Keeping your customers safe

Published by BMT Micro on July 10, 2014July 10, 2014

Fraud seems to be everywhere these days. With any eCommerce business, making sure your customers are protected against fraud is key. If not, it could end up costing both your business and your customers a high price. Customers will have to deal with the stealing of confidential information and you will have to deal with the loss of customers. So, how are you making sure your customers are safe? We will discuss some of the top ways to protect your site and customers in this post.

Properly securing your site and ensuring customer safety can be very costly. The first decision to make is to choose a secure eCommerce platform. You want to make sure any page requesting customer information is secure. Most importantly, you want to have a secure connection for your customer checkout page. The checkout page needs to be PCI (Payment Card Industry) compliant. You also need to use strong SSL (Secure Socket Layer) for authentication for your shopping cart. SSL certificates are important to have and display on your site so that your customers know your site is safe and that their secure information is protected. BMT Micro utilizes the highest encryption method available, Extended Validation SSL. EV SSL certificates provide 256 bit encryption and enable the most visible security indicator: the green address bar in high-security browsers, assuring users that the shopping cart is secure and our identity has been authenticated to the industry’s highest standard. When customers see the green address bar, they gain the confidence to complete their transaction.

If you are a merchant that accepts credit cards, you need to make sure that you are compliant with PCI standards, which can change regularly. PCI scans are a way to ensure that you are compliant. PCI scanning is when an authorized scanning vendor scans your website to look for any vulnerabilities. BMT Micro has PCI scanning done quarterly to ensure that there are no vulnerabilities. These scans are very important because if there is a break in any part of your transaction process and someone gets a hold of your customers’ information, you will be held responsible. It is a good idea to perform quarterly PCI scans yourself or make sure your payment processor is doing them in order to lessen the risk of hacking to your site.

If you have an overwhelming amount of information stored, you are a target. There is no reason to store a lot of information about your customers or their credit card information. PCI standards have rules around how much information you can keep. It is a good habit to habitually purge old records from your database. You would like to keep enough though in case of charge-backs or refunds. It is a risk to keep too much confidential information in your database because that is exactly what hackers are looking to steal.

Another way to reduce fraud is to use a card verification system, which will help to ensure that the person using the card is in fact the owner of the card and that the card is not fraudulent. Using a AVS (address verification system) and requiring the CVV (card verification value) for credit cards will reduce fraudulent charges. Making sure that the address and the CVV match the customer’s credit card will help to lower fraud.

Firewalls are a great way to protect your site as well. Firewalls are a necessary aspect to stopping hackers before they can breach your network. This will stop them from getting a hold of critical information and firewalls can also protect you from certain viruses. It will alert you when there is suspicious activity. To avoid more skilled attacks, having extra layers of security will help. Examples of extra layers include a login page and contact forms on your site. Another simple way to reduce your fraud is to monitor your site regularly. This can be done by using one of the many analytics tools available on the Internet. This will help you spot suspicious activity quickly. The analytics will offer you real time data. You can also have alerts set up with the parameters you want in order to detect suspicious activity. Alerts can be set for multiple transactions coming from the same IP address or by the same person with different credit cards. For example, a person can use multiple credit cards, multiple addresses, but keep the same name. You would want to flag that as suspicious activity to avoid fraudulent charges.

If you maintain a customer database you should require your customer to have strong passwords. You can help your customers by requiring a minimum number of characters, requiring them to use one special character, or make them change their password frequently. While the customer is responsible for their password, setting requirements will ensure that they choose a password that is difficult to hack.

It is essential for eCommerce companies to protect their site, and more importantly, their customers sensitive information. Payment processors, such as BMT Micro, can save you the time and expense necessary to keep fraud to a minimum and your customers information safe. BMT has a very robust security system to minimize fraud. We maintain PCI compliance, and are scanned quarterly for both PCI compliance and network security. Feel free to continue checking in with our blog to learn more!