03 September 2021

4 Security Considerations For Online Store Payments

Written By Rodney Laws in FinTech

4 Security Considerations For Online Store Payments

Buying online was an everyday occurrence long before the COVID-19 pandemic broke out, but the compelling need for non-essential retail stores to close down tipped the balance even more in favour of ecommerce. There are now many people throughout the world who rely on online retail for supplies, not just frivolous purchases of clothing items or consumer electronics goods, and it’s placing the matter of cybersecurity into harsher light.

After all, issues with online payments can seem relatively trivial when you’re dealing with small orders of items that aren’t strictly necessary — but when you’re talking about vulnerable people (often with limited budgets) receiving food and other necessities, there’s a pressing need to ensure that such issues don’t arise in the first place.

Given today’s design standards and user expectations, having a weak payment system will soon sully a brand and disincline visitors to risk their hard-earned money. In this post, we’re going to look at four security considerations that must guide the development of a modern online store if a suitable level of quality is to be achieved. 

Human hand on tablet pc and credit card for shopping onlineEnsuring that linked systems are protected

Safeguarding a payment process in isolation simply isn’t enough to prevent fraud. This is due to the modular nature of online stores. Data is shared between different parts for ease of use, and this means that any segment of a store system with high-level permissions can serve as a point of vulnerability. One weak link in the chain is all that’s needed to render it insecure.

The simplest way to avoid such points of insecurity is to use a fully-featured store CMS with all its components based in the cloud and regular automatic updates. A wide-reaching platform with a native payment gateway — Shopify, for instance — makes for an easy choice, because you can feel assured that all the component parts will combine perfectly.

But then there’s the matter of plugins (or extensions, or add-ons, depending on the system). The use of plugins is extremely common in ecommerce, with sellers eager to make their stores easier to use or simply more attractive, yet each plugin constitutes a fresh point of weakness. One poorly-optimized plugin can allow malicious actors to gain access to an entire system. The best thing to do is limit plugin use, using only those plugins that can be properly vetted.

Balancing authentication with convenience

We live in the era of biometrics, with smartphone ownership being incredibly common and fingerprint readers (plus facial recognition systems) appearing on many such devices. Notably, this sets a precedent that must be kept in mind. Users now know the ease of getting near-instant (yet secure) access to their devices — and they expect similar ease online.

This doesn’t mean that online stores should (or could) store biometrics data. That’s something that most people wouldn’t accept. Instead, it means they need to be very careful with how they handle their authentication systems. They need to be secure, preventing unauthorized users from somehow gaining access, but without slowing things down too much.

Leaning on smartphone and browser storage is the way to go. Users can keep their card details stored locally under their main logins, then submit them when needed following suitable local authentication (confirming CVCs — Card Verification Codes — or using biometrics-secured logins). You must also think about which gateways you’ll support. The more gateways you offer, the better the user experience will be, but the more security issues you’ll need to address.

Complying with all relevant data regulations

The implementation of the GDPR — General Data Protection Regulation — back in 2018 heralded a significant change in how most people view the storage and processing of private data. Though it only technically applies to companies based in the EU or with customers based in the EU, it’s had influence throughout the world through setting a powerful precedent (and playing a large role in backing Open Banking).

Accordingly, one of the core concerns when managing online payments must be ensuring that the underlying systems are fully compliant with all relevant regulations and user expectations. The perception of impropriety is a serious threat. Even in the event that it’s entirely legal to store and process data in a certain way, there’s no guarantee that customers will find it acceptable.

And given the immense influence that negative customer comments routed through social media can have (often leaving brand images utterly devastated), it’s mission-critical that you not only store and use data responsibly but also make your actions abundantly clear. Providing and promoting a comprehensive breakdown of your data policy will be a key step.

Keeping shoppers apprised of best practices

Lastly, there’s a security concern that gets overlooked far too often, and that’s the behaviour of the customers. Online sellers can focus entirely on keeping their systems secured and fail to consider how easily something like social engineering (Tripwire has more on this) can compromise user accounts and lead to fraudulent transactions.

