Sell Online Securely

eCommerce Security

Research shows that privacy and security are two of the biggest concerns for Internet users.

Regardless of whether these fears are valid or not, as a merchant it's your job to make your visitors feel safe on your website.

If you're selling goods or collecting information from your visitors, you'll want to publish your Privacy Policy and Terms & Conditions on your site.

What is a Privacy Policy?

A Privacy Policy is a disclaimer placed on a website informing users about how the website collects and stores a user's personal information.

A typical Privacy Policy contains information regarding the type of data collected and what security measures are in place to secure the data.

For example, if you have a secure certificate installed on your website you may state that all information collected is protected by secure encryption.

What are Terms & Conditions?

Terms and Conditions on your website specify:

  • How visitors can use your website: For example, you may state that the user agrees not to copy any materials on the site.

    If your website is only suitable for adults you may state that users have to be 18 and over to use the site.

  • Purchase Policies: You should clearly state any purchase policies, including warranties, shipping, refunds and returns.

  • Anything else of significance including waiver of warranties, limited liability, indemnification, grounds for termination of service, etc.

Encryption and Secure Certificates

While online you may have come across references to 'SSL Encryption' or '128 bit Encryption'.

SSL stands for Secure Sockets Layer and is a system for securing and transferring private information over the Internet.

While surfing the web, 99% of the time you have no need for SSL protection. However, the moment you need to submit private and sensitive data (such as your credit card details) you want to make sure the data is protected.

SSL works by encrypting your data and transferring it over a secure connection. 128 bit is the industry standard and refers to the level of protection a website offers.

You can tell if you are using a secure connection when you see the little padlock icon in the bottom right hand corner of your browser (Internet Explorer and Firefox users). Netscape users will see a similar padlock or a blue key graphic.


The other thing you'll notice is the address within your browser will change from http:// to https:// to indicate that you are viewing a secure area of a website.

To enable a secure connection on your website you need to purchase and install a 'secure certificate'.

A secure certificate is basically a set of instructions that encrypts sensitive information (like credit card numbers) while they are being processed. This prevents third parties from hijacking sensitive information and using them for fraudulent purposes.

Upon issuing of your secure certificate you will be able to place a secure seal logo on your site.

Important Note: If you are using a third party payment processor like PayPal, you won't need your own secure certificate.

When a visitor to your website makes a purchase, they will be temporarily transferred to PayPal's website (which has its own secure certificate) to process their credit card details.

Once the payment has been processed they will be transferred back to your website.

Preventing Credit Card Fraud

Recently, Internet security issues such as credit card fraud and identity theft have received a lot of media attention.

While it's true that a degree of concern is warranted, it's safe to say that the media has blown the issue way out of proportion.

The current situation can be summed up stating:

a) The perceived threat of Internet fraud by the media and general public is much higher than the statistical reality of it

b) While there are some simple precautions you should take, most of them are basic common sense.

This is not to say that the Internet is bullet proof - it's not - but it's important to put things into perspective.

The reality is:

  1. Billions of dollars are successfully processed online everyday, with only a tiny percentage being exposed to any form of fraud

  2. The majority of fraud analysts believe online transactions are less dangerous than physical retail transactions

  3. Visa International reports that online credit card transactions make up less than 2.5% of all credit card fraud.

Internet Security: Myth VS Reality

Myth: Online merchants are at a greater risk of fraud than retail merchants.

Reality: Research indicates that online merchants are at less risk than retail merchants.

This is because a large percentage of credit card fraud is actually caused by retail sales employees who handle card numbers.

When a sale is processed online, the risk of employee fraud is reduced because the credit card information is encrypted. This removes a major avenue for employees to store credit card information.

In a physical retail environment, staff can simply keep a carbon copy of the manual credit card swipe.

Myth: Consumers should be scared that 'cyber thieves' will steal their identity.

Reality: Statistics from 2004 reveal that over 72% of personal information thefts were done offline.

On top of that, 'cyber thieves' were found to only be a small part of the problem. 50% of all identity theft was found to be committed by friends, family members and neighbours.

5 Tips to Minimize the Risk of Fraud

Obviously it's in your own interest that the transactions you process are true and accurate.

Here are some basic precautions you can take to minimize the risk to your business:

  1. Check for suspicious purchasing behaviour. If in doubt, call the customer to verify the order by asking for more information (e.g. fax of driver's license).

  2. Ask for complete information on your order form including full address and phone number.

  3. Only ship to physical addresses and not PO boxes.

  4. Avoid dealing with countries that have a high fraud rate (e.g. Nigeria, Russia, Romania, Indonesia, Malaysia, Pakistan, etc).

  5. Be cautious of suspicious orders originating from free web-based email addresses (e.g. hotmail, yahoo, etc). These throwaway email addresses are often used by fraudsters to prevent notifying the real customer of their actions.

Final Thoughts on Credit Card Fraud

The media has had a field day by scaring people into believing they're about to become the victim of 'cyber-crime'. While it's not exactly a fair and balanced view... unfortunately fear and controversy is what sells papers.

From a consumer perspective, credit cards remain the fastest and most convenient way to purchase goods and services online.

In the case of fraudulent transactions, consumers are protected by the terms and agreements set out by their credit card provider.

Most credit card policies indicate that cardholders are only responsible for a small amount (i.e. $50). Anything above this amount is covered by the card company.

At the end of the day, the best defence for merchants and consumers is exercising caution and applying basic common sense.

 

Click here to get a free quote