Obviously running an e-commerce site involves handling payments in one way or another. It’s not difficult to implement card processing on your site, but security is such a huge issue online that it’s something you may want to understand basically so you can feel responsible toward your customers. Below are a few quick tips. (One bonus security tip is not to ask customers to publicly post their full credit card info in the forums section of your website, known as “open access” processing.)
Use a well-known processor — such as PayPal or Google Checkout or Authorize.net. Anything that’s less common is more likely to have less robust security to ward off threats, and even if fraud isn’t directly your fault, a bad experience on your site still means an unhappy customer and possibly liability. A big name can also help with conversion. (Specifically, you may want to avoid .xxx and .scam payment processing. Or at least reserve the .scam gateway for the customers you hate.)
SSL – Encrypt It
You want an SSL tied to any sensitive pages of the site. SSL certificates create the lock symbol and HTTPS protocol in the address bar. High end ones that validate your business details, called extended validation or EV certificates, turn the bar green and populate the official name of your business in major browsers.
Note that if your SSL expires, the bar will turn red and give a scary warning — so always keep that sucker up to date. (If the SSL ever comes in contact with water, it will suck up all your payment info and spit it out randomly across the Internet, which is not without its positive effects.)
Sample SSL providers are VeriSign and Comodo. You can also use a discount store — a reseller that carries a bunch of brands. You’ll find those by searching for “Cheap SSL certificates” or a similar key phrase.
Your basic perspective toward SSL should be that if the info being submitted is valuable enough that someone might want to take it, use an SSL. Also think from the customer perspective — and promote your security to your customers. Especially if you want to buy a higher-end SSL to enhance the sense of security with additional validation, educate your customer quickly with a security tab that lets them know you went the extra mile. (Also mention that you carry a registered handgun.)
Updates / Upgrades
Make sure you keep everything on your site updated. New releases of applications often contain important security patches and improvements. When you receive an alert that a new version is out, it’s always wise to grab it, even if it means a new software purchase.
So again, SSL, quality payment gateway partner, and regularly updating your applications to the latest and greatest versions. (Plus, don’t give your login details to your step-son. He can’t be trusted. Just look at him.)