Any contention that a store owner shouldn’t much care about such transactions is a non-starter for two reasons. Firstly, those transactions will ultimately be contested, leading to chargebacks and lost money. Secondly, the customers who see their accounts compromised will be less likely to return. That you weren’t at fault won’t really matter: they won’t be able to visit your store without thinking of their bad experiences.

In addition to providing some key suggestions in the support section of your site, you should have some relevant advice for those who reach out to you for assistance, and promote good security practices through your blog and marketing emails. Remind your customers to change their passwords on a semi-regular basis (you can even require this for good measure), choose sensible account-recovery terms, and keep their login details safe.

Wrap

To compete in this time of online retail effectively serving as a utility, every ecommerce store owner must take payment security extremely seriously. Keeping the aforementioned security concerns in mind while configuring a store will make it markedly easier to produce a setup that’s suitably robust, leading to better performance and happier customers.

Up Next ...
17 December 2024

Nubank Leads $250 Million Investment in African Digital Bank Tyme, Valuing It at $1.5 Billion

The funding will support Tyme's expansion into Southeast Asia, including Vietnam and Indonesia, as it aims to become a top retail bank in South Africa within three years....

17 December 2024

FIS Reportedly Set to Acquire UK-Based Fintech Demica for Around $300 Million

The acquisition is expected to enhance FIS's portfolio, following its recent purchase of San Francisco-based Banking-as-a-Service fintech Bond.

17 December 2024

AHAM Capital, leading asset manager in Malaysia, selects Temenos Multifonds SaaS to modernize its fund accounting platform

AHAM Capital is replacing legacy, on-premises systems with Temenos Multifonds Global Accounting on SaaS to drive scalable automation and future growth in the Malaysian ma...

16 December 2024

Astra Tech’s Quantix Secures $500 Million for Regional Expansion

The funding will drive the growth of its consumer lending platform, CashNow, and improve its Ultra app ecosystem

More in FinTech

Nubank Leads $250 Million Investment in African Digital Bank Tyme, Valuing It at $1.5 Billion

17 December 2024

The funding will support Tyme's expansion into Southeast Asia, including Vietnam and Indonesia, as it aims to become a top retail bank in South Africa within three years....

FIS Reportedly Set to Acquire UK-Based Fintech Demica for Around $300 Million

17 December 2024

The acquisition is expected to enhance FIS's portfolio, following its recent purchase of San Francisco-based Banking-as-a-Service fintech Bond.

AHAM Capital, leading asset manager in Malaysia, selects Temenos Multifonds SaaS to modernize its fund accounting platform

17 December 2024

AHAM Capital is replacing legacy, on-premises systems with Temenos Multifonds Global Accounting on SaaS to drive scalable automation and future growth in the Malaysian ma...

Astra Tech’s Quantix Secures $500 Million for Regional Expansion

16 December 2024

The funding will drive the growth of its consumer lending platform, CashNow, and improve its Ultra app ecosystem

White Papers FinTech

Open Finance in Review: Looking back at 2023

28 November 2023

In this insightful report, OzoneAPI delve into the pivotal developments that have shaped the landsca...

White Papers FinTech

Fintech 2030: The Industry View

02 October 2023

Key findings from the report:Embedded finance is expected to dominate the industry in 10 yearsThere...

White Papers FinTech

Pulse of Fintech H2 2022 report

27 July 2023

UK FinTech investment falls 56% to £14.42bn in 2022After an incredibly strong 2021, with total FinTe...

White Papers FinTech

The Rise and Impact of Fintech in Latin America

29 June 2023

Fintech also provides tools to help manage these risks. Financial authorities and their supervisees...

Finnovate Europe

Finnovate Europe

25 February 2025

12:00 AM - 12:00 AM

InterContinental London - The O2, 1 Waterview Drive, London, Greenwich, SE10 0TW

£1,699.00