E-merchants: 5 tips for offering secure shopping for the holidays

by bold-lichterman

Numbering 300,000 today, households victims of bank fraud have been steadily increasing since 2010, according to a report published in September 2015 by The National Observatory of Delinquency and Criminal Responses (ONDRP). In its conclusions, ONDRP identifies the development of e-commerce as the main reason for this increase! Indeed, 34% of cases noted by the organization result from an online purchase on the Internet.

Many good practices are recommended to consumers so that the enthusiasm related to the holiday season is not spoiled by the fear of being hacked. However, the responsibility of the owners of online stores is not left out! To guarantee connected shopping for French people with complete peace of mind, retailers must strengthen the security of their activity. To achieve this, many provisions are within their reach.

According to Fevad2, French e-commerce represented nearly 164,000 sites in 2015. The turnover of online sales thus climbed to 56.8 billion euros. Note that Internet users are also more likely to carry out transactions from a mobile. In the 1st quarter of 2015, there were 6 million mobile users. The mobile commerce market, M-commerce, is estimated at 4 billion euros.

Just like traditional physical transactions, payments over the Internet must meet strict security rules. Indeed, e-merchants are the first victims of credit card fraud. One more reason to get closer to practical solutions, developed in particular by IT and financial players. Here are five recommendations for a secure e-commerce site.

Ensure SSL certification applies to the entire site

Once installed, the SSL certificate activates the “https” protocol (via port 443) in browsers, in order to ensure a secure connection between the web server and the browser.

This security is symbolized by a padlock in the address bar, in order to reassure users. E-merchants know they are securing banking transactions, data transfer, and login information, such as usernames and passwords. Also, it is very prudent to ensure that the application of this certificate is not limited to banking data. Indeed, it is better not to underestimate the consequences of password theft. Access to an e-customer’s password can potentially allow hackers to make changes to order delivery information.

From the start of the design of the e-store, think safety before functionality!

When designing their site, e-retailers are often constrained by urgent deadlines. They may then be tempted to create practical site functions as a priority, while neglecting security standards deemed to be more secondary. Then, because the standards require it, it is then necessary for them to update their e-store by integrating the security functions. The owners are then forced to call on developers to carry out a double mission: keeping the site online and updating back office work. To avoid such a time-consuming and costly process, it is recommended not to ignore safety from the start of construction of the site.

Use a PCI DSS certified provider (Payment Card Industry Data Security Standard)

To guarantee customers with bank cards protection against the risk of fraud and possible breaches of privacy, e-merchants are strongly recommended to use a service provider who will offer them an online payment platform that respects the PCI DSS standard. This data security standard was established by organizations that issue credit cards to reduce the theft of card numbers, online or offline. In addition to securing transactions, this option has the advantage of freeing the e-merchant from processing and transmitting credit card numbers – so you don’t have to comply with the PCI standard.

If, however, the e-merchant wishes to accept and validate credit cards themselves, they will also have to comply with PCI standards.

CMS software users, don’t overlook their security updates!

CMS security updates should be regular. Not paying attention places the store in a high risk situation of database hacking. The fraudster who would have access to it could create redirection pages for the payment of orders.

IDS / IPS security probes: the spare wheels for retail sites

IDS for Intrusion Detection System (intrusion detection system) thus enables knowledge of successful and unsuccessful intrusion attempts. IPS (Intrusion Prevention System) provides detailed information on the status of security solutions, blocks malicious programs before they infiltrate the information system. Their installations come in addition to previous applications.

To reassure the French who are considering connected shopping, e-merchants have all the cards in hand.


Christophe Boitiaux 2015Christophe Boitiaux is Marketing and Communications Director of Waycom. A graduate of the Sorbonne Business School (IAE de Paris), current member of the board of directors of CMIT (Club of IT marketing directors), and member of the board of the Cloud Confidence association, Christophe Boitiaux has more than ten years of experience in IT Marketing.