This article was updated on July 6, 2018.
When you decide to invest in an e-commerce website, security should be one of your top concerns. Thankfully, there are a variety of steps you can take to help ensure that your business and customer data are protected. Perhaps most importantly, you should confirm that your service provider is taking the necessary e-commerce security precautions.
Here are three questions you should ask a potential provider before agreeing to work with them.
Who Can View My Information?
Understanding who can see and access confidential data is crucial. As such, you should verify which controls and monitoring capabilities a potential provider has in place to prevent unauthorized viewing, copying or emailing of customer information.
You should also find out how much control you have over your own data before you outsource to a third party. This discussion will help you to set boundaries with your provider in terms of data access, control and ownership.
Do You Adhere to the Payment Card Industry Data Security Standard (PCI DSS)?
All businesses that transmit, process or store cardholder data are required to abide by the PCI DSS. This standard protects the cardholder by ensuring that the personal information he or she inputs when making a purchase on a website or at a point-of-sale machine is not misused.
The PCI DSS helps minimize risks to businesses and customers, so it's crucial to ensure that your e-commerce provider is keeping up with this standard. "Even though you outsource, you still have the responsibility, as the merchant, to make sure that the payment processing company is PCI-compliant, and to check every year that they continue to be PCI-compliant," Jeff VanSickel, senior consultant at IT security consultancy SystemExperts, told Intelligent Defense.
Which Encryption Policies Do You Use?
To help ensure that your confidential data is protected while it is stored and during transfers, you should ask potential e-commerce providers to demonstrate their data encryption policies and any other security and detection procedures that they have in place to prevent certain security incidents, such as data breaches. By making sure that a provider has all the relevant and necessary certifications, you can evaluate whether their policies and procedures are helping to mitigate risks and meeting your specific industry's compliance standards, such as the Health Insurance Portability and Accountability Act (HIPAA).
It can also be helpful to ask your provider about any past involvement with security breaches and how they have handled these situations. This discussion will give you more insight on their data protection policies and incident response procedures.
By asking these three questions, you can gain valuable information that will help you determine whether a particular service provider is committed to e-commerce security.