Ecommerce Security Issues
Practical advice from our ADVANCED GUIDE TO ECOMMERCE: the resources
page (not shown) has 171 specific listings for security programs,
services and advice. Please note that other links
on this page won't work: it's just a demo page.
Protecting Yourself
Our security theory and resources
pages deal with theoretical matters, but here we provide some practical
suggestions for keeping data safe, and not infringing the rules
or law relating to tax, search engines and other traders.
This page can only be an overview, a checklist of measures that
unfortunately need to be implemented. Large companies can leave
security matters to their IT division, but the entrepreneur and
smaller trader should at least adopt those shown as * below. The
complementary resources page lists
sites providing advice, news and software: a few hours spent here
will ensure safer operations and more peace of mind.
You can scare yourself witless by reading the horror stories,
but all that's needed by the average trader is a little forethought,
some inexpensive software, mandatory routines and a plan to meet
eventualities. Suppose a spyware program steals your passwords,
or customer are bombarded with third-party credit card details?
The office burns down, or you hosting company suddenly goes out
of business? However rarely, all these things do happen. Draw
up a continguency plan, circulate
it, make sure it really works and that staff know what to do.
Office Security
The following are obvious but can be overlooked:
- use hard-to-guess passwords, restrict access to them, and
don't leave them in desk drawers or on PCs.
- ensure backups are made regularly, in sequence, and are intelligently
labeled.
- check backups regularly, i.e. ensure that restores from backups
are sound.*
- keep paper copies, and in a safe place.
- store copies of all essential information, preferable encrypted
and off-site in:
- zips disks, CDs, removable hard-disks, etc.
- online storage facilities.*
Protection from Viruses
Do the following:
- consider using alternative browser(s).
- get the appropriate virus protection
software, and keep it up to date.*
- install a decent firewall.*
- set passwords properly on networks ( IT manager's job).
Protection from Spyware
Many computers are infected by spyware of some sort. Most are
'harmless', but an increasing number pass into viruses that will
steal and transmit confidential information, even memorizing the
keystrokes of passwords. You need to:
- avoid keeping confidential information on any machine connected
to the Internet.*
- run spyware removal software.*
- encrypt confidential information.*
- consider purchasing a special guide to spyware.
- visit security sites for information on the latest threats
Protection from Hackers
Hackers break into computer systems, sometimes to prove themselves,
sometimes with malicious intent. You need to:
- install a firewall.*
- ensure sensitive information is encrypted.*
- maintain proper security (restrict access with passwords)
in the office.
Protection from Fraud
You don't have to accept every order, or not immediately. Escrow
services are widely available. Trade associations
and other institutions provide useful
information and support. Payment service
providers have levels of security. Your own order
page can ask for further details, and its country drop-down
list be amended to exclude the worst offenders.*
Affiliate businesses need to be
especially careful, and in these ways:
- prevent competitors stealing their affiliate links by using
inexpensive software for the purpose.*
- prevent bogus clicks-throughs by competitors who do not purchase:
aim to bankrupt you with the pay-per-click search engines.
- impression fraud by competitors aiming to lower your click-through
rates and so disqualify your ads with Google.
The last two scams are often outsourced to low-wage
outlets and/or employ special software. You'll need to track your
clicks with special click auditing software
(sometimes included in bid management software),
or ensure that the company that runs
your pay-per-click campaigns does so.
