Business websites are an important way for companies to conduct electronic transactions with customers around the world. They are also a way to interact with target audiences for marketing purposes, even for companies that are not completing transactions online. If you want customers to feel comfortable furnishing their personal information or consuming your content, it’s important to adopt appropriate security efforts. For example, ensure that all shopping cart technology keeps customer information secure. As a collector of financial data, your business is subject to federal laws protecting consumer information. Use the following website security checklist to learn the 5 most important things you can do to secure your business website.
1. Protect against hackers with data encryption technology
You are good to go with Secure Sockets Layer (SSL) technology, but you will be better protected with Extended Validation SSL. This technology requires every person who submits financial information on the website to go through a web authentication process. At the same time, your website validates your business identity through SSL certificates.
2. Create unique employee profiles for working with web-based applications that interface with your website
Employees are a potential source of leaking consumer information and other trade secrets. If you give a specific profile, unique log-in information, and limited privileges to each employee, he or she will have a limited capacity to compromise the site’s security. You can also use software restrictions to limit the number of times that any employee can log in to the website within a 24-hour period and prevent them from accessing the site’s applications from more than one location at a time.
3. Require users to create a strong password to register for a customer account on your website
If a person tries to create a password that does not meet your minimum security requirements, she will have to change the password to continue on to make a purchase. A good password includes a combination of uppercase and lowercase letters, numbers, and special characters. It does not allow for common words or phrases or too many repeating characters to be used in a password. Your website should also remind customers not to use their consumer debit or credit card pin number, date of birth, phone number, Social Security Number, or other personally identifiable information as elements of their password.
4. Add layers of security to the website
The basic concept is to create a firewall that protects all of your servers from hackers. Additional measures are asking customers to fill out secure forms as they complete different transactions within your web-based applications. For example, ask customers to log in to any application and then submit a CAPTCHA password before submitting information in a web form. This helps you verify that a real person is completing the form instead of a web bot.
5. Your business wants to meet the merchant data security requirements specified by the PCI Security Standards Council
Even if you use a payment gateway and take additional precautions such as asking customers to provide a three-digit verification number on the back of their credit card, your ecommerce site could still be hacked. Keep consumer credit in a secure database or use a third-party service to collect that information. Don’t create paper records that will contain the personal consumer information of each purchaser unless it is absolutely necessary to your business model. If you do maintain paper records, you must arrange for secure destruction of these documents as soon as you are no longer required to keep them in your physical possession under federal and state laws.
This website security checklist is your starting point for ensuring that your website is safe for consumer use. While consumers may have some kind of fraud protection provided to them by their credit card providers, they also want to trust your business to handle secure transactions. People who are happy with their shopping cart experience on your website will return for future purchases when they have a want or a need. They are potential referrers of the people they know. Your company can also put electronic badges of the types of SSL technology and other security measures you have adopted on the site to reassure consumers. In the course of operating your ecommerce organization, these prevention measures will be worth the peace of mind you feel in using them. In the end, you don’t want to become liable for millions of dollars of losses if your web-based systems are hacked and consumer data is breached and compromised.