When you launch your online store, security becomes a topical question. Online stores are a major target of hackers and fraudsters. It’s not surprising because e-commerce sites are the points where people leave their most sensitive information such as their names, addresses, and, of course, credit card details.
That’s why it’s so necessary to be sure that all data transfers in your store are processed in a completely secure way and can’t be accessed by violators.
So, what can you do to protect your customers? Let’s start from the overview of data security technologies which are used in the internet.
HTTPS (Hypertext Transfer Protocol Secure) is a protocol for secure communication over a computer network, with especially wide deployment on the Internet.
HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks.
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
The implementation of the HTTPS for the website requires purchasing the SSL certificate that should be installed on the website hosting side.
As soon as it’s implemented, the website will be able to be accessed through the HTTPS connection, and the visitors will see the padlock sign in their browsers and will be able to check the SSL certificate information.
PCI DSS compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by Visa, MasterCard, American Express, Discover and JCB credit card brands. The standards aim at protecting all card holders and impose on all organizations (be it online or offline) who anyhow process or deal with credit cards. To put it simply, when a company wants to work with credit cards, it is to certify all its processes by these standards. Usually these are companies like payment processors (e.g., PayPal, Stripe, Authorize.net, etc), banks, e-commerce solutions which process credit cards.
How to protect your customer's data
Now that you have an understanding of the main internet security technologies, here’s how to use these technologies in practice.
1. Use HTTPS connection for online checkout
First, you should make sure that the page where your customers specify their credit card credentials is run using the HTTPS connection, and that this data is transferred using encrypted protocol.
2. Don’t store sensitive data
The credit card information of your customers shouldn’t be stored on your server neither at the moment of checkout nor after it’s done. To avoid the violation, this information should be transferred directly to the payment gateway using the encrypted connection.
3. Use address verification system (AVS)
Using of the address verification system is the standard of online payments. You should check if your payment processor uses this system to avoid fraud transactions.
Security in your Store
Your customers’ information is completely safe. Here you will find out what we do to protect your customers’ data.
1. Your store always uses HTTPS
Regardless of whether or not you have an SSL certificate for your site it’s important to know that your store is launched using an HTTPS connection. You can always verify this by inspecting the Network session of your store.
In order to indicate that the checkout is secure, your store shows a padlock image on its checkout page.
However, if you feel that your customers still have concerns and you would like the browser to indicate a secure website, we recommend making your website use HTTPS.
In order to do that, you need to perform the following steps:
- Purchase an SSL certificate
- Install it on your website (your web host can do it, however you need to have a dedicated IP address)
- Link to your store page using HTTPS protocol (i.e. you will need to update some your site’s or blog’s settings)
- Slightly update the integration code (replace “http://app.com” with “https://app.com”) or enable the special option if you use our WordPress module.
- Note: if you see this line in your integration code:
you don’t need to update the integration code. This line works correctly both on HTTP and HTTPS without any changes.
You can also add some additional seals or notes to your customers to show them that your checkout is secure.
2. Your store doesn’t store credit card information
The store itself, and your store in particular, doesn’t deal with your customers’ credit card information. Your store doesn’t collect, store and process such data in any way.
Instead of that, your store supports a number of popular payment gateways. All of them can be divided into two main groups based on the way they interact with your store .
Payments on the payment processor’s secure page
When a customer goes through the checkout, your store sends the order information to the payment processor and then redirects the customer securely to the payment gateway’s website page — this is, where he or she specifies their credit card information. When the payment is done, the payment processor sends a callback containing payment status information to your store . So, a customer’s payment information is processed completely on the payment processor side using a secure protocol and isn’t stored or collected by your store in any way. If you setup the payment method in your store, this provides a redirect from the store to payment page (for ex. PayPal). Such a page uses HTTPS, so your customers can feel confident in the security of their information.
Internal website payments via HTTPS
Some payment processors (e.g. Stripe) are integrated with your store quite differently.
After adding shipping information to his or her order, the customer is not redirected to the payment processor page, but instead sees the payment form right on the checkout page of the store.
In this case your store is working within a customer’s browser (i.e. payment information is not stored on the server where the site resides). It means that when a customer inputs their credit card information, the data is not transferred to the server where your website is stored. Your store connects straight to the payment gateway via a highly secure channel and sends a request with the data for the order. This information is not transferred to your store servers, and is not stored or collected by us. The payment gateway performs all necessary operations with this data and returns a callback to your store .
This solution was verified and approved by a Qualified Security Assessor (QSA) company.
3. Your store is integrated only with reliable payment gateways
We care about your security. That is why your store is integrated only with secure and reliable payment gateways, which use AVS check and other verification technologies to avoid fraudulent payments and guarantee the safety of sensitive information.
4. Your store is PCI DSS certified
Your store is PCI-DSS validated Level 1 Service Provider which is the gold standard for e-commerce solutions worldwide.
The security of your customers’ data is a topical question that you should care about when you run your online store. In order to protect your customers’ data, your online store should comply with these requirements:
- Use HTTPS connection for online checkout
- Don’t store sensitive data on the server
- Use address verification system to verify customers’ payment details
You can seamlessly comply with these requirements without any additional effort. All sensitive information is always transmitted via secure HTTPS channel. We don’t store sensitive data on our servers. We support only reliable payment gateways, which guarantee the security of transactions.
We take care of your customers’ data security concerns, so that you can focus on your business!