‘Tis the season for scammers – so providing secure commerce capabilities to customers is high on the list of small retailers
By their nature, small retailers don’t have the skills, expertise or infrastructure to provide their own eCommerce capabilities. Knowing that, the key to providing secure commerce capabilities to their customers is using well-known (large) providers that have the staff, resources and understanding that security is fundamental to their online business. Retailers should stay away from small, boutique providers that use proprietary, non-standard or 3rd party solutions.
Larger providers are much more likely to have the security infrastructure – such as, protections for virus, malware, snooping, denial of service – as well as commerce infrastructure options – such as VPS services – and the IT capabilities (24×7 monitoring, intrusion detection, DLP services) to provide the umbrella of protection they need and can’t provide themselves.
Specific items that small retailers should ask about from the ecommerce site provider:
Are all files checked for virus and malware before being uploaded to their portal?
Is their site host scanned for intrusion attempts 24×7? Are they alerted if there is suspicious activity?
Do they have regular security audits performed of the ecommerce infrastructure against standards such as ISO 27002 and PCI DSS?
Are there SLAs for critical characteristics such as uptime, monitoring & business continuity?
Is the website scanned for common theft/fraud issues like SQL injection, XSS and session hijacking?
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.