Online payments involve security issues which is why there are PCI DSS services for compliance which are designed to avoid improper credit card data storage or transmission. However, if you are not storing credit card details on your server or online store, there are other best practices to adopt.
I have been in the e-commerce software industry since 2005. From my observation of many shopping cart softwares our there, open source or proprietary ones, I identified a few common mistakes made by e-commerce software providers and owners of shopping cart softwares themselves. If you are about to run an online store soon, verify if you can do the following with your shopping cart softwares:
a) Change default URL to Store Admin Panel
Ensure that the page to log into your store control panel is not easily guessed. For example, a default Magento store installation has the login to the control panel at http://www.yourdomain.com/admin/
Do you notice the word “admin” is used in the URL and it is easily guessed even by a school kid? If possible, hiding this “door” from “thieves” greatly reduces intrusion into your store which contains sensitive information.
The advantage of Magento shopping cart is that you can change from “admin” to something else during installation. Prestashop forces you to rename the path after installation or you will not be allowed to login at /admin/
b) Username and password to your store admin panel
Do not use usernames which are easily remembered. For example, “admin”, your domain name or your name. As for password, your password should be at least alpha-numeric. Password such as “123456″ is easily cracked. It is also recommended you regularly change your password. In case you forget your password, most shopping cart softwares have a “forget password” retriever.
If you shopping cart provider doesn’t allow the above, look for other providers or open source shopping cart softwares.