Cybercrime evolving at the same rate as that of e-commerce sites which flourish a little more every day on the web, it has become essential to know how to secure your online store in order to protect it while reassuring the customers who will pass through your services.
Safety Through Technology:
Know Your Host:
In the event of an infection, it is essential to be notified as quickly as possible, because otherwise your site is exposed to downgrading, or even banning from search engines and service providers. It is therefore important to know your host well and to know how often they will perform scans and the solutions they will offer you in case of trouble. Do you know if your host:
- Provide you with a daily backup solution? How easy is it to restore your data?
- Is equipped with a firewall, which protects against a large number of attacks, in particular DDOS attacks (denial of service attacks: infected computers all connect to your site simultaneously and bring down your server)?
- Does it offer automatic update solutions (security updates)?
- Does it require you to use strong passwords?
- Are the machines that host you up to date against threats? The Meltdown & Specter vulnerabilities affecting the processors of all computers, including servers, require major updates on the host side.
Be in HTTPS:
Designating a secure HTTP version, https is essential to be correctly referenced, Google favoring secure sites, whether for an e-commerce site or not. Long reserved for transaction systems, it is now important to protect data exchanges between Internet users and websites, and therefore also in your contact and connection forms. You can recognize it by the little padlock icon in your browser's address bar.
Lock Unnecessary Access:
Your e-commerce site, by nature, is a computer system and therefore has many open passages. There are several ways to access it: back office, SSH, FTP, and others, so you must be aware of these various possibilities and take the time to check whether the accesses are open or not and, if they are. , who can access it.
Remember to change your passwords frequently, changing them once every 3 to 6 months is a way to best secure your access. Try to have a relatively long password, containing letters, numbers, and special characters.
If you are afraid of not remembering your passwords, applications, available on all systems, and on your mobiles, take care of doing it in a secure manner (like Dashlane, 1Password). They allow you to remember only one password to unlock them, and retain all the others for you.
Back-Up Your Site to Be Able to Reinstall It:
The best way to continue to provide your services in the event of possible security concerns is to be able to put a secure version of your e-commerce site back online as quickly as possible. So remember to make daily backups of your site in order to have a recent version available in case of problems.
To remember to do it: automate this task.
Secure the Payment System:
Almost all online payments are made through a payment system managed by a bank or other financial bodies. This provides you (or directs you to) a technical solution that allows you to legally and technically secure the various payments.
In terms of choosing the payment service provider, we recommend that you choose one that allows you to have the "3-D Secure" protocol which will ensure that the bank card used during payment is that of the user. We highly recommend that you opt for this option, especially for the delivery of valuable goods.
The 3D Secure functionality makes it possible to transfer the responsibility for payment to the bank, which therefore takes care of any subsequent payment problem. Without 3D Secure, the merchant is responsible for payment.
The risk is to receive payment, send the goods, and then have the payment amount withdrawn from their account because the card has been subsequently declared stolen. Your sale is lost, and so is your merchandise.
Legal Security:
Your Domain Name:
First, it is necessary to ensure that the chosen domain name is indeed the property of the company. Indeed, it is possible that the real owner is actually a provider. Thanks to the Whois.com or Afnic.fr site, you can access information related to the desired domain name. You must appear in the Owner (or Registrant in English) field.
If your e-commerce site is exported internationally, it is preferable to buy your domain name with local endings. While the process can be a bit expensive, it helps prevent cyber squatters from taking over your customers and dirtying your image.
If your domain name is a brand, we advise you to contact the INPI to register and secure it, especially if a logo is attached to it.
Never Forget Your Legal Notices and CGV:
Mandatory on any website, the legal notices make it possible to identify its owner, but also its host and its manager, and offer the possibility of contacting the latter if necessary.
If your e-commerce site is geared towards selling to individuals, it must also contain the General Conditions of Sale (GTC) adapted to online sales and its specificities: the e-commerce GTC. The general conditions of e-commerce sales are a kind of site regulation, they provide protection to customers as well as to merchants. In the event of a dispute, these make it possible to determine what is planned following a purchase and what the customer, who must validate the GTC before his purchase, is supposed to know.
It is very important to write the T & Cs of your e-commerce site with the greatest attention, without looking for models that are often too general, nor to copy those of another e-commerce (which, moreover, is liable to a fine).
An e-commerce site without legal notices or CGV may be in default before a court and outstanding fines, the amount of which may be very significant.
Pay Attention to the Properties or Rights of Use of the Content:
The owner of a site is considered responsible for the content it contains and everything that is on the internet is not free of rights. Therefore, to use the content found on the net (image, text, music, video, etc.), you must ensure that it is copyright free. In the event that it is not free, you will need to ask the owner for permission before adding it to your website.
If you own content, declare your ownership as such and feel free to verify that no one is using it without your permission.
Ownership of Rights to Use the Container:
The container, which includes the tree structure of your site, structural, ergonomic, and design developments, must be secure with regard to their right of acquisition and their ownership. Also, you must have a license for antivirus software used for your site, unless these are free software.
No comments:
Post a Comment