Posted by Rob
Posted on 06-06-2008 under Client Education, Creative Business, Development

As you probably surmised from my old-timey padlock photograph, this episode of my Ecommerce series is all about security.

It makes sense that security is of the utmost importance when dealing with Ecommerce - after all, if you realistically want your customers to send their credit card information off through the interwebs, you better make sure they feel ok with the idea.

Before we get further, let me attempt to define a couple things. Basically, in order to run a webstore, besides your hosting and domain, you will also need to contract with two more 3rd party services: a merchant account or gateway, and a security certificate issuer. (yes, this means that if you have hosting and domain through separate companies, you will need to contract with at least four 3rd party services to keep your site up and running - don’t worry, we can help!). Anyway, definitions:

Merchant Account - this is, basically, a credit card processing gateway. This is what allows you to have a customer enter a credit card number into the site, have it processed and approved, funds deducted (or held), and eventually deposited into your account. Merchant Accounts are 3rd party services, and are necessary for any sort of Ecommerce where credit card processing is happening immediately. If you aren’t ready to go for full on credit card processing, you can always use a service such as paypal, but keep in mind that this will take customers off your site for credit card processing, which is not generally a good idea if you are trying to build a strong web brand and consumer confidence in your store.

Security Certificate - Another 3rd party service, a security certificate is an encryption key that is added to a web site in order to help prevent sensitive data from being intercepted. This is part of the SSL process, which I won’t go into right now.

Good web security is accomplished through a number of steps. At the most basic level, there is the architecture of the site. Current standards call for web Ecommerce applications to meet a certain level of security in their coding and architecture. In addition to that, in order to get a site approved by an provider of a merchant services, you will need to have a security certificate installed and properly working.

Most web consumers now days are accustomed to looking for that little padlock in the corner of the browser. If you don’t focus on security during development, you will not make many sales when you are done.