Are you starting your first eCommerce website? Maybe it’s been a while since you last triple-checked your security. With cyber-crime on the increase and new threats emerging all the time, it might be difficult to know where to start. Here are the five pillars of modern eCommerce security. Are you protecting yourself and your customers with these five small but important security layers?
SSL certificates allow a secure connection between a web server and a browser. As you know each browser is a little different, but whether a visitor is using Chrome on an Android device, or Safari on a Macbook, all browsers clearly indicate whether a website is secure or not.
At the very least, your website address will begin https. SSL certificates get issued after verification of the connection between a legitimate business, its location, its domain name, and its server name or hostname.
Apart from the obvious – that it keeps you and your visitor safe – an SSL certificate increases your visitor’s trust and legitimises your business. These certificates are an increasingly common standard for eCommerce websites; some browsers will even attempt to stop users from proceeding to a site if there’s no certificate present.
And it’s not just users and browsers beginning to distrust unsecured webpages; Google has announced that it too will look for an SSL certificate on your website when deciding where you’ll rank. Simply put – when it comes down to you versus your competitor, an SSL certificate could be the difference..
There are different levels of SSL certificate you can purchase, but only the EV (Extended Validation) certificates will turn your visitor’s address bar green and show your company name.
Depending on your current set-up, you may already have an SSL certificate. You can check by plugging your website into UKFast’s SSL Checker. If you don’t have one, you’re in luck, you can purchase a range of SSL certificates as part of your hosting solution with UKFast.
The PCI logo is one you might be more familiar with. It’s a sign that a website is compliant to ‘The Payment Card Industry Data Security Standard’ or PCI DSS for short – because that’s a really long title! The PCI Security Standards Council devises these standards; they’re a global body whose sole purpose is to keep your visitors safe when they hand over their card details.
These standards are supported by all major banks and clearing houses, and failure to comply could result in your company having its merchant account revoked. PCI compliance is mandatory for eCommerce websites which take payments – so this means you!
Yes, these standards are really important. If your website accepts credit card payments but is not PCI compliant, you could receive huge fines from the PCI Security Standards Council, and get deny listed on the Visa/MasterCard Terminated Merchant File (TMF).
As an industry-leading hosting provider, UKFast offers PCI compliant hosting, ensuring that credit card payments processed by you on UKFast’s solutions meet the latest PCI compliance standards.
DDoS protection prevents your website from falling victim to a Direct Denial of Service attack. Just like an attack on a bricks-and-mortar store, there could be a whole host of reasons an attack might happen. Technically the attack works by overloading your server with fake traffic, toppling it and putting your eCommerce website offline.
DDoS attacks traditionally happened without warning – the sole purpose was to catch you off-guard, toppling your site. More recently, an impending DDoS attack is used to ransom you for money. It’s impossible to know for sure whether a threat is legitimate, and payment might feel like an easier alternative than having your website go offline.
If a persistent DDoS attack happens to your business it could prevent communication with customers who have existing orders, and will, of course, prevent new business from coming in. Websites which are persistently down also lose some of their search optimisation, and will appear lower in search results and in extreme cases stop appearing at all.
DDoS protection means not having to worry about these attacks. Even during a DDoS attack, products like UKFast’s DDoSX™ identify fake traffic and filters it away from your solution.
You’ll already be familiar with the concept of a firewall on your own machine, and a server firewall works in much the same way; it’s a protective layer which monitors data coming through the network and revokes access to anything which looks suspicious.
Just like DDoS protection, a firewall prevents downtime, which means that your business can continue to operate 24/7/365. A firewall also helps to protect against the breach of sensitive information.
Unless you’re managing your own server, you’ll need to ensure that your hosting provider has one installed. UKFast’s Cisco ASA shared firewalls come as standard and you can upgrade your security even further with a dedicated redundant firewall for your business-critical infrastructure.
The GDPR is the General Data Protection Regulation, created by the EU to better protect the personal data of European residents. It will apply to your business – before the UK has left the EU – on 25th May 2018. After leaving the EU a very similar set of rules created specifically for the UK (the Data Protection Bill) will come into force.
In short, there are fines and reputational damage on the horizon if you fail to be GDPR compliant. Preparation for this change is essential because it applies to all businesses which collect and move personal data. It’s one of the biggest changes to data regulation ever to take effect, and each business will have its own responsibilities dependant on their processes.
There is no single switch to flick with the GDPR. Each business will need to assign someone who thoroughly understands the new regulation to conduct an assessment of current practices, and ensure that future practices remain compliant. A better understanding of the GDPR is your first step to becoming compliant, so why not try UKFast’s complete guide to GDPR?
Want to know more about the GDPR?
Stream our existing GDPR webinar series and tune in LIVE to ‘GDPR and Employee Education to Reduce Human Error’ on 18th October at 11 am.