How to Stay Safe as an Online Merchant

Jun 12, 2017 6:31am


online merchantSafety for ecommerce brands is essential. And it’s not just about the nuts and bolts stuff – ecommerce security impacts customer experience and brand longevity, and it reverberates long after a security scare has been addressed. 

If you’re selling products online – whether that’s on social media, through a marketplace or your own store – get to know the basic behaviors of ecommerce safety: monitoring, updating and revising.

Here are some strategies to help you stay safe as a seller and protect your customers (check out these small business cyber safety resources, too).

Invest in a secure web environment

The platform you use will have a big impact on your web security; make sure you go for a sophisticated one with a proven security track record. Once you decide on a solution, don’t just settle for its default security settings — customize it with plugins, packages and/or tools that enhance your security wherever possible.

  1. Have an admin panel that’s as secure as possible — preferably only available on your internal network.
  2. Secondary authentication is a good idea, especially for open-source environments that are susceptible to frequent cyber attacks and threats. Speaking of, you can purchase security plugins for your open-source site to get full functionality and better support.
  3. Server-side safety is very important — make sure whoever is managing your servers for you is in control and knows how to operate a safe network.
  4. Using a hosted ecommerce environment like Shopify or others such as Volusion and BigCommerce means placing a lot of faith in your ecommerce provider. These companies have secure closed networks and servers, so you don’t usually have to worry about outages and risks, but you’ll ultimately have less control over security (not necessarily a bad thing).
  5. If you are mainly selling on marketplaces or social media, you may be more vulnerable to scams and hacks, so make sure that you use strong passwords and keep any private customer interactions private.

Put up firewalls and security layers

Short of buying more bandwidth, firewalls are your best bet when it comes to preventing denial of service or distributed denial of service attacks (DDoS: where hackers attempt to flood your system and crash your site). Penetration testing can help unearth any issues. 

  1. Application gateways act as a checkpoint, whereas proxy firewalls make it almost impossible for anyone to access your network. Both will need to be manually configured so that they function properly and let good traffic pass through. Firewalling that is too aggressive can cut off web traffic and impact user experience (though sometimes this is an inevitable security trade-off). Ecommerce sites can benefit from cloud-based DDoS protection and managed domain name system services to further protect themselves from attacks.
  2. Add extra layers of security to any applications and page scripts like contact forms and logins — these can be major points of vulnerability. Always clarify parameters to prevent hackers from injecting harmful code into your site. 

Update frequently

Staying on top of web updates is key — they will keep your store safe and functioning correctly. 

  1. Update your site as soon as possible when new tech updates are announced (you can usually turn auto-updates on). Patch your systems immediately — including third-party code like Java, Joomla and WordPress plugins. Always get rid of any unnecessary, aged plugins as they can pose a security risk.
  2. Update your SSL certificates — they expire and need regular updating. Here’s some more information on SSL updating.

Backups (that work)

Backups will save your life if something goes wrong — so make sure that you test them regularly (and that they actually work). 

Many brands are ultimately failed by backups because they turn out to be incomplete, not allowing for full site recovery. You need to test your backup system and ensure that you can actually restore your site and data from it. Remember, a proper backup needs to cover all assets, including anything on server side.

Another great thing about backups? Use a script to run alongside your backups to save you precious time and stress when you are panicking (like when your site is down and customers can’t make purchases).

Minimize bad bots and stay informed

Bots crawling the web can steal confidential data like prices and product details, and in extreme cases they may even cause your site to malfunction by inserting malware. You can’t 100% block bots from your site — they are crucial for search engine indexing — but you can limit the number of bad bots accessing it.

  1. Put a limit on how many user requests you allow; this is one of the most effective ways of disabling bots who behave totally differently to a web user.
  2. Implement system alerts that immediately inform you of any suspicious activity. You can even have these on your mobile so that you are always in control.
  3. Real-time analytics are important when it comes to spotting suspicious patterns and behaviors. Stay informed on other potentially suspicious activity like file changes — known as file integrity monitoring, or FIM.

Get clued up on payment security

Storing people’s credit card and payment details is one of your most important jobs as an online merchant, so make sure that you are clued up on payment security.

  1. Use adequate encryption and SSL certificates. (The PCI Security Standards Council requires all organizations to upgrade to TLS 1.1 or TLS 1.2 by June 30, 2018.)
  2. If you are using a third-party vendor, ensure that you understand how they are handling customers’ details.
  3. Always verify card and address details to reduce the risk of fraudulent transactions. Geo-targeting can also help eliminate these transactions.

Manage your data safely

Storing customer data is a big responsibility — don’t take it lightly and don’t mess with the trust they have placed in you.

  1. Ensure that you understand just how important privacy is for your business, and that all members of staff (including virtual assistants and contractors) understand the importance of privacy and data protection.
  2. Purge customer data frequently and don’t store any more data than you have to. You want paying to be easy for customers, but storing credit card details opens you up to risks and vulnerability. Consider integrating with mobile payments for customer convenience and improved security.
  3. Have a data recovery and disaster plan in place — this is very important and is something that a lot of merchants neglect. Planning once a crisis hits is too late; you need to be prepared for the worst-case scenario in cybersecurity.

Be ready for a surge

A site that goes down is vulnerable and costly, so be prepared for sudden web traffic surges by using a security solution or service. Every year, for example, sites go down during holiday shopping season, which can be devastating for sales figures and brand reputations. Don’t let that be your business.

Think beyond compliancy to what safety could potentially achieve for your brand. At the end of the day, a safer web environment is faster, leaner and more profitable. A sustainable web business needs to rest on solid and safe foundations — don’t skimp on security. What’s your biggest ecommerce security concern?

About the Author

Patrick Foster is an ecommerce writer and marketer with 10+ years experience in this volatile industry. He loves to create content for entrepreneurs and business owners that helps them hustle and succeed. Patrick is a passionate advocate of ecommerce entrepreneurs and small businesses.