Online Payment Security Advice

Recently publicized accounts of credit card fraud on the Internet are no doubt alarming to consumers and merchants alike. There is no denying that Internet-based commerce is permeating society at a rapid pace. So what can merchants do to ensure the highest level of security to their online customers? Shift4 has some advice.

All too often the blame for security breaches, which put consumers' credit card data in the hands of criminal hackers, falls squarely on the shoulders of the transaction software provider. However, in the recently publicized case of CD Universe, an online music seller, some basic systems safeguards could have prevented the incident.

What eCommerce Merchants should not do:

• Do not assume that your e-payment software provider is a security expert. Independent resellers with little or no technical expertise often sell credit card processing software without knowledge of security issues.

• Do not treat the selection of payment processing software as an auxiliary item. How customers pay for your goods and services is essential to your success, so the system that supports these transactions should be regarded as such. If your web development firm is not well versed in security issues, choose another firm or demand that you choose your own payment-processing vendor.

What eCommerce Merchants should do:

• Enlist the services of a credit card transaction specialist with expertise in Internet, software, hardware and data security.

• Invest in firewall security, but DO NOT rely on this single defense mechanism to protect you from every possible threat.

• Limit all anonymous connections to your web server.

• Disable directory scanning.

• Store customers' credit card data on a non-viewable directory, preferably on a separate server than that of your web pages.

• Avoid file-based credit card processing software.

• Look for direct sockets-based credit card processing software.

• Prevent non-trusted employee's physical access to web server areas.

• Be aware that your shopping cart and other web-based software may maintain credit card data, and thus be vulnerable to attack. Secure the data in these applications as indicated above.

• When hosting the e-payment software in-house, create a set of security and policy procedures and follow them diligently and to the letter. Your e-payment gateway provider should be able to help you. If they cannot, re-think your choice. When using an out-sourced e-payment gateway system, ask any company you choose about their gateway's security policies and procedures. Remember, this is money we are talking about.

What online Shoppers should do:

• Obtain a credit card account with a moderate limit to be used for online purchases only.

• Check your card statement regularly and report suspect transactions immediately.

• Realize that, purchase for purchase, online shopping has been proven to be safer than traditional mail/telephone order or face-to-face shopping.