Matter Solutions Logo (Simple Version)
February 24, 2017

How to protect your Ecommerce website

Published: 24 February 2017 

It seems like hacking and security breaches are becoming more and more commonplace. It feels like there is always a news story about a hack or a data leak.

For businesses, this can often be concerning. A large attack could be greatly damaging to your business. How do you avoid becoming a victim of a hacker and having your customer data stolen?

Follow our handy tips to help protect your ecommerce website:

Choose a secure ecommerce platform

The first thing to do is ensure you have a secure ecommerce platform. Secure platforms will often have security monitoring, fraud prevention, identity management, secondary authentication and integration of payment types.

Don’t store data you won’t use

It’s important to consider whether the data you’re collecting will even be used. Ecommerce websites are often full of call to actions, and therefore it is easy to collect troves of customer data. Consider what information you actually need from the customer, and what the consequences would be if this information was lost. If the risk is too big, then it’s probably not worth collecting in the first place.

Don’t store sensitive data

How can you prevent a hacker from getting your customer data? The easy way is to not store this sensitive data. Consider how many records you are storing, and for how long the data is being stored. This is especially important if your website is storing data with customers credit card numbers and expiration dates. If this information is lost, your business risks not only damage to its reputation but could also face legal penalties.

To avoid this, consider offline storage or payment facilitators. Set a timeframe for how long data will be stored for. This will help businesses to avoid ending up with thousands of records.

Whether or not to process your own transactions

There are many advantages to using external payment systems, such as PayPal, Stripe or Braintree. The number one advantage is your business won’t be collecting any sensitive customer data. This takes any burden off your business if there is a security breach, as customer data will be stored elsewhere.

However, there are downsides to using external payment facilitators. There’s often high transaction costs - PayPal charges at least 4.5% of the value of the transaction. You can save money by performing transaction in-house instead. PayPal may also freeze your account if it registers any strange activity, and it can often be a pain to unfreeze accounts.


SSL, or Secure Socket Layer, encrypts data which is exchanged between a web server and server. Ecommerce websites should use SSL certificates on their checkout pages, sign-up pages and customer login pages. This will help prevent attackers stealing a customer's details.

An SSL certificate will not only make your site more secure, but increase the customer’s trust in your website. Most people are aware that websites that have “https” are of a higher security standard. This means customers will more likely complete their transaction on your website.

Staff access

A report by Infosec Buddy found 62% of organisational data leaks originated from insiders. The amount of data leaks caused by insiders continues to rise.

It’s important for businesses to know who has access to what. Know who can access and edit data and who has administrative control. Make sure you always review this and don’t leave former, often disgruntled, members of staff with access.

Strong passwords

If you don’t want your customers data to be stolen, it’s important to demand a strong password when they create an account. This is generally done by asking customers to choose passwords that include letters, numbers and symbols, and be of a certain length. This will make your customers accounts much safer and harder to hack.

Stay up to date

Your website will be more vulnerable to attacks if your website’s applications and software are not up to date. The latest version will often have important security updates that will repair bugs with older versions. To ensure your website isn’t left vulnerable to hackers, it’s important to always keep an eye out for when the latest updates are released.

Aside: Our WordPress Security Update service takes care of this proactively for our clients.

Fake apps

In 2016, Apple removed hundreds of fake shopping apps from its App Store. These apps masqueraded as well known, legitimate brands. Worst case scenario is the app will have customers credit card details, and the customer will never receive items they have paid for.

For customers, the best way to avoid downloading and using a fake app is to review the app. Does it have many reviews? Has it been updated often? Does the app description sound professional? If something doesn’t feel quite right about the app, it’s best not to download it. Instead, visit the stores website, which should have a link directly to the correct app.

For businesses, the best solution is to provide two-factor authentication. This adds an extra step to your login procedure, making it much more secure.

Putting these steps in place on your ecommerce website will make it far more secure, less vulnerable to hacking and more trusted by users.


Ben Maden

Read more posts by Ben

Leave a Reply

Your email address will not be published. Required fields are marked *