In 2016, global retail e-commerce sales reached an estimated $22.049 trillion, an increase of 6 percent from 2015. By 2020, sales are expected to top $27 trillion. Unfortunately, this increased spending has made e-commerce transactions an attractive target for cyberthieves. Cybercrime losses are on track to increase from $3 trillion in 2015 to $6 trillion a year by 2021, Cybersecurity Ventures projects. In this high-risk environment, protecting your customer transactions is a top priority. Here are some of the best systems and strategies for maintaining the security of your online transactions.
Follow PCI Security Standards
The credit card industry has created an industry standard to help merchants protect customer data during transactions, known as the Payment Card Industry Data Security Standard (PCI DSS). Following these standards in cooperation with your payment processing provider and your IT team is the best way to protect your customers’ online transactions.
Secure Your Network
The PCI DSS standards break down into six areas. Three of these involve securing your company’s network, which is one of the keys to protecting your transactions. Set up a firewall configuration to protect your transactions. Make sure you change passwords from user-supplied defaults, which are easy to hack, for all network access points, including routers. Keep your antivirus software updated to incorporate the latest security patches. Keep applications updated to the latest versions. Track and monitor your system to detect suspicious activity. Test your network regularly.
Employees connecting to your network can also introduce vulnerabilities. Make sure your employees use your network safely. Require users connecting to your system to use strong passwords and multi-factor authentication. Strong passwords should be at least 12 to 16 characters long and should incorporate a mix of uppercase and lowercase letters, numbers and symbols. A password manager program that randomly generates secure passwords can help ensure that your workers’ passwords are secure and hard to guess.
Require employees to use secure, company-approved apps. Train workers in how to avoid common phishing scams. If you allow employees to bring their own devices, include your security policy as part of your BYOD policy. Train new employees so that they are aware of your security policies and know how to apply them.
You might also consider signing your employees up for LifeLock so that they receive an alert in the event their financial data has been compromised. This will reduce the odds of a breach of your employee’s device or profile spreading through your network.
Secure Your Data
The PCI DSS standards also recommend steps to secure the data of your customer transactions. Use encryption to protect sensitive personal and financial data being sent and received during transactions. Have information processed by a reliable third-party vendor such as PayPal rather than processing it on your own site.
Don’t store customer data you don’t need to maintain. Protect data you do need to store by keeping it in a secure vault protected by password and encryption barriers. Restrict access to data to employees who need to access it, such as managers. Require a unique ID for each person accessing data so that you can verify their identity as well as identify suspects in the event of a breach. Protect physical access to data by securing computers and backup drives under lock and key.
Finally, you should codify your security policies and procedures in your employee handbook. This will help you keep your policies up-to-date as well as helping you train new workers. It will also demonstrate that you did your due diligence, helping protect you in the event of a breach lawsuit.