28
Jan
2011
Securing Your Online Shop From Hackers Accessing Your Customers’ Financial Information
If you are running an online shop and processing credit card details yourself, are your processes secure enough, or are you open to hackers exploiting your security flaws? Here are some starting points to be looking at.
Use a secure payment provider
One alternative is to use a payment provider, let’s say PayPal, Google Checkout, WorldPay, Barclays and so on. If you are not handling the credit card details, then you are not storing them and they cannot be accessed on your system.
Don’t store details you don’t need
If you do want to process the details yourself then safety is paramount. One such admission of hacking might destroy your reputation, your website and your business. If you have processed the card, why keep the details online? Consider archiving them off line and then deleting them off the database.
Protect your data
Whilst those details are on your database, might you split up the details? Have two separate databases, with separate passwords, userids and so on. Not just separate tables, different databases. That way a hacker has to get access to both of your databases. Merely in case this happens tie up the two parts of the data with a hidden key. Giving them the same key makes life simple for everyone, but if one part of the data has a key that has to be calculated, only those in the know around the calculation can match the two parts of the data.
Even something as straightforward as giving the order and address a consecutive key and for the stored credit details adding a number to that key and doubling it can be enough to stop a hacker As for instance 1, 2 and 3 for the address and 8, 10 and 12 for the card details.
Secure your admin
But this does not work if the hacker gets onto your admin by discovering your passwords. Don’t store passwords in open text. Use MD5 or similar to encode them before storing them on the database, or only do not store them on the database! Ensure that that your database logon routines are well hidden and protected and might only be ran from your website code.
Your admin should use not merely a password, but a userid as well and be on the lookout for failed logon attempts. At the very least send yourself a warning email if there are lots of failed logon attempts.
Who sees your data?
Lastly, think round who you give access to. Do all of your staff need to have access to the financial details that you are capturing, or just a couple? If several staff need to sign on to update products then give them access that only allows that access, don’t show them the credit card details.
Written by Keith Lunt, who offers a web design Ormskirk service. For more useful tips about good web design call into the blog.
In case you are searching through the web for more info about internet marketing, please visit the site which was mentioned right in this line.
Related posts: