How to Maximise Security for Your Customers When Taking Payments Online
Ecommerce websites have a lot of right notes to hit in order to attract and retain customers, and one of the most critical is security. A secure payment experience will foster customer trust and confidence in your business and promote sales as a result. 58% of shoppers would abandon a purchase online if they had any concerns over payment security, so you must make sure you provide the most secure experience possible to your customers.
Here are four ways that you can ensure the security of online payments.
Ensure sensitive pages are SSL secure
SSL (Secure Sockets Layer) is a security protocol that allows you to protect your customers’ transactions. It uses encryption to ensure that sensitive data transferred to and from your web pages cannot be read by an unauthorised third party. It also verifies the digital identity of both buyer and seller – only when both identities are validated is a secure connection granted. Checkout pages, account pages, pages on which account passwords are entered – basically any page that handles private data (that is, data that should be known only to you and your customer) should be SSL protected. A SSL certificate can also help your business towards compliance with the PCI data security standard.
Use a hosted online gateway for taking payments
If you use a hosted online payment gateway provided by a payment services provider (PSP), you can be confident that you are offering your customers the most secure payment experience possible. It also has myriad benefits for you, the merchant. Because customers are redirected to the PSP’s site to make payment, your site never comes into contact with any sensitive cardholder data. This means payment security and PCI compliance obligations are taken care of by your PSP. Hosted payment gateways are quick and easy to implement, can support multiple currencies, and provide your customers with a smooth and secure transaction when they shop. Make sure you choose a payment gateway with the highest possible uptime. (Please note that while SSL certification is not essential if you use a hosted online payment page, it is good practice as it ensures other sensitive, non-payment-related data is protected against ‘eavesdropping’ by third parties).
Don’t hoard customer data
Be sparing when you decide which customer data to store. Under no circumstances should you store sensitive data such as credit card numbers, CCV codes, expiry dates, authentication data and so on – indeed, under the PCI standard it is unacceptable to do so. Purge old credit card data from your system regularly. Of course, if you are using a secure hosted payment gateway, cardholder data handling and storage is taken care of by your PSP – another compelling argument in favour of hosted payments. You may want to keep details such as customer name, address, email and phone numbers for marketing reasons – this is acceptable, but make sure you have your customer’s security in mind at all times and take appropriate measures to protect any data you keep on file.
Consider the benefits of card store and tokenisation
If you decide to host payments on your website, you can cut your PCI compliance by more than 50% by implementing card store and/or tokenisation. Hosted payment pages can also benefit from these services. Tokenisation generates a ‘token’ that is used in place of a payment card number for all repeat transactions or refunds, while card store removes the requirement for repeated entry of card details by returning customers, enabling ‘one-click’ payment. Both solutions take care of the storage of credit card numbers, which, as we have seen, is a crucial element of PCI compliance. As an added benefit, the sign-up or registration process for card store or tokenisation allows you to capture useful customer information that can be put to good use by your marketing department.