Pin It

Stopping the Bleed: What the Heartbleed Bug Can Teach Ecommerce Businesses

heart1

Last week the web was rocked with the news of the Heartbleed bug, which affected servers by exploiting a vulnerability in OpenSSL encrypted data (Payza’s servers were secure – you can learn more in this post). The vulnerability had particularly severe implications for ecommerce businesses, as it gave hackers access to a server’s memory, where sensitive data like usernames, password information, and credit card numbers are stored. Ecommerce businesses can take this opportunity to take another look at their web server security.

Today’s hackers have moved past merely posting a message on the targeted website or disrupting files. Many work with organised gangs to steal data and personal and financial details from businesses, causing great damage to a company’s reputation. A hack of this kind also causes huge financial damage – costing over 300 billion annually to the global economy, according to a report from the Center for Strategic and International Studies.

It’s well-known that small online  businesses lack proper data security practices. More and more SMBs are relying on the internet for daily operations, yet most do not apply the same anti-fraud measures they would use in a brick-and-mortar business. Without a real plan to protect their business from cyber crimes, this false sense of security can have dangerous consequences for both small business owners and their customers. If you run an online business, the Heartbleed bug is a great opportunity for you to reevaluate how you store and protect sensitive data.

Using SSL to Protect Customer Information

Yes, the Heartbleed bug exposed a vulnerability in the older version of OpenSSLand yes, you should still be using SSL (not the open version) on your checkout pages, sign-up pages, and customer login pages. SSL prevents hackers from riffling through your customers’ web traffic and stealing their passwords and credit card info. Having an SSL security certificate on your website has the added bonus of  increasing consumer trust, as many online shoppers correctly associate “https” with higher security standards. Most . Thus, having it on your site will likely make shoppers more comfortable to complete the transaction.

Don’t Need It? Don’t Keep It

The best way to keep data safe from a theft is to not have any data to steal, so don’t store customer data just because you can. First, answer the “3 W’s” of sensitive data: 1) What type of information is your business collecting 2) Where is this information kept 3) Who has access to it. Once you have determined what information you intend to collect, evaluate whether you really need to keep it.

Stay Armed With Encryptions and Updates

Use a web application firewall to further protect your websites. Encrypt sensitive data like passwords, and make sure that any solutions you are using, like shopping carts, have modern and updated security standards.

Let 3rd-party Providers Handle Credit Card Information

When it comes to customer credit card information, the golden rule is simple: never store customer credit card info. This is one of the most sensitive pieces of financial data that your ecommerce business will come into contact with, so always  use a third party processor to handle credit card information, since the provider will have the security and tech resources needed to protect it.

Payza’s Protection

Looking for a great way to protect your customer’s financial data? Using Payza to accept online payments is an easy way to make sure your customers have a secure payment option, and with Credit Card Top Up they can pay you instantly with their cards even if their Payza balance is running a little low.

At Payza, we understand better than most just how important online security is, dedicating a major portion of our resources to securing our system from cyber threats. Here are a few of the ways Payza’s fraud protection strategy keeps data secure:

  • 128-bit SSL encryption: All transaction data are filtered through a 128-bit Secure Sockets Layer SSL encryption. Our encryption system secures the personal and financial data of our members to prevent fraudsters from intercepting and exploiting your private information.
  • Website review for all of our merchants: Websites that use Payza Checkout Payment Buttons are screened via an in-depth website review to ensure that they comply with Payza’s standards. These security measures enhance the overall security of your account and our network, and help keep fraudsters out of our system.
  • FraudMatrix: our proprietary, state-of-the-art real-time monitoring platform, Payza is committed 100% to providing you with the most secure e-commerce experience.