A Closer Look at E-Commerce Security
Reports of holes in companies' E-commerce systems could convince even the most rational person that thieves are all over the internet trying to scam consumers and gain access to their credit cards, personal data, and other sensitive information. Based on the news of late, the E-commerce horrors continue. As soon as one vulnerability is fixed on a one-time basis, hackers fine another way in. This is a problem that needs constant monitoring.
What security specialists recommend for e-Commerce
According to Tripwire these are five essentials e-Commerce companies need from their security providers:
SSL certificates will ensure PCI compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that the credit and debit card industry has set for merchants who process card payments. Being in line with PCI standards means that you must guarantee protection for cardholder data and implement strong access control measures, and a few other less stringent security procedures.
The credit card industry takes PCI compliance very seriously. Both VISA and MasterCard will perform routine checks of those accepting their cards. If they find a business that is not in compliance the fees are substantial.
Do not store any consumer credit card information
Some e-Commerce companies like to keep customer names and purchasing options to build a preferred customer list. However, under PCI compliance it is strictly forbidden to capture and hold any credit card numbers, expiration dates and SVV codes.
Have multiple layers of security
Layering security is a key deterrent to cybercrime, according to internet security expert Allen Grayson, an engineer at Symantec.
Layering security in this fashion is the best way to protect from application-level attacks such as cross-site scripting and SQL injections.
Ensure DDoS protection by using secure cloud-based services
Distributed Denial of Service attacks have grown in frequency and are increasingly sophisticated. Leading to a rise in companies signing up for cloud-based services that "scrub" any unwanted traffic. Managed DNS services that are offered by higher end companies, will provide transaction capacity and make it more difficult for DDoS attacks to be successful.
Stay up to date with security patches on your security system
You shouldn't wait even a day to install a security patch after its release. Keeping up with with CMS security updates as well as third-party tools code like Java, Python, and Pearl.
How much do e-Commerce security companies cost?
A "flip" answer is much less than if someone hacked into your system. True, but it does not give you a real dollar figure.
SC Magazine recently published the following information about security companies and their costs:
- SentryCOM provides secure authentication for high-risk connections such as on-line banking. The cost is $15 per user per year.
- WatchGuard XCS770 is an appliance-based security and content management solution that is part customer premise device and part cloud-based services. The cost is $18,000.
- Lockstep Security Systems has a product called Web Again that costs $995.