Key Points for Successful E-Commerce Sites - Security
To continue on my theme of a good E-Commerce practices, the next topic is security. I will never admit to be a full blown security expert, but I feel comfortable enough to point out some key items to have in place for an E-Commerce site. These include storing sensitive information in an encrypted fashion, managing access to the sensitive information and physical security. From a marketing perspective making the experience a comfortable one for the visitor can also be very important.
Encrypting sensitive data, like credit card or social security numbers, is mandatory. This needs to be done in transmission and storage. While I often do not recommend clients store their customer's credit card information in the site's database some want or need to do so. When this is done all information should be stored in an encrypted format with one of the common encryption algorithms.
I am not going to get into the details of how these work, but there are two common methodologies that are used. The first actually stores the value in an encrypted state in the database and is decrypted anytime it is used in the site. The second does not store the actual data, but the Hash of the data. This hash is then used each time the client submits the data to the site for comparison purposes only. This protects the store from potential liability if the data is compromised.
Transmission of sensitive data is highly important. This is commonly done through the use of Secure Socket Layer (SSL) certificates. When you visit a web site be sure to notice if it is using plain http or secured https protocol. If you are being asked for sensitive information and you do not see https in the URL, then do not enter the data because it will be sent across the Internet in plain text and will surely be compromised. SSL Certificates can be purchased for as little as $100 per year per domain, which just happens to be my rate to my clients, and typically come in 40 and 128 bit formats. 128 bit offers a more secure encryption but are much more expensive.
Finally make sure your customers know the shopping experience is a safe on by indicating your secure nature. Often the issuers of SSL certificates will offer a branded shield that can be used on the site to indicate security. Other options are to pay third party providers to verify your security. Truste is a popular provider of these programs.
Finally, customers will never see physical security to your data, unless you are compromised because it is lacking. A quality web presence is not under the owner's desk in their office or worse yet their garage. You should take the time and money to invest in a full blown hosting solution that includes several layers of physical security. This often includes biometric scanners, man traps, cages, high end security system and monitoring. This all sounds very expensive but can be had for a very reasonable price at many qualified data centers. I personally use Hosted Solutions here in Raleigh for my servers.
Security is not something that is directly tangible to shoppers, but in order for them to feel comfortable ordering with you they want to have a reasonable assurance that their payment information will be safe with you.