You got it wrong. These business challenges prevail in every industry and a merchant can overcome them by building a strong business strategy, market research, robust internet marketing and customer analysis. However, when having an ecommerce business, if you are not thinking about security breach, hacking or data theft, you are in for a rough ride. Not a single day passes by without us hearing about website hacking or thefts of credit card information and other sensitive data from ecommerce sites.
As a site owner, you have both a moral and a legal obligation to protect your customers from unscrupulous hackers looking to steal information. Money is not the only point of gratification for hackers. They enjoy the destruction they cause – whether it is putting a sick message on your site or destroying customer’s confidential accounts. In most cases, hackers simply enjoy ruining your reputation.
You can tackle business challenges, but it is unfortunately very difficult to overcome the havoc a hacker can do to your website. There is no option to hit the undo button. However, you can take steps to prevent hackers from attacking your website. One such step in the right direction is Payment Card Industry Data Security Standard (PCI DSS).
|1||Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year; Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.|
|2||Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.|
|3||Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.|
|4||Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.|
– Complete the Self-Assessment Questionnaire.
– Complete and obtain evidence of passing a vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV). Scanning is required for SAQ A-EP, SAQ B-IP, SAQ C, SAQ D-Merchant and SAQ D-Service Provider.
– Complete the relevant Attestation of Compliance.
– Submit the SAQ, proof of a passing scan (if applicable), and the Attestation of Compliance, as well as any other requested documentation.
– Performing penetration tests to check defenses
– Analyzing web applications code
– Never store your passwords on Browser – So next time when next browser ask you to store password – Say ‘Never”
– Don’t share your hosting account, FTP,SFTP passwords with anyone or give it third party.
– Consult your developer to restrict access of your admin. Remember prevention is better than cure.”