+44 2070601499
Essential safety and security measures of an Ecommerce website

Essential safety and security measures of an Ecommerce website

In today's Ecommerce blog post we review 10 most essential safety and security precautions for any

Ecommerce website

:

1. No card data - as a rule of thumb, and for many years now, it is highly not recommended to store customer card data in the website database. Doing so would require going through a lengthy and relatively expensive PCI DSS certification, and is also not necessary since many payment solutions allow storing tokens associated with transactions and using those tokens to charge extra or refund when needed.

2. HTTPS - naturally, all Ecommerce websites should use HTTPS links only!

3. Strong password policy - customer accounts should be protected by strong passwords to avoid a possibility of hacking into the accounts. Passwords should be of certain length (8 characters or more), contain small and capital letters, at least one number, and at least one special character. It is a really nice feature when the website can advise on whether passwords entered during the registration are of satisfactory strength. Ecommerce websites requiring extra layer of security could employ a 2 factor authentication where a special time-limited code is sent to the user's registered phone number or email address.

4. Account locking - it is recommended to have the Ecommerce system lock user's account after a number of attempts of logging in with incorrect password. The user shall then be advised to contact customer support to have their account unlocked.

5. Secure password forgotten feature - instead of sending original password to the user or generating new password and sending it to the user via email, the software shall send the user an email with a secure link to come to the website and create new secure password there.

6. No username enumeration - when informing the user of incorrect password entered, the website should not suggest the user name entered was correct. Instead the message should be ambiguous suggesting either username or password are incorrect.

7. No common-name back end - a typical mistake is to leave back end of the website unprotected by extra layer of security (like access from certain IPs only, or additional username and password) and also leave a standard path to the back end instead of changing it to something unique.

8. Regular updates - Ecommerce software version should be always up to date to ensure all the latest features, fixes, and updates are implemented. So should be the back end / server software.

9. Regular checks by independent 3rd parties - it is highly recommended to have regular checks of the website and webserver by independent specialist security agency, as new threats appear regularly and business owners need to be notified about potential vulnerabilities of their Ecommerce solution.

10. Human factor - and yet, one of the most important security factors is human factor. Setting correct permissions, updating passwords regularly, removing accounts of users who have left the company is paramount to ensure Ecommerce online store stays safe and secure.
Recent posts

5 Reasons why Sage Brown London, a Princes Arcade retailer, switches to TrueLoaded

June 08, 2020
Learn 5 main reasons why Sage Brown, a Princess Arcade (Piccadilly, London) luxurious fine leather goods retailer, has chosen TrueLoaded over Magento to run their e-commerce website ...

Trading Online Voucher Scheme - Ireland

April 09, 2020
Supporting Irish small and medium businesses - offering the best and most affordable turnkey e-Commerce solutions DO NOT GET LEFT BEHIND ! Start Trading Online or Improve Existing e-commerce business! Trading Online Voucher Scheme -  receive € 2,500 funding from the Government, invest as little as €277 and get a fully functional e-commerce website .   ...

10 tips on how to launch new e-commerce website in less than 1 week

April 03, 2020
While  some  businesses  are  dealing  with  new  challenges under the circumstances,  others  may experience uplift in sales and growth, and need  to  quickly  launch new e-commerce website to satisfy the demand for their products and services. Holbi has compiled a list of 10 tips and ideas on how to launch new e-commerce website in under 1 week. ...

Accounting and ERP automated integration for e-commerce

April 02, 2020
As businesses face difficulties dealing with COVID-19, automation and integration become even more important than ever! Use Holbi's DataLink for Accounting and ERP ( Sage, QuickBooks, MYOB, XERO , etc) and e-commerce (TrueLoaded, Magento, X-Cart, ZenCart, OpenCart, etc), to automatically synchronise your SAGE or similar bookkeeping program with your e-commerce website ...

Think. Plan. Change!

March 27, 2020
Think. Plan. Change. As  we  are  facing  uncertainty, and potential temporary closures of offices and warehouses, it is even more important to concentrate on making your e-commerce business more efficient and profitable. These uneasy times allow us to make a step back, review the business, identify potential issues and areas for improvement, and act accordingly. What would be an e-commerce business development strategy advise from Holbi, your UK-based e-commerce specialist with  global market experience?   ...

Holbi Covid-19 response

March 15, 2020
Holbi Group is responding to Covid-19 situation , is taking it very seriously, and is and will remain fully operational! ...

Effects of Coronavirus on e-commerce and retail

March 09, 2020
As coronavirus spreads across the UK and the world, it affects various aspects of our lives, including our shopping habbits and preferences. Here we review the effects of coronavirus on retail and e-commerce.    ...

Essential safety and security measures of an Ecommerce website

February 26, 2020
In today's Ecommerce blog post we review 10 most essential safety and security precautions for any Ecommerce website: 1. No card data - as a rule of thumb, and for many years now, it is highly not recommended to store customer card data in the website database. Doing so would require going through a lengthy and relatively expensive PCI DSS certification, and is also not necessary since many payment solutions allow storing tokens associated with transactions and using those tokens to charge extra or refund when needed. ...

Ecommerce platform: Stock management

February 20, 2020
One of the worst nightmares of any Ecommerce retailer is overselling. This happens when customers are able to place orders for items which are not in stock anymore. So Ecommerce platform should look after stock and ensure stock quantities are correct at all times and information about product stock is clearly communicated to the customers. ...
Products