E-Commerce Data Security Best Practices

Online shoppers want to be sure that their account information is handled in a safe manner, before they place an order on an e-commerce website. Web-based merchants must address this need, not only because it makes a sound business sense, but also because it is required by the Payment Card Industry (PCI) Data Security Standard (DSS). E-commerce merchants are required to undergo a regular evaluation to ensure compliance.

There are, however, simple measures that can be implemented that can go a long way toward creating a safer shopping environment. The fight against fraudulent transactions starts with creating the right content and implementing the necessary fraud prevention measures on e-commerce websites. Web-based merchants should consider the following best practices on data security when building their websites:

• Create a page that educates both visitors to your website, as well as existing customers, about your organization’s information security practices and controls. In particular, you should:
  • Inform consumers how their card account information is protected:
    • During data transmission.
    • On your website’s server.
    • At your physical location.
  • Make the page available to all visitors to your website through a link on the home page. It is a good idea to place this link in the home page’s header or footer, which will in most cases make it accessible from all pages of your website.
• Create a “Frequently Asked Questions” (FAQ) page that provides detailed information on how consumers can protect themselves when shopping online. Be specific in your suggestions and do not assume that some information is too obvious to warrant mentioning. For example, tell visitors how to identify whether or not a check-out page is SSL-secured or not, what it means and why it is important.
• If you are using Verified by Visa or MasterCard SecureCode, add the logo to your home page, security information page and checkout pages. Also included should be instructions on how both programs work and how they protect cardholders.
• Do not use and advise consumers against using emails for communicating transaction information or any other sensitive data. Some customers may wrongly believe that email is a secure way for transmitting personal account information, when this is actually a non-secure way of doing business. In order to protect consumers, you should highlight your organization’s best practices for data security on your website and in all reply emails. In particular, you should inform consumers that:
  • Email is a non-secure way for transmitting information and should never be used to transmit card account numbers or other sensitive information.
  • Your website incorporates information encryption capabilities that offer reliable protection from unauthorized access and provide cardholders with the safest way to shop online.

Image credit: Wissenman.ru.