Webservers
Webserver security is highly technical, as you'll appreciate
by reading the articles listed on the resources
page. Obvious things to check or ask about:
- the financial standing of the
hosting company, and how long they have been in business.*
- guaranteed uptime*
- security protocols to cope with denial-of-service and hacker
attacks.*
- regularity of backups: does it include user logs, product
databases, order tracking logs, server-side scripts, etc.?*
- whois database (www.whois.net) to ensure that you and not
the hosting company remain the administrative and technical
contact for your domain and — most critically — the
registrant of the domain.*
- backup: ring them at 3 a.m. Sunday morning if they claim 24/7
telephone support.*
- complaints procedure: you don't want your site dumped because
of an unwarranted complaint from a competitor.*
- other sites being hosted with them (ask for webmasters to
contact). Also check: association with spam or porn sites won't
help your business.*
- the business address of the server (whois). Find the path
to the server with a tracing program:
with a reseller you'll find some other ISP's server.*
- visit forums to see what webmasters
really think about hosting companies.*
- scrutinize the contract (and employ a business lawyer to
check copyright, complaints, fees and service renewal / discontinuation
matters).*
And:
- host alternative company domains with another company:
you can then switch painlessly if the first goes out of business
or suffers a prolonged denial of service.*
- check your webmaster is implementing
proper routines, including the updating of passwords regularly.*
Webpage Content
You are responsible for the content of your webpages, which means
ensuring:
- nothing is libelous or could be construed so.*
- material does not infringe copyright.*
- links don't damage the interests of sites linked to (deep-linking
may).*
- pages don't fall foul of search engine and directory requirements.*
America is a litigious society. Play safe, and even consider
cloaking techniques to prevent information
being extracted from pages and made the basis of frivolous lawsuits.
(But only use cloaking if you know what you're doing: search
engines will drop a site if they suspect the device is being used
improperly.)
Customer Data
You are always responsible for customer information: an
onerous task if it includes credit card and/or bank details. Use
secure webforms that automatically transfer and store customer
information safely on a third-party secure
site.* Encrypt it.* Keep it
off Internet-connected machines.* Make several copies and store
safely off-site.* Seventy percent of companies that lose their
customer data go out of business within the year.
Legal Matters
Your company is bound by the laws and
regulations of the state or country in which you are incorporated.
Check that you understand the basics, and have experts to consult
if and when needed. Be especially careful of material that could
offend the authorities or religious groups abroad, be considered
inflammatory, or supportive of outlawed or terrorist groups —
i.e. keep your social and political aspirations for another site
and another name.
Tax
You'll have to pay tax somewhere
on earnings, and matters have become further complicated by the
global nature of ecommerce. VAT is a nightmare, particularly in
Europe. Your accountant will advise,
but always keep proper records,* and visit the sites we list
for local information.*
Next Steps
The ADVANCED GUIDE TO ECOMMERCE, now in its eleventh edition, is
the acknowledged handbook for the astute e-marketer — concise,
plainly-written and packed with information unavailable elsewhere:
An overview . . .
- The Internet's most detailed guide to ecommerce: 185,000 words
/ 550 pages in pdf format.
- 160 reference sheets summarizing a particular aspect, with
advice and resources as appropriate.
- Over 3,300 resource listings grouped under 260 headings: each
hand-picked on its merits.
- Fourteen comparison tables in key product areas.
- A proven approach to planning ecommerce.
- Practical advice on improving sales and conversion ratios.
- An extended guide to pay-per-click and sponsored listings.
- Use of business blogs, advised and ill-advised.
- Practical security aspects: keeping yourself safe.
- Testing sites and ideas at negligible cost.
- Over 100 case studies, both general and dotcom failures.
- Notes on ecommerce strategies and use of the resource listings.
- Tutorials on AdSense, ePublishing, eBay and RSS feeds.
- Ten up-to-date surveys of ecommerce prospects worldwide.
- Insider information based on Internet research and our own
studies.
- Strategies to test customer behaviour and improve sales.
- Comes as an interlinked webpage ebook (2 Mb) and as a pdf
document (9 Mb). The one-time subscription covers both.
Click here for
a full contents listing of the current edition.
Our
$37.50 e-book comes with a 30-day, no-questions-asked guarantee.
If not fully satisfied, then simply email us for a prompt and
full refund. Material is continually being checked and extended,
and purchase includes free updates.
The e-book comes as interlinked webpage compilation for ready
reference (2Mb) and as a PDF document (9 Mb, 550 pages) for extended
reading. The PDF document can be read on all platforms, but the
interlinked webpage compilation can only be read on Windows platforms
( Windows 98x, Me, 2000 and XP machines).
Our July 2008 update will include an extensive tutorial on using
the pay per click search engines.
Payment is simple. You can pay by secure credit card etc. through
eMETRIX.
Immediate download follows payment, and you will also receive
an email confirmation from sales@emetrix.com.
Or click on the button below to send $37.50 through PayPal's
secure order page.
