You Need to Make Your Online Store More Secure. Here’s How.
August 20, 2020
Consumers who prefer to shop in-store rather than online cited “do not trust online security” as one of the main reasons why. And the 13% who responded this way in the survey did so fairly recently — just three years ago.
Trust is an important factor when shopping online.
If you have a security breach and sensitive customer data ends up in the hands of hackers, you’re going to lose a lot of business. Why would someone trust you with their credit card number if you’ve shown you haven’t been able to protect such information in the past?
One single security breach could very well lead to your store closing its virtual doors.
5 Must-Have Tools, Apps & Security Measures for Your Online Store
To prevent that from happening, you’ll need to take all the necessary steps to ensure your site is secure.
At the very least, you should be using the following five online security tools.
1. Secure Hosting
Before we get into specific security apps for your ecommerce store, it’s important to address the foundation of your site — your hosting provider. After all, it doesn’t matter which plugins you install if your hosting isn’t secure to begin with.
In addition to protecting customer info, you should find a solution that’s able to consistently keep your site online as well. While it’s not as bad as a data breach, downtime also does damage to your reputation.
When choosing a hosting provider, look for the following security features:
- 24/7 Server Monitoring: The cornerstone of any effective security system is software that automatically detects and fixes potential issues.
- Secure Shell Access: This network protocol offers a secure way to access a remote server over an unsecured network.
- DDoS Protection: Distributed denial of service (DDoS) attacks involve software that mimics the activity of many users visiting your store at the same time, thus overwhelming your servers and crashing your site. DDoS protection tools such as Cloudflare are able to prevent these attacks.
- Automatic Backups: In case an attack on your store does succeed, you’ll want to get it back up with as little data loss as possible. Ideally, your hosting provider will automatically back up your site on a daily basis.
It’s also worth noting that many ecommerce platforms are essentially all-in-one services that include secure hosting. Both BigCommerce and Shopify offer hosting with Level 1 PCI compliance, and BigCommerce even guarantees 99.99% uptime.
2. SSL Certificate
Many hosting providers will also provide users with a free secure sockets layer (SSL) certificate. BigCommerce and Shopify offer free SSL certificates to all stores that use a custom domain.
Essentially, an SSL certificate ensures that data sent between your server and the user’s browser is encrypted. And while an SSL certificate certainly does make your store more secure, the more important factor for your bottom line is that it will make visitors perceive your store as more secure.
This is because the SSL certificate is what makes the lock icon show up next to your URL in the address bar of the user’s browser. If they don’t see that icon, a good chunk of your visitors simply aren’t going to trust you with their payment information.
3. Access Restriction & Activity Logging
Another way for data to be stolen from your store is if someone figures out the login credentials to your account. Online businesses that have multiple users on their account (and therefore, multiple sets of login credentials) are especially vulnerable to this threat.
Thankfully, the top ecommerce platforms have put protections in place to help prevent this sort of malicious activity, and there are also plugins you can add to your store for even more protection.
For example, the administrator of a Shopify account can set the following permissions for other users:
- Full permissions: Allows users access to all sections of the admin dashboard, except for sensitive account and financial information.
- Limited permissions: Allows you to block users from accessing certain sections of the admin dashboard (customer records, settings, etc.). They’ll still see these sections listed in the sidebar, but they won’t be able to click on or view them.
You would be wise to set limited permissions for your users as much as possible. That way, the damage will be minimized if anyone’s account is compromised.
Another smart move would be to track the activity of all the users on your account. The Logify app is an excellent tool for this purpose, though you should note that this is a Shopify exclusive.
This app keeps track of every change made to your Shopify store, as well as when they were made and who made them. If you suspect something fishy is going on with one of your user accounts, Logify gives you the ability to quickly find out.
Another example: The premium version of Magento, Magento Commerce, includes features for both setting user permissions and reviewing action logs. And if you’re using the free Magento Open Source version of Magento, you could add this functionality to your store by installing the Admin Actions Log extension.
Admin Actions Log tracks all the changes that users make to the backend of your store, and it also allows you to review the time and location of both successful and unsuccessful login attempts.
4. Spam Blocking
If your blog or other areas of your site have a comments section, this is another security issue that you’ll need to address.
You’ve surely seen spam comments elsewhere on the internet — random people posting a message that promises something like an opportunity to earn $100 per hour working from home, along with a link that you can click to learn more. And of course, no such opportunity exists, and any visitor who clicks that link will likely find themselves exposed to a cyber attack.
To protect your customers, you’ll need a tool that can proactively stop these comments from being posted on your site. If Shopify is your ecommerce platform of choice, then you can use the reCAPTCHA Spambuster plugin to accomplish that task.
Spam comments tend to be posted automatically by bots. The reCAPTCHA system developed by Google can verify whether or not a visitor is a person or a bot, and then it can prevent bots from being able to complete an action on your site.
Also, the version of reCAPTCHA used by reCAPTCHA Spambuster doesn’t require visitors to select which images include a certain object or jump through any other hoops — so, you can block spam comments without frustrating your customers.
5. Fraud Prevention
Finally, you must find a way to protect yourself from the financial impact of people fraudulently making purchases on your site with someone else’s payment information.
This type of fraud pulls down your bottom line in two ways: Once the fraud is discovered, you’ll need to issue a refund for the order, which means you just lost an item from your inventory without receiving any revenue in return. And then, your bank will likely hit you with a chargeback fee for the reversed transaction.
Fraud prevention tools such as the NoFraud app can save you from such expenses. NoFraud will assess the validity of each transaction on your site and give it a pass or fail grade — and if a chargeback fee ends up being issued for a transaction that NoFraud approved, NoFraud will pay for it.
The Bottom Line: Your Store Needs to be Secure
Once you’ve implemented fraud prevention and the rest of the security measures covered in this guide, your customers will be better protected. And, your online store will have a much better chance at achieving long-term success.
With these tools, apps and best practices in place, you’ll be that much closer to creating a secure environment. One that better protects you and your customer — what’s not to feel good about that?
Adam Ritchie is a writer based in Silver Spring, Maryland. He writes about ecommerce trends and best practices for Shogun. His previous clients include Groupon, Clutch and New Theory.