3 Ways to Protect Your Ecommerce Sites from Hackers


Department stores hire plain clothes security guards and install unobtrusive cameras everywhere to protect their merchandise because their biggest losses come from people simply waltzing in and stealing their stuff. The same is true online. Ecommerce stores also have thieves, although they are given the daredevil name of “hackers,” which makes them sound like smart geeks; but they are as cold and calculating as street-smart thieves.

Now that you understand why you should protect an eCommerce site, let’s talk about 3 practical things you can do to make sure you are taking computer protection seriously.

1. Encourage Strong Passwords.

As a retailer, you know how important it is to protect your customers on the back-end. However, you should also encourage customers to protect themselves on the front-end. While you and your staff may already be using strong passwords to get into the back office, you should also spell out the importance of strong passwords on the page people use to sign up for a customer account.

While not a guarantee of protection alone against a clever hacker, strong passwords are enough to deter less sophisticated hackers. Microsoft’s advice on strong passwords is it should be a minimum of eight characters, and should contain uppercase letters, lowercase letters, numbers, and symbols. Additionally, a strong password should not contain a familiar name—like your user name, your real first or last name, or your company’s name. What’s more it should not be the same as other passwords, but significantly different.

2. Protect Your Customer’s Sensitive Data.

There are two ways to protect customer’s data.

The first way is to protect against fraudulent charges:

You can do this by using an address verification system (AVS) and a card verification value (CVV) for all purchases made with credit cards. These, as the names imply, verify that the card user is entering the credit or debit card registered with the credit card company or bank in the form field and that the user has an actual card in their hands. These steps squelch transactions from someone who has pick-pocketed a credit card or is using a credit card number from a receipt.

The second way is to minimize the amount of stored financial information:

The reason why the data breaches at Home Depot and Target resulted in millions of dollars in losses was because hackers were able to access credit card numbers, their expiration dates, and card verification values. While it may be convenient for customers to store their information on your system for future purchases, it is not a good idea. Keep only a minimum amount of information on hand—just enough to handle refunds and charge-backs.

3. Use SSL and Ensure PCI Compliance.

SSL is an abbreviation for Secure Socket Layer, an authentication protocol to protect data on the web, while PCI is a set of security standards set by financial institutions as guidelines for eCommerce retailers. As an online merchant, you need to use both SSL and follow PCI rules to protect your customer’s information.

Customers are not simply going to trust that your checkout is safe. There are too many news stories of huge data base breaches to make them wary of websites that don’t assure them of steps taken to protect their sensitive information.

It’s not an exaggeration to say that data theft is growing online.

According to a 2014 report from Symantec discussing the growing trend of enterprise level security breaches over the past two years:

“The total number of breaches in 2013 was 62 percent greater than in 2012 with 253 total breaches. It was also larger than the 208 breaches in 2011. But even a 62 percent increase does not truly reflect the scale of the breaches in 2013. Eight of the breaches in 2013 exposed more than 10 million identities each. In 2012 only one breach exposed over 10 million identities.”

Average Identities Exposed / Breach

Dangers of Little to No Security

So what are the dangers faced if you don’t have the proper security?

Hackers are thieves who will steal credit card information as well as any other sensitive personal information they can turn into a profit from your eCommerce website.

Unless, you protect the ecommerce site that you took so long to create and perfect from hackers, you will be out of business. This can happen either from financial losses from direct theft or from the word getting out on social media, forums, and watchdog websites that your eCommerce site is not safe.