hacking vulnerabilities. You may wish to go further and look for a host who is tested daily by an accredited international scanning service such as Comodo or Hacker Safe (now called McAfee Secure).  If they are parepared to get their own website to meet these stringent standards, it shows an ongoing commitment to the security of your customer's credit card data. 
  
  Note: Osc Works provides a secure PCI DSS compliant environment for our ecommerce servers that is tested daily and formally certified quarterly. For hosting and other package servers, we operate secure servers without any guarantees about whether they are fully PCI DSS compliant at any given time.
• Ensure your checkout system is encrypted with SSL. This is a software authentication certificate that is installed into your website that is used to encrypt data as it travels over the Internet. The minimum standard for SSL today is 128 bit encryption, but some providers go further and offer 256 bits or better. The more bits the tougher the encryption is to crack.
• Use complex passwords for your site admin password (so your customers can be assured that their personal information won't be hacked). Complex passwords involve letters, numbers and symbols.  To generate passwords, try a password generator site like the Security Guide for Windows
  
• Tell your customers about what security procedures you have in place. If a staff member leaves, what do you do with their access passwords? How are you encrypting their data? Are you audited by a third party scanner or your hosting provider? Whatever you do, look for independent validation as this has more credibility in your customer's eyes than just things you say.
• Install a fraud scoring tool like Maxmind.  At Osc Works, we use Maxmind to screen orders for our hosting, shopping cart and web design packages.  The order is tested against a number of criteria (for example, are they ordering from a hidden IP address, does their billing address match their credit card address, is the issuing bank in the same country as the order etc) and the order is assessed for its riskiness. If the risk is too high the order is blocked.  ozCart Platinum now accepts Maxmind as method of fraud protection.
  
• If you are not using a fraud protection software, consider reviewing international orders manually, employing a call back service through your gateway provider or blocking free email accounts like mac.com and hotmail.com.

There are many more 'safety first' precautions you can take, but this list should get you started thinking about security and how to make the most from the web.