Contactless payments are in demand for its fast, convenient and hassle free transactions. With an average of 3.3 cards per individual, your business will lose out if credit card payments are not accepted online. But with recent reports on data breaches and stolen information, is it still safe to collect payments online? As a matter of fact, it is – provided preventive measures are taken in place.
Here are 5 security measures to safely collect payments while preventing a credit card data breach on your e-commerce website:
1. Use Payment Gateways
Image Source: Optimus Merchant
Payment gateways provide an avenue where all credit card transactions go through. It checks, validates and authorize all payments by routing the information and returns a confirmation back to you. Doing so prevents against any credit card frauds on your site as customer’s credit card information gets channeled immediately to a trusted gateway.
Common payment gateways utilized by most e-commerce business include:
- Google Wallet
- Amazon Payment
- Payment Gateways by Your Local Banks
Furthermore, it is advisable to have a terms and conditions for online payments (placed within the checkout page) to declare what measurements have been taken in place to secure payments. You can preview a decent sample here.
2. SSL Encryption & Authentication
For data collected via electronic mediums particularly credit card credentials, an Extended Validated (EV) Certificate needs to be installed. The purpose is simple – to encrypt these data to prevent eavesdropping and man-in-the-middle (MITM) attacks.
Basically, what an SSL does is to create a secure communication link between two parties. For payment gateways, SSL is generally installed as part of their compliance needed to be a gateway provider.
However, if credit card information and other personal details such as user name and passwords are collected on your site, an SSL certificate needs to be installed on your website as well.
SSL Certificate Illustration for E-commerce
With an Extended Validated (EV) Certificate, a green bar of assurance displaying your registered company and location will be initiated on your customer’s browser the second they enter your website, giving them the confidence they need to continue shopping.
EV certificates can be purchased from SSL providers such as Cyber Secure Asia providing DigiCert certificates.
3. Do Not Store Credit Card Information in Database
When customers purchase from your website, they trust you to safe keep their information. As an ethical online business, you musn’t, at any time, store full credit card information of customers anywhere within your servers.
Cyber attackers can make use of SQL injection to attack vulnerable access points to penetrate your server’s database. And if they’re successful at it, there goes all your data including the credit card information you store of customers.
4. Use Security Questions for Financial Data
In some cases, partial financial details may be stored in members or returning customers account. Customers may call or email to request replacement of these details. Before any changes can be made, it is best to prompt security questions that were asked before during account registration.
5. Two-Factor Authentication (2FA) for Login
Consider 2FA for account login on your website for double the security. Having a verified mobile phone attached to the account can minimize the occurrences of cyber theft and scams. Notice how these days social media pages like Facebook and Twitter are asking for a verified mobile phone? You should be following these security trends for your e-commerce business as well.
Challenge in E-commerce
These days setting up an e-commerce business isn’t all that difficult. What’s challenging is building a secure network infrastructure that prevents data breaches while at the same time, functioning optimally to bring in business online via an e-commerce channel. Following these 5 security tips will be a good way to start your internet sales journey.
About Ashlee Ang
Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.