Accessing Website Security

When looking to accept payments online, you have to think about how secure your transactions are. With rampant incidences of identity theft and online fraud, customers are wary giving out their personal data and credit card information online. How can you make customers feel confident to shop at your website or pay to use your application?

If you want to start or expand your business operations online, there are a number of things you need to consider. At this time, we are assuming you have already identified your market, researched the viability of your product and want to start selling it online. Here are some payment security basics you should address before you launch your site:

1. Privacy Policy

You need to have a privacy policy that will make customers comfortable shopping at your site. Customers want to know that their information will be kept secure and confidential and will not be used for malicious purposes. They need to know what you plan to do with the data you collect. If customers don’t trust you, good luck with making sales. AllBusiness has a good guide on what your privacy policy should contain.

Here is an infographic on customer concerns with online payments:



2. Secure Transactions

Ensure that your online transactions will be secure. But first, you need to make sure that all your devices are secure, so if you’re using Mac products, for example, make sure to follow a Mac security guide that will help you secure all data and create a safe connection to your online operation. Once you have secured your devices and infrastructure, you can move on to security certificates.

Use SSL (Secure Socket Layer) encryption to ensure your customers’ personal and credit card data is not compromised or exposed to third parties during transactions.

SSL is an encryption technology that creates a connection between your website server and your user’s web server, and encrypts the information being transferred between the servers. This ensures there is no message forgery, data tampering or eavesdropping from third party users or applications.

To enable SSL on your website, you need an SSL Certificate. Your web hosting company is likely to be offering SSL Certificates. You can also purchase the certificates from other hosting companies. When installed, you can be sure your customers’ data will be secured.

When your site is secured by SSL, you will be able to access it from the standard “http://” to https://. When browsing a secured website, the URL will always start with “https:// “. You can see a “padlock” icon on your browser and sometimes the address bar will be green.

3. Accepting Payments

Having secured your website, you need a way to accept payments from your customers. You can use an in-house billing system or integrate your site with a third party payment processor.

Setting up your own checkout system can be expensive and not worth it in the long run. You will have to invest in infrastructure, support, security and manpower to get your system running. This can cost you from $10,000 to over $250,000 in development. For cloud startups and small and medium sized business, building your own billing system may not be a good option.

To process payments on your own, your company must comply with PCI Data Security Standard (PCI DSS). You can use the PCI DSS Self-Assessment Questionnaire (SAQ) to self-evaluate your company for PCI compliance. You may need to share these details with your acquiring bank.

Another option is to use a hosted billing system to process your payments. Customers can check out at the payment processor’s page. By using a third party payment processor, you will not handle your customers’ credit card data as they do everything for you. Your only work is to get a merchant account and a payment gateway.

What other payment security issues can you think of? Please share it using the comments box below.