Ecommerce companies should make security a priority when constructing websites

Ecommerce companies should make security a priority when constructing websites

Data security online requires good decisions from shoppers, but it needs to start with the eCommerce businesses. Following PCI DSS guidelines and using SSL certificates needs to be a priority for companies looking to protect payment transactions on the internet.

Arab News asked one Saudi eCommerce company how it performs security, and the company said it now has improved SSL certificates and trustmarks, and plans to follow PCI compliance in 2012. Christian Beek, principal architect, IR and Forensics at Foundstore Services EMEA said security needs to be in depth for companies that accept online payments.

“Secure code design, filtering for characters, encryption of customer data and keeping credit card details separate from the user table in the database are some of the examples that must be considered,” Beek told the news source. “Vendors should have their online operations tested regularly by executing penetration tests. Actually, the security points mentioned by the Saudi online retailer should be the foundation of information security, which every company should have in place.”

The Saudi company's goal to meet PCI compliance standards and obtain SSL certificates is a growing trend among companies across the globe. Although eCommerce companies are responsible for keeping their customers' payment information safe, consumers play a role in their own safety as well. For example, web users should make sure to use different usernames and passwords for their online accounts to avoid one compromised login from putting all of their other accounts at risk.