By Mike Auger
Running an online business in 2015 is exciting and scary all at the same time. With the documented explosion of the number of online and mobile transactions, getting a piece of that pie has become a goal of many traditional brick and mortar businesses. As a business owner you would never leave your cash till sitting on the counter with the front door unlocked. Online business owners absolutely need to have the same vigilance when it comes to online transactions. Depending on your merchant services provider and/or payment gateway, there may be required security steps business owners need to implement in order to use their services. Fines and penalties may also be levied against businesses that are not following certain best practice security protocols.
One of the simplest and easy ways to invoke security features for any online store is the installation of an SSL certificate. SSL certificates encrypt all of the data that is collected on a website and web browsers will clearly indicate to users anytime they visit a website that has an SSL installed. Some browsers are even starting to warn users when they visit a site that does not have an SSL installed. A common misconception that some online business owners have is that SSL certificates are not necessary and can be skipped as a cost savings measure if they chose to use an offsite payment service provider like PayPal. The thinking here is that because the payment transaction itself is being processed off site via PayPal or another similar self-hosted payment processing service, there is no need to have an SSL to secure the website. Only part of this is true – while technically the payment information is in fact being captured by the 3rd party and not the business’s website, there are still many benefits for using an SSL certificate on the online store since it secures any and all information that is entered into the website. Login and registration pages, contact us pages, as well as the store admin area will all be secure and web browsers will show the familiar ‘padlock’ icon which instills buyer confidence and establishes a level of trust that buyers expect. A better question to consider in this scenario is “Why are you requiring your customers to leave your main site to complete their purchase anyway?” The reasons and marketing ramifications of jumping your customers off site to complete the transaction is beyond the scope of this article, however it should be mentioned that this practice generally results in more abandoned carts and lower overall conversion rates.
Thinking more about secure transactions and payments, examining your overall site architecture and the technology used is also beneficial. Did you know certain payment gateways REQUIRE online stores to be using a PA-DSS certified software platform? The Payment Card Industry (PCI) has developed the Payment Application Data Security Standard (PA-DSS), which contains a large set of requirements that software developers must follow to insure that the sensitive customer information is being handled securely. By using a PCI certified ecommerce platform, storeowners are assured of meeting many of the guidelines defined by the PCI Security Council as well as achieving security around online payments.
A small bit of research on ecommerce platforms will provide online business owners with the information needed to choose a platform that will allow for payment and online transactional security.