The Basics of eCommerce Website Security

August 8, 2016 in Data Breach, Small Business

Talking about cybersecurity is equivalent to addressing the elephant in the room. It needs to be addressed, but the issue often gets pushed to the backburner. Studies show that 70 percent of Americans shop online at least once a month. However, over 30 percent of consumers say they hesitate to make those purchases due to security concerns, like credit card data theft.

As an online retailer, it is time to address the elephant in the room by addressing your customers’ fears. To get you started, we cover four basic—yet essential—website security tips to protect your eCommerce site.


Tip #1: Avoid a $100,000 fine by becoming PCI compliant

You read that correctly, failing to be PCI compliant can land you a fine as high as $100,000 a month until compliance standards have been met.

What is PCI compliance?

PCI compliance is a security requirement created by major credit card brands in an attempt to reduce fraud and increase eCommerce security. The Payment Card Industry Data Security Standard (PCI DSS) applies to all companies who process, transmit and store payment card data online. Although being PCI compliant is not a legal requirement, there are severe consequences that come with being non-compliant. We’ve already mentioned the whopping fines, but in very severe cases, credit card companies can revoke your ability to accept credit cards altogether.

Bonus Tip

When you become PCI compliant, make sure you look into a package that offers quarterly PCI scans. These website security scans allow you to check for any potential security weaknesses and ensures your business is complying with PCI standards.


Tip #2: Know the importance between HTTP and HTTPS

Would you allow a cybercriminal to read private conversations between you and your customers? If you are not using an SSL (Secure Sockets Layer), you very well could be.

What is an SSL?

An SSL is a digital certificate that encrypts information sent between a web server and web browser. It is one of the most effective ways to achieve data security.

Encryption is the process of jumbling plain text to an incomprehensible format during electronic transmission. The text will return to readable format only with the proper decryption key. In other words, only the intended recipient can view the data in legible format.

For example, if a cybercriminal tries to intercept and read a consumer’s credit card entry, they might see, “p>>x !ae{t %hY+ (*u^/” instead of “1234 5678 9012 3456.”

Bonus Tip

When an SSL Certificate is installed on your server, the application protocol, also known as HTTP, will change to HTTPS, in which the ‘S’ stands for secure. In addition to the ‘S,’ the browser will show a padlock and/or green bar next to the URL. These signs indicate the website is using an SSL Certificate and provides the end-user with confidence when making purchases online.


Tip #3: Make sure you can handle a spike in traffic

You want more traffic to your eCommerce site. However, not all Internet traffic is legitimate. Bots represent over 60 percent of all website traffic, and bad bots represent 35 percent. What you might think is an influx of traffic, could actually be a cybercriminal using malicious bots to aid in a DDoS attack attempting to take down your website.

What is a DDoS Attack?

A DDoS (Distributed Denial of Service) attack occurs when a hacker attempts to take down a website by flooding it with multiple requests that consume bandwidth, memory and storage. While the website is down, cybercriminals can inject malware into the website’s source code, steal data and extort money. This downtime denies eCommerce sites of the legitimate traffic and sales. To mitigate DDoS attacks, set up DDoS attack protection. SiteLock DDoS protection offers automatic DDoS detection and triggering with advanced visitor identification technology.

Bonus Tip

Make sure the DDoS protection service you use offers detailed attack reports. This way, you can see where and when the attack occurred. With this level of protection, you can help mitigate the most sophisticated forms of DDoS attacks.


Tip #4: Educate your employees to avoid human error

How would you feel if you were responsible for your company’s data breach? Unfortunately, this is not an uncommon feeling. More than half of security breaches today are caused by human error.

What is defined as human error?

Human error includes, failure to follow proper policies and procedures and failure to keep up with new threats. Even the most experienced IT professionals can cause a data breach. A common security mistake includes using the same, weak password for multiple accounts, allowing cybercriminals easy access to all of your secured accounts.

Educate your employees on website security best practices to avoid falling victim to cyber attacks. When you take the time to educate your employees, they become more aware of cyber threats and the importance of following proper security procedures.

Bonus Tip

Make sure you have a response plan in place in the event of a data breach. Over 30 percent of companies do not and fail to respond to the breach within the first 24 hours of the attack.

If you’d like to avoid a $100,000 monthly fine and keep your eCommerce site in business, give SiteLock a call at 855.378.6200 and we’ll walk you through the PCI compliance process. Don’t forget to ask about our DDoS protection services. We’re available 24/7 to help.

Latest Articles
Follow SiteLock