Is Your Web Site Secure Enough to Take Credit Card Orders
Category: Online Payments | Date: 2003-11-25 |
With all of the WYSIWYG HTML editors (like Microsofts FrontPage) almost anyone can publish a web site. This is good, if the web site is only going to be used as a hobby/personal site or as a business advertisement site. Anything more extensive than a static web site should be left to a professional or should be thoroughly researched.
Credit card fraud and stolen credit card numbers are at an all-time record high. An e-commerce site must NOT be developed by a webmaster who doesnt fully understand internet security issues.
Too often the hobbyist web master will develop an e-commerce web site without the knowledge needed to make it secure. Whats worse is that banks, who approve web sites for online credit card acceptance, are inadvertently allowing unsafe web sites to pass. This is putting online consumers in an unfair (and unsafe!) situation. Just because a web site advertises that it is secure, doesnt necessarily make it so. There are very few web site owners that would intentionally put their customers at risk. It is generally a case of the web site owner thinking his site is secure, when it really isnt.
Generally, you are safe to assume that big corporate web sites are safe for online ordering purposes. They have too much to lose to leave any security risks. Yes, these sites can be hacked...but it isnt likely. The public should be more concerned about the hundreds of thousands of small potato business web sites that are being
created by the web hobbyist.
So, how can you make sure that your site is credit card friendly?
The number one mistake that web site owners make, when accepting credit cards online, is having orders e-mailed to themselves. This is an extremely risky way to receive credit card information. These e-mailed credit card numbers can be intercepted and copied.
Many people believe that if you put a web page order form on a secure page, beginning with https://, that the credit card information is safe. This is correct if you have the credit card numbers sent and stored in a secure database environment. This is ABSOLUTELY INCORRECT if those credit card numbers are sent via unencrypted
e-mail. Even a hacker with limited nowledge of security issues can harvest credit card numbers from unencrypted e-mail messages.
Another common mistake is to publish an online order form on a non-secure page. If you place an online credit card order, look at the web site address on the page that requests your credit card information. The web site address MUST begin with https:// and NOT
http:// if it is secure.
Consumers: Never place a credit card order on a page that doesnt
start with https://.
Web site Owners: Never place an order form, that asks for credit card numbers, on a page that doesnt start with https://. If you are unsure how to do this, contact the company that hosts your web site.
They can probably help you set this up.
Protect your customers, build a secure site!
The easiest and safest method, for the average person, to build an e-commerce site is to find pre-packaged e-commerce solutions. Many hosting companies offer a shopping cart system pre-installed with web
hosting packages. Pre-installed shopping cart systems usually have a user-friendly control panel that allows the site owner to
add/remove/change products without any knowledge of programming.
Editing can usually be done by filling out a few online forms via your web browser.
Next, find out which merchant account/online payment processing companies can integrate with that shopping cart system.
Authorize.net can usually integrate with most shopping cart systems.
There are others as well.
The major benefit of integrating a merchant account/payment processing company with a shopping cart is that the site owner is not involved in handling credit card transactions. Generally, the order information (less the credit card numbers) are e-mailed to the web site owner and the credit card numbers are sent, securely, to the merchant account/payment processing company. The merchant account/payment processing company charges the customers credit card and then gets the actual payment to the site owners bank account.
This is probably the most secure method for accepting credit card orders online.
Make sure that the web sites you visit and the web sites you own are safe - when it doubt, ASK QUESTIONS. If youre in doubt as to rather or not a site is safe, consult an expert. A false sense of security is worse than no security at all.
About the Author.
tina@affordablehost.com
http://www.AffordableHost.com
Credit card fraud and stolen credit card numbers are at an all-time record high. An e-commerce site must NOT be developed by a webmaster who doesnt fully understand internet security issues.
Too often the hobbyist web master will develop an e-commerce web site without the knowledge needed to make it secure. Whats worse is that banks, who approve web sites for online credit card acceptance, are inadvertently allowing unsafe web sites to pass. This is putting online consumers in an unfair (and unsafe!) situation. Just because a web site advertises that it is secure, doesnt necessarily make it so. There are very few web site owners that would intentionally put their customers at risk. It is generally a case of the web site owner thinking his site is secure, when it really isnt.
Generally, you are safe to assume that big corporate web sites are safe for online ordering purposes. They have too much to lose to leave any security risks. Yes, these sites can be hacked...but it isnt likely. The public should be more concerned about the hundreds of thousands of small potato business web sites that are being
created by the web hobbyist.
So, how can you make sure that your site is credit card friendly?
The number one mistake that web site owners make, when accepting credit cards online, is having orders e-mailed to themselves. This is an extremely risky way to receive credit card information. These e-mailed credit card numbers can be intercepted and copied.
Many people believe that if you put a web page order form on a secure page, beginning with https://, that the credit card information is safe. This is correct if you have the credit card numbers sent and stored in a secure database environment. This is ABSOLUTELY INCORRECT if those credit card numbers are sent via unencrypted
e-mail. Even a hacker with limited nowledge of security issues can harvest credit card numbers from unencrypted e-mail messages.
Another common mistake is to publish an online order form on a non-secure page. If you place an online credit card order, look at the web site address on the page that requests your credit card information. The web site address MUST begin with https:// and NOT
http:// if it is secure.
Consumers: Never place a credit card order on a page that doesnt
start with https://.
Web site Owners: Never place an order form, that asks for credit card numbers, on a page that doesnt start with https://. If you are unsure how to do this, contact the company that hosts your web site.
They can probably help you set this up.
Protect your customers, build a secure site!
The easiest and safest method, for the average person, to build an e-commerce site is to find pre-packaged e-commerce solutions. Many hosting companies offer a shopping cart system pre-installed with web
hosting packages. Pre-installed shopping cart systems usually have a user-friendly control panel that allows the site owner to
add/remove/change products without any knowledge of programming.
Editing can usually be done by filling out a few online forms via your web browser.
Next, find out which merchant account/online payment processing companies can integrate with that shopping cart system.
Authorize.net can usually integrate with most shopping cart systems.
There are others as well.
The major benefit of integrating a merchant account/payment processing company with a shopping cart is that the site owner is not involved in handling credit card transactions. Generally, the order information (less the credit card numbers) are e-mailed to the web site owner and the credit card numbers are sent, securely, to the merchant account/payment processing company. The merchant account/payment processing company charges the customers credit card and then gets the actual payment to the site owners bank account.
This is probably the most secure method for accepting credit card orders online.
Make sure that the web sites you visit and the web sites you own are safe - when it doubt, ASK QUESTIONS. If youre in doubt as to rather or not a site is safe, consult an expert. A false sense of security is worse than no security at all.
About the Author.
tina@affordablehost.com
http://www.AffordableHost.com
Copyright © 2005-2006 Powered by Custom PHP Programming