Results 1 to 8 of 8

Thread: eCommerce security: the 7 things you should do first

  1. #1
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    @HaroldMansfield
    Posts
    9,771
    Thanks (Given)
    12
    Thanks (Received)
    2
    Likes (Given)
    1073
    Likes (Received)
    980

    Default eCommerce security: the 7 things you should do first

    #1 is something I (and many others here) say over and over again. Choose a good host. Do your homework. Don't base this decision on price. I see so many people cheap out on hosting for their most important business asset and it always ends up being tragic.


    If you can't afford to spend much money on the thing that is responsible for where the money comes in, then you need to re-evaluate whether or not you can afford to be in business.

    In fact, the very first step you take should be choosing a reputable, reliable host that makes site security one of their top priorities. You shouldn’t put your new store just anywhere — making a poor choice could put both you and your customers at risk.
    https://www.woothemes.com/2016/02/wo...y-first-steps/

  2. Likes MyITGuy liked this post
  3. #2
    Registered User
    Array
    Brian Altenhofel's Avatar

    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    899
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    109
    Likes (Received)
    181

    Default

    Easiest thing to do on a host is request their most recent PCI-DSS compliance audit report for their hosting environment (or their provider's if they are a VAR). Several make theirs publicly accessible. And depending on the nature of the e-commerce, a SOC1 report might also be a good idea.
    || VMdoh - Drupal development, consulting, and support

  4. #3
    Registered User
    Array
    yoligrana's Avatar

    Join Date
    Jun 2016
    Location
    Spain
    Posts
    16
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    9
    Likes (Received)
    0

    Default

    A good hosting is definitely a must. Sooner or later you will have to the transition. It does not have to be the best hosting out there but choose a good one. Also, for sure I will recommend the best website software along with the best tools and advice. That's very important.

  5. #4
    Registered User
    Array
    Join Date
    Oct 2017
    Location
    San antonio
    Posts
    1
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    0
    Likes (Received)
    0

    Default

    Yeah, I agree with your points and also believe that online merchants should do this not only for store security but also for customer's data security. I would add few points which are important as per eCommerce security perspect.

    -> Always prefer to Employ an address and card
    -> verification system.
    -> Set up system, alerts for suspicious activity.
    -> Perform regular PCI scans.
    Last edited by stellapike; 10-27-2017 at 04:53 PM.

  6. #5
    Registered User
    Array
    gimli's Avatar

    Join Date
    Mar 2018
    Location
    South Africa , East London
    Posts
    19
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    1
    Likes (Received)
    0

    Default

    I was looking into starting with a eccomerce website. My view on it ( and this is of somebody who is new so granted there may be many things i am missing.)
    Is that using some sort of payment gateway depending on your cms ( example wordpress and woo commerce ) together with a ssl certificate.
    Two step verification on the website.
    Protection in the form of a anti virus from your computer , browser and email client and also your internet connection itself ( for example if you were using wifi )

    Was pretty much enough to cover you from most attacks. I see other things mentioned in this thread. I think hackers will always be looking for new ways and developers will thus always have to employ new techniques.

    I like that somebody said notifications its very overlooked and yet so simple that when something is happening on your website you get a message on your phone and you can reduce the damage.

  7. #6
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    @HaroldMansfield
    Posts
    9,771
    Thanks (Given)
    12
    Thanks (Received)
    2
    Likes (Given)
    1073
    Likes (Received)
    980

    Default

    Quote Originally Posted by gimli View Post
    I was looking into starting with a eccomerce website. My view on it ( and this is of somebody who is new so granted there may be many things i am missing.)
    Is that using some sort of payment gateway depending on your cms ( example wordpress and woo commerce ) together with a ssl certificate.
    Two step verification on the website.
    Protection in the form of a anti virus from your computer , browser and email client and also your internet connection itself ( for example if you were using wifi )

    Was pretty much enough to cover you from most attacks.
    None of those things protect your website from attacks. They help protect the user from man in the middle attacks.

    Your website has a whole different set of variables that need protection at the server level, starting with a good host. I actually all starts with the build, but if you're not redoing your website there are things that a pro can clean up some of your easy to find weaknesses. If you're really concerned with the security of your website, you either need to know something about protecting it yourself or get with a good host that has great security and support.

  8. #7
    Registered User
    Array
    Join Date
    Apr 2018
    Location
    Philippines
    Posts
    52
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    0
    Likes (Received)
    0

    Default

    Before starting an eCommerce website be assure that you are well experience in optimization process or you hired a professional digital marketer to handle your site.

  9. #8
    Registered User
    Array
    gimli's Avatar

    Join Date
    Mar 2018
    Location
    South Africa , East London
    Posts
    19
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    1
    Likes (Received)
    0

    Default

    Quote Originally Posted by Harold Mansfield View Post
    None of those things protect your website from attacks. They help protect the user from man in the middle attacks.

    Your website has a whole different set of variables that need protection at the server level, starting with a good host. I actually all starts with the build, but if you're not redoing your website there are things that a pro can clean up some of your easy to find weaknesses. If you're really concerned with the security of your website, you either need to know something about protecting it yourself or get with a good host that has great security and support.
    Like I said, i may be wrong, but from what ive heard and read that is how ost sites get compromised from outside variables because that where most people arent guarding as much. Again however i cannot argue with you i build websites and can attest that a good build is a good starting point. From the hosting server point of view, i cant comment, in my country hosts are bad compared to what ive seen offered overseas. I was working with a international company, and did their website theur were with a international host and man i was blown away by " how much more the user gets in their interface compared to our hosting providers. Im not just talking about securoty options, but a place where a developer can go in and make the server his own. It almost feels like our hosting companies are the equivalent of wix to websites in the world hahaha.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •