Don't Overlook eCommerce Web Security This Holiday Season
What security threats to watch for as the year wraps up for eCommerce sites.
Join the DZone community and get the full member experience.Join For Free
Breaking News - Massive data breach! Exclusive - Looming cyber-threat detected.
The headlines have become routine. Web security (or cyber security) is part of the everyday fabric of our increasingly digital lives. There is an inherent risk in everything we do online, especially when it comes to commercial transactions. For retailers seeking big online gains this season, security concerns have the potential to be the proverbial turd in the holiday punch bowl.
Recent data shows that one-third of online shoppers hesitate to buy due to concerns about credit card data security. Additionally, 60% of consumers report security concerns when shopping online. Retailers can either fret about these facts, or instead, find the silver lining. eCommerce revenue will continue its steady rise; the onus is on retailers to provide a secure shopping experience and settle jittery consumer fears that kill conversions.
Web Security For the Holidays
The holidays are peak season for hackers to target retail. Increased traffic levels help disguise hackers from detection and retailers are preoccupied with preparing Black Friday sales or putting final touches on holiday email campaigns. To help make sure you deliver a safe and secure online shopping experience this holiday season, it is imperative to prioritize security measures.
Five Web Security 'Must-Haves' for Retailers
- PCI DSS Compliance: PCI DSS (Payment Card Industry Data Security Standards) are requirements for companies that process, store or transmit credit card information to do so safely and securely. Make sure you are PCI compliant, and add a visible badge to your eCommerce application. This will signal to consumers that payment information is properly encripted and safeguarded.
- HTTPS / Secure Browsing: Ever noticed a small, green "Secure" tab in a browser's URL bar? That is a digital certificate, provided by a 3rd-party Certificate Authority to certify that the site encrypts HTTP traffic, keeping the contents of requests and responses secure for visitors. Digital certificates are another easy signal to ever-wary shoppers that they are on secure site that can be trusted. (Learn more about digital certificates)
- DDoS Mitigation: A Distributed Denial of Service (DDos) attack presents a real threat for retail sites. DDoS events are designed to flood a website with traffic and repeat requests. DDos events can happen anytime and are sometimes preceded by an extortion message demanding payment. Unless requests are diverted or blocked, DDoS will slow down or completely crash a web application, making it impossible for real users to access it. Even one hour of downtime will cost a retailer significantly in lost revenue. Retailers need to be prepared at all times and invest in a monitoring and DDoS mitigation solution.
- Web Application Firewall: A web application firewall is a type of security technology that filters and reads traffic. A WAF can block or divert requests based on rule configuration. This is a key tool for DDoS mitigation in that bad traffic can be blocked or rerouted. Web application firewalls differ from traditional firewalls in that a cloud-based WAF covers the flow of requests and responses to third-party sites that are integrated into a web application, such as a social media widget. Integrations are often utilized by hackers as a weak point of entry to breach the security of an application.
- Education: Some of the largest security breaches have originated from relatively crude methods, like email phishing. The marketing team at ADT takes this to an extreme by sending fake phishing emails to employees, and if they catch a click, the guilty party has to study up with a course on web security. Developing company-wide security policies is an essential step to safeguarding against attacks.
originally written by Brendan MacArthur
Published at DZone with permission of Alex Pinto, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.