Here are five things ecommerce site owners should be aware of to ensure that your platform is secure for you and your consumers.
The ecommerce market in Asia is booming and it shows no signs of slowing down. A thriving region when it comes to internet connectivity, and home to the most engaged mobile Internet users globally, Asia-Pacific is expected to hit $1.77 trillion (U.S.) worth of ecommerce sales by 2022.
APAC's e-commerce growth to hit 14.2% in 2019: Fitch Solutions, evident in the latest Singles Day sales, in which ecommerce platforms saw record-breaking sales numbers and a tremendous increase in online sales compared to previous years.
However, as it becomes more convenient for consumers to shop anywhere, any time, on and across multiple devices, ecommerce sites have become a natural target for cybercriminals because they hold rich amounts of personal information.
In Singapore, popular home-grown fashion label Love Bonito was hit by a data breach in December 2019. A malicious code was added to its online site, resulting in the exposure of customers’ personal information. In 2018, PayPal and the largest ecommerce platform in Singapore, Qoo10, also suffered a series of data hacks. Major online marketplaces such as eBay and Taobao have also had their customer databases compromised.
The spate of cyberattacks in recent years have incited fears and concerns over the sharing of personal information online. While consumers are taking ownership of sharing their personal information, ecommerce site owners must also ensure that their platform is secure.
So what should you do?
The web hosting industry is crowded with many options when it comes to service providers. It is critical to find the right partner that will support your business needs and goals.
Although all web hosting services tend to offer attractive packages, they may not be upfront about features that offer security protection for your site. Consider if the hosting partner proactively protects your site, whether there’s constantly monitoring involved, and what is the response time. If they do not offer these features, you’ll need to consider engaging another partner or hire a separate agency to do this for you.
Secure Sockets Layer (SSL) is a security protocol used to provide a secure passage between your customers’ web browser and your site. Hypertext Transfer Protocol Secure (HTTPS) on the other hand, refers to the lock icon most commonly seen in the address bar of web browsers.
This means that when customers are shopping on your site, information such as credit card information are transmitted safely, without the risk of any eavesdroppers and thus, less vulnerable to cyberattacks. Together, SSL and HTTPS will help your business secure connections with your customers.
It’s overwhelming to start your business online, and that is why it is crucial to take time and search for the most suitable ecommerce platform to bring your business to success. Similarly, there are many options in the market and businesses need to think long-term—not only what the platform can help you with now, but also how it can help your business in the future.
Whether you decided to go with established ecommerce platforms like Shopify or Magento, or even bespoke services that can tailor to your specific needs, you should pay attention to how these platforms are updating and patching their software features. The more regular they do it, the more secure the platform is.
The golden rule for storing of customer’s information on your ecommerce site is: Only store what you need. In the case for Love Bonito, ramifications of the data breach might not have been severe if they had not store highly sensitive information such as credit card details. For information that you choose to keep a record of, make sure that you have a monitoring service to ensure that they’re stored safely.
Payment Card Industry (PCI) Data Security Standards (DSS) Council is a global organisation that maintains, evolves, and promotes payment card industry standards for the safety of cardholder data across the globe. Every business, regardless of the size and volume of transactions on your site should strive to be PCI DSS compliant because it ensures that your business and customers are protected.
There are different levels of PCI DSS compliance and they are classified based on the annual number of credit or debit card transactions your business processes. In order to be certified, businesses need to take a self-assessment questionnaire to assess your current compliance level. From there, you’d need to submit documents and the entire process could take up at least a few months to over a year. Ideally, businesses should plan ahead and aim to get their site certified, before launching it to the public.
With the heavy focus on privacy and data breaches these days, security is now top-of-mind for both businesses and consumers. As an ecommerce site owner, it is crucial to take preventive measures to protect your business against common cyberthreats out there.
Progress Sitefinity is the first content management system (CMS) to provide security features as a built-in feature, and many businesses rely on Sitefinity to deliver their web presence in a secure manner. With multiple layers that can prevent different types of attacks, Sitefinity is a reliable partner in this never-ending war of cyberthreats.
Learn More about Sitefinity
Andrew Kwek is the technical director at Bray Leino Splash. He has been in the digital interactive industry for 20 years. He started as a developer and moved to a management role. Throughout his professional career, he has been involved in many sites revamps, campaign builds and maintenance.
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You have the right to request deletion of your Personal Information at any time.
You can also ask us not to pass your Personal Information to third parties here: Do Not Sell My Info
Copyright © 2020 Progress Software Corporation and/or its subsidiaries or affiliates.All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.