When setting up an eCommerce site for your startup business, protecting cardholder data security must remain the most critical of all the components. It is very clear that selling products and services online in today’s market will increase your revenue, and expand your customer base by staying competitive in the every increasing and evolving business landscape.
However, understanding the importance of having an online presence and an eCommerce solution for your business is just the first step. How do you set up a secure eCommerce solution, and protect not only your business against costly chargebacks and fraudsters, but also your valued customers and cardholders?
Protecting your customer’s cardholder data is the best way to retain your customers and grow your customer base. When online consumers decide to make their purchase, any changes or pop up pages during check out can effectively cancel the sale, and have that customer move onto a different site, which is why it is important to implement the below security measures to continue providing secure processing from your eCommerce website.
Check out page
Providing a secure and simple eCommerce check out page is the first step in creating a successful online experience for your customers. The check out page is where customer’s credit card information is collected and transmitted making it very vulnerable to fraud without the correct systems in place. At an absolute minimum your eCommerce website needs to have your checkout page hosted on a secure server, also known as a hosted payment page. A secure server is evidenced with a URL that starts with HTTPS:// and not the traditional HTTP://. This is a quick alternative to a fully integrated solution. It removes the need for your entire website to be secure, and will only host the payment page on a secure server, either set up by you and your developer, or by your eCommerce provider.
For any integrated solution where the customer’s credit card information will be provided directly on your website, you must have an SSL or certified secure server page. Both the secured server and certified SSL will be offered by your hosting company and can easily be set up.
A certified SSL comes with a certificate that customers can validate the encryption services and security of your website. Securing your checkout page limits the risk of your customer’s credit card information being duplicated by fraudsters and will reduce chargebacks and frustrated customers.
For any check out page within an eCommerce site, it is also greatly important that you have used the proper credit card validation procedures in order to mitigate the use of stolen cards. It is a good idea to validate customer credit card information on as many fields as possible.
You want to keep in mind that creating a smooth check out process in important, starting from the time the customer chooses their product or services, to the point where they need to enter their credit card information. It must be clear and simple. Try to keep the process to a couple pages at most – this will include choosing the items, seeing the total amount including applicable taxes, and choosing how they wish to pay. Here are the minimum suggested validation procedures.
- Billing Address
- Postal Code
- Shipping Address
- Credit Card Number
- Expiration Date
- CVV Code
Using these validation credentials at the very minimum will help fight against chargebacks in the event your business receives one, and will show that your eCommerce site is secure for your card holders.
All of the above information will be relayed to you through a trusted and respected eCommerce provider, and they will provide you the tools to limit your exposure to fraudsters. Ensure that the eCommerce provider that you are looking to work with have the proper fraud prevention tools available.
- If a daily, weekly or monthly number of transactions or total dollar amount is exceeded. Flag transaction for review or auto decline
- If a user tries a credit card X number of times, flag or decline
- If the first XXX digits of a credit card are attempted, flag or decline
- If daily, weekly or monthly number of transactions or total dollar amount attempted from a single IP address or block of IP addresses, flag or decline
Last, make sure your customers know the effort you have made to protect them and their credit card information. By taking the appropriate steps to protect your customers you are laying the foundation for a very successful online presence.