Understanding ECommerce Site Security


Protecting your eCommerce site, be it B2B or B2C or P2P, is vital to the success of your business. While much focus in past years has been on data security and privacy protections, the overall security of your site determines the confidence users will have in your business.

There are simple things that you can do to ensure that your website security is up to date and providing the best possible protection for your business, your site visitors and your customers.

Control Your Passwords

According to a survey, “59{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} of brands admit to reusing passwords because it is too hard to remember them.”

Furthermore, 54{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} of those surveyed agree that their password habits need to change.

There are simple ways to improve your password security. You’ve heard them all before, but do you follow any of the advice?

  • Never use the same passwords- especially for public-facing logins and administrative accounts.
  • Use a password generator to protect each of your systems, and set up a schedule to periodically update passwords.
  • Use only random combinations of letters and numbers as passwords so that hackers have less chance of ‘discovering’ passwords.

Encrypt Your Entire Store

Encryption for eCommerce was once only applied as SSL encryption for checkout. However, the overall browsing experience has been updated to include encryption and protections for internet users at all times.

On your eCommerce, you can select to enable the browser to protect site traffic. Traffic is automatically issued a security warning on any site/page that attempts to gather their data, such as a newsletter sign up or site registration if the site is not encrypted.

To avoid this warning, you can offer site-wide SSL which your visitors are notified of on entering your site.

Two-factor Authentication

Two-factor authentication has hugely improved security for SaaS platforms, eCommerce and other business verticals.

Two-factor authentication simply means that the user is required to provide more than one form of security information to enter a site, such as a password and a code sent to a phone or email.

This form of security has been used by many Fintech companies for years. Enabling such measures on your eCommerce site proves to customers that you are protecting their interests, which strengthens relationships.

Added Protections

While WooCommerce and other platforms like Magento provide easy-setup eCommerce, the native security is very standard and widely used, making it an easy target for attack.

You can buy plug-ins for your website that provide higher levels of security that fills the gaps on common platforms or CMS-based services.

Secure Customer Access

You can encourage your customers to protect themselves on your website by offering:

  • Two-factor authentication
  • Requiring a number, a capital letter, and a symbol within their password
  • A restricted number of password attempts

Some brands also integrate with trusted social platforms to allow customers faster and more convenient access. This allows you to leverage the security of the known site, adding credibility to your site.

Keep Redundant Backups

A data breach that causes additional damage to your digital infrastructure can be devastating to your business. Some hackers or viruses also wipe or destroy data as they make their way through your system.

Maintaining redundant backups on a daily basis can help in the recovery of subsequent data loss if an attack occurs. Once a breach has been addressed, you can restore from your most recent backup and focus on improving security.

No Credit Card Data

To meet with PCI-compliance standards, eCommerce platforms cannot store credit card data. Payments are processed through an external payment processor to ensure the anonymity of data.

However, some retailers offer offline credit card processing, and consumer data is often stored in unsecured servers. Worse yet is the business that requests credit card information via email.

Storing customer and credit card data exposes you and your customer’s information to a very high risk of theft and fraud.

Your business should be Payment Card Industry Data Security Standard accredited (PCI DSS). Your site accreditation depends on:

  • Maintaining a secure network with IT professionals
  • Protecting cardholder data at every touchpoint, ensuring it’s not stored
  • Maintaining a vulnerability management program
  • Designating superior measures for access control
  • Performing routine network inspections and tests
  • Having and maintaining an information security policy

Use Address and Card Verification

Ask your PSP to enable an address verification system (AVS), and require the card verification value (CVV) for credit card transactions to reduce fraudulent charges. You can also require a partial or complete address and zip code match during checkout. This helps to secure your customers’ data and improve your site security standards.

Set Alerts

Ask your PSP to configure alerts that are triggered when:

  • Orders are placed from foreign IP addresses
  • There are mismatched billing and customer data on the card
  • Multiple orders are placed on the same card
  • Multiple orders from the same person using different cards
  • Conflicting shipping and billing information
  • Mismatch on customer name vs. cardholder name

These alerts halt the automatic payment process and require the customer to verify more information pertaining to the alert. This helps to reduce fraud on your site and helps to protect your actual customers’ transactions from unnecessary scrutiny.

Perform Routine PCI Scans.

PCI scans identify risks and vulnerabilities that could leave your eCommerce open to hacks, malware and viruses.

Your routine checks should include applying suggested updates and patches for your platform if it is an off the shelf product, and checks with your developer to ensure that all your registrations are current and up to date.


Being proactive about security is one of the most necessary aspects of any eCommerce. Your customers want to know that when they choose to shop with you, they are not exposing themselves to unnecessary risks. If your site is attacked and your data is not properly secured, your business will be penalised and possibly litigated against in some cases. It is, therefore, your responsibility as a business owner to ensure that your eCommerce site security is not only up to date but in line with current regulations.


Share this post