Mar 22, 2018
Is your website secure for online payments?
When collecting payments from customers for your business’ services or products, it is imperative that your website is secure for online payments. Customers and new website visitors should feel comfortable in submitting their card or bank details on your website. In fact, 58% of consumers believe they will be a victim of a breach at some point, according to recent research, with 66% saying that they would not do business with organisations that have experienced a breach. On top of this, data breaches and non-compliance to data protection legislation will be punishable with fines by the Information Commissioner’s Office (ICO) under the forthcoming GDPR legislation.
So, how can I improve my website’s security?
– Secure your website with a Transport Layer Security (TLS) certificate (previously SSL). A TLS certificate authenticates a website’s identity and secures all communications between your website’s server and the client’s web browser. This ensures that the connection is private, as it encrypts any data transmitted (such as payment details). Customers will be able to see if your website, and especially the payment page on your website, has a TLS certificate, as they will be able to see a padlock symbol next to your website’s URL and the https prefix in their browser.
– Get PCI DSS (Payment Card Industry Data Security Standard) compliant. Although this does not apply if you are collecting payments by Direct Debit, PCI DSS is a set of security standards designed to ensure that companies maintain a secure environment when accepting, processing, storing or transmitting credit card information. This applies to all companies, small and large, who accept card payments.
– Update your website software, such as WordPress and other plugins. In order to protect yourself from any bugs or breaches, you should set a date each month to do this. Leaving a plugin that has not been updated for months may leave you vulnerable to bugs and even hacker attacks.
– Install a firewall for your website and your business’ computers. If you run a content management system on your website, such as WordPress, you can easily install a firewall as a plugin. You might not have to do this if your hosting service already runs a firewall for their customers, but using the principle of “defense in depth” means that every layer you add provides something extra to your security.
– Connect with reputable third parties. Whether it is your payment gateway, processing or Direct Debit collections, make sure you cooperate with businesses that are FCA approved and follow ISO information security and process standards.
It is worth noting that security solutions can change with time. As aforementioned, technology is evolving at a very fast pace, so it is important to be aware of any changes and developments in web security.
SmartDebit are ISO 27001:2013 certified, a Bacs affiliate, authorised and regulated by the Financial Conduct Authority. If you want to talk about collecting payments and Direct Debit, get in touch now.