Simple Security Steps for Your Online Shop or Online Store

Online payments involve security issues which is why there are PCI DSS services for compliance which are designed to avoid improper credit card data storage or transmission. However, if you are not storing credit card details on your server or online store, there are other best practices to adopt.

I have been in the e-commerce software industry since 2005. From my observation of many shopping cart softwares our there, open source or proprietary ones, I identified a few common mistakes made by e-commerce software providers and owners of shopping cart softwares themselves. If you are about to run an online store soon, verify if you can do the following with your shopping cart softwares:

a) Change default URL to Store Admin Panel
Ensure that the page to log into your store control panel is not easily guessed. For example, a default Magento store installation has the login to the control panel at http://www.yourdomain.com/admin/

Do you notice the word “admin” is used in the URL and it is easily guessed even by a school kid? If possible, hiding this “door” from “thieves” greatly reduces intrusion into your store which contains sensitive information.

The advantage of Magento shopping cart is that you can change from “admin” to something else during installation. Prestashop forces you to rename the path after installation or you will not be allowed to login at /admin/

b) Username and password to your store admin panel
Do not use usernames which are easily remembered. For example, “admin”, your domain name or your name. As for password, your password should be at least alpha-numeric. Password such as “123456″ is easily cracked. It is also recommended you regularly change your password. In case you forget your password, most shopping cart softwares have a “forget password” retriever.

If you shopping cart provider doesn’t allow the above, look for other providers or open source shopping cart softwares.

3 Responses to “Simple Security Steps for Your Online Shop or Online Store”

  1. hi Malcolm,
    I have customers who are requesting to pay to my paypal account and it seemed that sometimes paypal had problem accepting the payment. It was usually due to HSBC and Citibank credit card. And when they try to register another paypal account, they are charge with RM1 and still couldn’t pass through the payment.
    Have you had any of this experience before?
    If you do, mind if you share. :)
    Thank you very much.

  2. Hi SD. No I don’t have such experience. Your customer will have to contact their card issuer’s card centre to resolve the issue.

  3. Thanks Malcolm. :)
    I think i have set it in Website Preference that they dont have to own a paypal account, but can pay with their credit card.
    But funny this only happen to certain customers recently. May i know how I exactly set on getting payment from customers who dont have paypal account?

Discussion Area - Leave a Comment