Security for your ecommerce website

Published: Mar 04, 2019

Ecommerce

Running an ecommerce website means that you will be handling a lot of important information; card details, customers’ addresses and log in details all need to be secure. We take a look at the key security measures you need to have in place for your ecommerce website, how you can implement them and other steps you can take to secure your site and build trust with shoppers.

PCI Compliance

All businesses that accept, process, store or transmit credit card information have to conform to the Payment Card Industry Data Security Standard (PCI DSS). This standard has been created by the major card companies - Visa, MasterCard American Express, Discover and JCB. To accept payment from cards for any of these companies you will need to meet their security standards.

Requirements include protecting cardholder data, maintaining a secure network, regularly monitoring and testing networks, maintaining a vulnerability management program and an information security policy, and implementing strong access controls .

For small ecommerce businesses, meeting these requirements can be complicated, so often shops will choose to use a fully hosted payment service. This means that the customer will be taken away from your website to enter their card details and none of that data is stored on your own website.

If you choose to go for a non-hosted payment system for your website then you are completely responsible for making sure that all card details and data are protected, in a way that meets the PCI standard. Each credit card brand has its own classifications for each level of compliance, based on the number of transactions you process with their cards, which can make it hard to work out exactly what requirements you need to meet.

Find out more about choosing an online payment system here and more about PCI compliance here

SSL Certificates

A Secure Sockets Layer (SSL) is a way of encrypting the link between a web server and a browser, this means that it will protect actions taken on a website such as card transactions, data transfers and logins. If you want to secure the activity that takes place on your website then you will need an SSL certificate for that domain.

Even if you aren’t taking payment details on your website, you will probably still have customers creating accounts and entering delivery details, so it’s important that this information is protected. When you have an SSL certificate on your website the start of your URL will be https instead of http, and a green padlock icon will be displayed next to the address - this will reassure potential customers that the website is secure. Not holding a valid SSL certificate may also lead to your businesses website being labelled as ‘non-secure’ by most web browsers.

You can buy an SSL certificate from a range of companies, often they’re available from the same company that you buy your website domain from.

Shopify online security

Shopify meets all of the PCI standards, and is certified Level 1 PCI DSS compliant - this means that all shops using Shopify are automatically PCI compliant.  If you sell on Shopify an SSL certificate will be activated by default for your store’s checkout and any content that’s hosted on your .myshopify.com domain. Find out more about SSL certificates and Shopify websites here.

WooCommerce online security

WooCommerce is not PCI DSS certified, and while it won’t store card details all other requirements to meet the PCI standards are your own responsibility. Find out more about WooCommerce and PCI compliance here.

If you have an WooCommerce website find out how you can set up an SSL certificate here.  

Online security precautions

PCI compliance and SSL certificates are major parts of online security for an ecommerce website, however there are some other precautions you can take to keep your site secure and build trust with shoppers:

  • Require strong passwords when customers create an account.
  • Monitor transactions on your website - keep an eye out for any suspicious activity.
  • Update your ecommerce software on a regular basis - make sure that all the software you use to run your online shop is up to date.
  • Add security badges to your website - Security badges such as Norton and McAfee will reassure shoppers that your site is a safe place to shop.