If you think you don’t need to worry about security because your eCommerce site is a small one, you should know that most hackers don’t think about size. It’s true that the most ambitious hackers go after larger sites like eBay, Target or Yahoo!, all of which have experienced customer database breaches in recent years. Other hackers have embarrassed large, powerful organizations like the National Security Agency (NSA) and the Democratic National Committee. But if your website requests, stores or accepts any kind of personal information — passwords, names, emails, credit card numbers — you’re a target. eCommerce fraud prevention is everyone’s business.
Hacking huge, ostensibly well-protected sites takes a lot of time to plan and execute. Smaller sites like your online sporting goods shop are much easier targets. They’re less likely to have preventive strategies in place and are therefore more likely to have weak spots hackers can target for break-ins.
Once they’re in, it’s too late. All your information — including your customers’ most sensitive data — is in their hands to do with as they wish.
No online store left untouched
If your site has ever been hacked, it probably felt personal. You might think “they” went after you because you sell cool sporting goods useful to the masses. Or maybe they hate athletes, the teams you sponsor or are on a quest to outlaw the NFL or boxing. If any of these thoughts are still spinning in your head, you’re thinking way too hard.
Hackers found you through automated tools that crawl the web looking for websites with certain software vulnerabilities. Yours had one of them.
The most basic hacker tools look for things like common login names and passwords, starting with “admin” and “password.” They’re constantly on the lookout for websites that haven’t updated known issues or fixed problems with patches. Or, they identify vulnerabilities before the site owner knows they’re there.
The data you gather on your website when you make a sale — namely, your customers’ payment information — are what they want most. Many will be happy to sell email and physical addresses as well. They can also sell other information you’ve gleaned from customers to better target your marketing efforts, such as their age and sports interests.
Prevention starts with you
Talk to anyone who works for a business with one or more IT personnel and ask them what they find most annoying about that person or persons. We’ll bet a signed Babe Ruth baseball that it’s those pesky reminders to change their passwords.
You know what? Those IT folks have it right, even if they prefer eSports to football and basketball. eCommerce fraud prevention begins with two basic rules everyone, including yourself, should abide by when accessing your site:
- No one’s login in name should be “admin.”
- Password rules must be in place and enforced.
“Admin,” “user” and “guest” are among the most common logins, and “password” or “123456” are among the most common passwords. Do not allow these to be used at your company, and set an example by changing your passwords and login ID right now.
And now, here are four tips for securing your eCommerce website from hackers.
eCommerce fraud prevention in 4 steps
Get real about passwords.
Buy an SSL certificate.
Stay ahead of updates and patches.
Lock down mobile payments.
1. Get real about passwords
- They store your passwords.
- They automatically fill in your login details when you visit a site they’ve recorded.
- They prompt you when it’s time to change a password — even do it for you, using random combinations of letters, numbers and symbols.
If your eCommerce site is built on the WordPress platform, it will prompt you to devise new passwords after a certain number of months. It’s also easy to change a login name from “user” to a more complicated one.
Pro tip: Read PC Magazine’s review of 10 password managers, then pick your favorite.
Want to take your security a step further? Add an additional layer of eCommerce fraud prevention by including two-factor authentication to every login. WordPress offers free plugins that send an additional code via text messaging/SMS when anyone attempts to log in. This additional step shuts out hackers, as they won’t have access to each user’s cell phone.
2. Buy an SSL certificate
If your eCommerce site is still using the old http: protocol, you’re putting your customers’ information — and your business reputation — at risk.
An SSL certificate is essential for eCommerce fraud prevention. The https: protocol adds an extra security layer that prevents intruders from interfering — whether maliciously or by accident — with communications between your website and your customers.
Using encryption technology, an SSL prevents outsiders from stealing payment and other information stored on or entered into your eCommerce platform.
As GoDaddy reported earlier this year, Google’s Chrome browser now warns visitors who land on sites that lack the https: protocol. They get a message that the site is not secure or does not have a valid SSL certificate. Users with high security settings will be blocked from these sites.
Here’s a plus: Google has also said that making the switch to https:// adds another positive ranking factor for websites. So on top of improved security, your search rankings may benefit as well.
If you’re not sure what kind of SSL you need or how to add one, contact your site host. Most have automated tools to do this quickly and thoroughly.
3. Stay ahead of updates and patches
Since you’re running an eCommerce website, chances are you or an employee is on that site nearly every day. WordPress will tell you as soon as you log on when there are software or plugin updates. Install these immediately, as updates often include security patches that close the gaps hackers use to break in.
Vulnerabilities in website software provide hackers with an easy port of entry. Give your website a huge eCommerce fraud prevention boost and pay attention to update notices. Do your updates before anything else.
4. Lock down mobile payments
Most consumers visit websites, especially eCommerce sites, through their mobile devices. More and more of them are sending payment info through those devices. Make sure your mobile capabilities, whether by app or responsive mobile site, are highly secure and thoroughly updated.
Pro tip: Consider accepting ApplePay (if you don’t already), as well as Google Wallet, which stores debit and gift cards. Another option is using Amazon to process payments, as it maintains a highly trusted and secure payment portal many of your customers have already used. See more payment options here.
eCommerce fraud prevention: It’s a habit
We hope you’ve found these tips helpful for securing and preventing hacks to your eCommerce sporting goods store. All eCommerce merchants are targets, regardless of size or industry. And the consequences of a data breach are simply not worth it. Do your business a favor and spend a little time and money now to keep your site safe and secure.
Originally posted at The Garage.