Security falls into two main areas; firstly your responsibility to safeguard your customers personal data and, secondly, to avoid becoming a victim of fraud yourself. We make no apologies for the fact that we are more concerned with the former.
When someone gives you their credit card or bank account details you accept a responsibility to keep that information confidential. You should take that responsibility very seriously.
At Mal's e-commerce your customers' payment information is encrypted and then saved to the database. You can download this information only by using an SSL enabled browser from within the Admin area.
Once you have downloaded the payment information we would prefer it if you deleted the record from the server.
If you keep this information on your computer then you might want to consider who has access to this computer. If you keep back-ups of the data then you might want to consider who has access to these. Finally if you use an online back-up service then this information should not be included, ftp is not secure.
It is absolutely essential that you never include credit card information in unencrypted email. So unless you have a digital signature for the recipient of your communication you shouldn't send it.
You need to check all orders very carefully and it is prudent to ensure you have cleared or authorized payment before you dispatch the goods.
Make sure the customer hasn't made a mistake in entering information. If you are concerned about fraud you might wish to impose a requirement that all orders are shipped to the same address as that associated with the credit card or bank account.
There is a site dedicated to this subject at:
http://www.merchant911.org/
Finally it's pretty easy for someone with a little bit of knowledge to fraudulently change your prices or shipping values as they are added to the cart. Using an HTML form makes it moderately harder.
Don't get too paranoid about this. In general fraud is not committed by people who have just given you their name, address and credit card number! If things don't look quite right then raise the matter with the customer first and don't assume that it is anything other than a genuine mistake.
If you are really concerned about people changing your links then you might want to use the link verification option. It's tricky to setup and use so I would advise people not to unless you know your target audience is untrustworthy and you also have terrible internal management.
It's probably a fact of life that, if you are selling to the general public, sooner or latter you will become a victim of some sort. However, with good house keeping you should be able to minimize your exposure. Don't let the tiny proportion of people with a twisted view of life dictate to you how you relate to your customers.
|
