Simple Security Steps for Your Online Shop or Online Store

Online payments involve security issues which is why there are PCI DSS services for compliance which are designed to avoid improper credit card data storage or transmission. Organizations are also transforming the way they do business in a variety of ways, from creating new operating and cost efficiencies to service delivery methods. As they adopt multiple clouds to make the data and applications that enable these business innovations available wherever they are needed, this new infrastructure unintentionally results in an increased digital surface and exposes data in transit breaches. To avoid these problems when opening up an online store, you can use a VPN appliance. However, if you are not storing credit card details on your server or online store, there are other best practices to adopt.

I have been in the e-commerce software industry since 2005. From my observation of many shopping cart softwares our there, open source or proprietary ones, I identified a few common mistakes made by e-commerce software providers and owners of shopping cart softwares themselves. If you are about to run an online store soon, verify if you can do the following with your shopping cart softwares:

a) Change default URL to Store Admin Panel
Ensure that the page to log into your store control panel is not easily guessed. For example, a default Magento store installation has the login to the control panel at You can also switch to vps unmanaged hosting plans for better website privacy and performance.

Do you notice the word “admin” is used in the URL and it is easily guessed even by a school kid? If possible, hiding this “door” from “thieves” greatly reduces intrusion into your store which contains sensitive information.

The advantage of Magento shopping cart is that you can change from “admin” to something else during installation. Prestashop forces you to rename the path after installation or you will not be allowed to login at /admin/

b) Username and password to your store admin panel
Do not use usernames which are easily remembered. For example, “admin”, your domain name or your name. As for password, your password should be at least alpha-numeric. Password such as “123456” is easily cracked. It is also recommended you regularly change your password. In case you forget your password, most shopping cart software have a “forget password” retriever. You can hire IT services to do this for you. Visit or other experts to know more about it.

If your shopping cart provider doesn’t allow the above, look for other providers or open source shopping cart software. Once you figure this out, don’t forget to look for new ways of improving your eCommerce website. You must also ensure that the business internet providers that you’re using for your business is safe, secure, and private. With so many coupon codes out there from websites like Raise, online retailing becomes a lot more competitive as customers are always looking for better deals. Most importantly, after all the online transactions you’ve made, if you are going to a bank, be sure to hire armored cars for cash delivery for extra safety and security.

3 Responses to “Simple Security Steps for Your Online Shop or Online Store”

  1. hi Malcolm,
    I have customers who are requesting to pay to my paypal account and it seemed that sometimes paypal had problem accepting the payment. It was usually due to HSBC and Citibank credit card. And when they try to register another paypal account, they are charge with RM1 and still couldn’t pass through the payment.
    Have you had any of this experience before?
    If you do, mind if you share. :)
    Thank you very much.

  2. Hi SD. No I don’t have such experience. Your customer will have to contact their card issuer’s card centre to resolve the issue.

  3. Thanks Malcolm. :)
    I think i have set it in Website Preference that they dont have to own a paypal account, but can pay with their credit card.
    But funny this only happen to certain customers recently. May i know how I exactly set on getting payment from customers who dont have paypal account?

Discussion Area - Leave a Comment