How to Create an Unhackable eCommerce Website (Well, Almost)


Marketing Insights for ProfessionalsThe latest thought leadership for Marketing pros

Wednesday, October 9, 2019

What do you need to do to make your ecommerce site unhackable? Here are five key things to make it as secure as possible.

Article 4 Minutes
How to Create an Unhackable eCommerce Website (Well, Almost)

For any retail business, an ecommerce website needs to be a primary part of the strategy, rather than something that's treated as an afterthought. Nearly two billion people around the world will buy online in 2019, and by 2021, digital sales are expected to account for 17.5% of all retail sales.

But while this will undoubtedly be good news for those businesses that have devoted resources to their ecommerce platforms, it will also attract more unwanted attention. Cyber crime targeting ecommerce retailers has seen a huge surge in recent years, with more than 150 million attacks taking place in the first quarter 0f 2018 alone - an 88% rise from the previous year.

It's easy to see why, as the huge number of people now handing over personal and financial details online makes online retailers a tempting and lucrative target for hackers. But if you fall victim to an attack that exposes your customers' details, the costs could be huge.

That's why you need to take steps to ensure your ecommerce website is as secure as possible from these threats, and we've put together a few key tips every marketer should be aware of.

While it's impossible to guarantee 100% protection, as hackers are constantly coming up with innovative new ways to get around even the toughest defenses, by following the tips below, you'll make their job much harder and hopefully convince them to move on to less well-defended targets.

1. Ensure you're using HTTPS

Moving your domain to the secure HTTPS protocol is an essential first step for any ecommerce business, or indeed any company that wants to make security a priority. This ensures any data users enter is encrypted and your site is certified as secure with an independently-issued SSL certificate.

There are more practical reasons for ensuring you use HTTPS as well. Search engines like Google value HTTPS highly and will downgrade results from websites that don't have it, while the most modern browsers will actively alert users if sites aren't equipped with the protocol, and there's nothing more likely to turn away potential customers than a warning that the information they enter isn't secure.

2. Choose the right platform and hosting

You could build an ecommerce portal from scratch, but it's easier, faster and more secure to opt for an existing solution with proven security credentials. The likes of Magento, Shopify and WooCommerce provide tough security protections that offer secure payment gateways and provide frequent security patches.

Similarly, the hosting service you choose will also affect your security. You should be looking for a provider that offers comprehensive backups, so you can recover in the event of a breach, as well as strong uptime guarantees to prevent DDoS attacks. Managed cloud-based services should be able to handle much of the day-to-day maintenance for you.

3. Don't store sensitive customer data

Businesses that have valuable customer data such as credit card details will be especially tempting targets. While such data should be fully encrypted if stored, it's better practice not to keep it at all; if you do suffer a breach, you'll quickly lose customer trust.

The need for storage can be removed by using tokenization. This allows sensitive details to be placed by randomly-generated, unique data strings that can be used throughout the process. As well as ensuring you don't store data, it reduces your exposure to fraud and can cut costs.

4. Be aware of third party add-ons

In 2018, British Airways suffered a data breach that saw the financial details of up to 380,000 customers stolen. Worryingly, this data included credit card CVV numbers, which should not normally be stored at all, indicating that the data was harvested as it was actually being entered into the website.

The cause of the breach was eventually traced to compromised code contained within third-party scripts used on the site. This should highlight how, even if you take steps to secure your own servers, you can still be left vulnerable if third-party systems don't keep the same standards. Therefore, its vital any such tools are monitored and alerts are sent if any changes are detected.

5. Ensure you're PCI DSS compliant

The Payment Card Industry Data Security Standard, or PCI DSS, is a set of rules that help ensure any card processing activities your business makes are secure and not exposed to fraud. It consists of 12 requirements across six broad categories that will guide you through the entire process, from building a secure network to best practices for monitoring and testing.

Compliance with PCI DSS standards will cover all the steps above, and is vital for any good ecommerce business. But as well as ensuring you're following best practices, there are financial and regulatory consequences for not being compliant. If you do fall victim to fraud or a data breach, you'll be liable for any losses and can face fines of up to $100,000 a month from credit card issuers.

Access the latest business knowledge in Marketing

Get Access

Marketing Insights for Professionals

The latest thought leadership for Marketing pros

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals



Join the conversation...