7 ways to protect your ecommerce site from fraud, hacking and copycats

Ecommerce business owners and cybersecurity experts discuss how you can protect your online store, especially during the holiday season.

ecommerce woes2
Credit: Thinkstock

Setting up an ecommerce site is easy these days. Keeping your site safe from hacking, fraud and copycats, not so much. And as small business owners know all too well, one major breach – or too many charge backs or someone stealing your business name or copying your products – could mean the end of your business.

[ Related: 8 keys to ecommerce success ]

Here are seven ways small ecommerce business owners can protect their online stores from hacking, fraud and/or copycats.

1. Trademark your company name and logo

“The most important tip for business owners to protect their site and brand is to ensure [their] name is clear for use as a trademark,” says Sonia Lakhany, trademark attorney, Lakhany Law. “Too many entrepreneurs mistakenly think that because a domain name is available or that they were able to form an LLC or corporation with their local Secretary of State that their business name or brand is available as a trademark.”

But that is not the case. To ensure that no one else can use your company name and logo, you need to trademark them. “This is an entirely separate process that must be done through a trademark attorney [or by going through the United States Patent and Trademark Office],” she says. “Registering the name as a trademark also protects against future copiers, infringers, knockoffs, etc. who [may] try to steal or capitalize upon [your] brand.”

“I suggest all small businesses register a trademark for their business name and any product that could possibly be copied by a competitor or Chinese manufacturer [as soon as they start doing business],” says Jon Jones, founder, Organic Aromas. “We trademarked our business, and last month when a Chinese seller copied not just our products but all of our ad copy and marketing content, we were able to hit him with a cease-and-desist [letter] because our name and our products [were] protected by law.”

2. Use a trusted ecommerce platform

“Building your store on a Software-as-a-Service platform like BigCommerce or Shopify [or Magento] means that you are paying [for] people [to help you] build [and] host your store [as well as] take care of problems like security,” says Kalon Wiggins, CEO, Epic Design Labs. “A good [ecommerce provider] will constantly monitor all stores on their platform for security issues and deploy solutions as problems are found behind the scenes to take care of [any] security [issues] before [they] become a [problem].”

3. Use HTTP with SSL = HTTPS

“Secure Sockets Layer [SSL] is the standard security technology for establishing an encrypted link between a web server and a browser,” says Kai Armstrong, ecommerce product manager, Hostway. “This link ensures that all data passed between the web server and browsers remain private and integral. SSLs are vitally important to ecommerce transactions, helping to ensure sensitive financial and personal information is protected throughout the purchase process, while building trust for your online store and giving shoppers additional peace of mind,” he says.

Moreover, “Open source nonprofit initiatives like Let’s Encrypt offer free certificates,” says Sara Hicks, CEO, Reaction Commerce. So there’s no excuse not to get one. “And don’t let your SSL certificate expire,” she adds.

HTTP over SSL is known as HTTPS and offers more security (encryption).

However, “a surprising number of websites still don’t support HTTPS,” says Marc Laliberte, information security threat analyst, WatchGuard Technologies. “HTTPS protects your customers and your business from sniffing and impersonation attacks.”

For an even higher level of security, he recommends enabling HTTP Strict Transport Security (HSTS). “HSTS tells web browsers to automatically redirect HTTP requests to HTTPS and prevents users from overriding invalid certificate warnings. This reduces the possibility of fraudulent modifications to your user’s web requests and helps to prevent man-in-the-middle attacks.”

4. Make sure your site is PCI DSS compliant

“If you’re processing online payments, you’ll need to make sure your site is PCI DSS compliant,” says Hicks. “Fortunately, many payment integrators, like Stripe or Braintree, encrypt and store credit card info for you, so none of the critical payment data is stored on your side.”

5. Keep your site updated

“Unpatched applications and extensions will make your ecommerce site an easy target,” says Laliberte. “Hackers love low-hanging fruit and often use automated web crawlers to look for sites with unpatched applications. Keeping your website and backend software updated with the latest security patches is the single biggest (and often simplest) step a small business can take towards stopping an attack.”

1 2 Page 1
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.