When it comes to card-not-present (CNP) transactions, there is an abundance of technology Elavon provides on the back end of payment acceptance to help keep you and your customers’ payment data secure. But businesses hold the responsibility of keeping their front-end – your eCommerce website – secure from the threat of bad actors.
One detail that is easily overlooked by a business is the source code supporting your eCommerce website. If you use an outside vendor to develop and maintain that site, be sure the coders don’t leave HTML source code wide open for fraudulent authorization testing. It is important to ensure your source code is well hidden.
We also recommend conducting regular website security audits. The following five security checks are a good place to start:
- Are you up-to-date with your Payment Card Industry Data Security Standard (PCI DSS) validation? If so, are the protocols you put in place being followed by all staff, and has anything at your business changed that may require an update to your protocols?
- Is your shopping cart software and plugins up-to-date? No software is perfect. New bugs are discovered and new threats are identified all the time, so make sure you have the most current updates running on those systems at all times. Also, make sure to remove any inactive plug-ins.
- When’s the last time you scanned your website for malware? There are a number of free or inexpensive options for scanning your website that can be easily found through a simple Google search.
- Is your website’s SSL certificate current and working properly?
- Are you using strong passwords for any accounts that connect to your website? Do you have controls in place related to employee access and logins? Consider administrative accounts, hosting dashboards, business databases and FTP access.
This article was originally published in Elavon’s Payment Smart newsletter. The Washington Hospitality Association’s payments processing system is backed by U.S. Bank/Elavon.
