4 Ways To Tighten Your Store’s Security

Monday, July 23rd, 2007 2:24 pm | Articles, Security

Get updates via RSS RSS Feed    Digg This  


Security. Customers want it. You need to enforce it.

It goes without saying that your store should be using SSL to keep your customers’ details private. But there are several other things you can do to boost your store’s defences.

Here are four tips to help you do just that.

1. Make your passwords strong

The most common reason hackers break into systems is because they guess the passwords protecting them, not because of some secret backdoor.

Is your password your pets name? Or your street name? That’s a bad password and not very secure, because the information is easy to get hold of.

Make sure you choose a strong password (a combination of uppercase letters, lowercase letters, symbols and numbers) for your server, your database and your admin area.

Use a random password generator for the best results. Also, remember to change the passwords regularly.

2. Rename your admin folder

By default, anyone can access the login prompt for your store’s admin area, by browsing to yourstore.com/admin. Whilst this is not a security breach as such, it gets hackers one step closer to breaking into your system, especially if your password is weak (see point 1).

Rename the admin folder to some random combination of letters and numbers, and potential troublemakers won’t find it.

(I’m assuming you have put basic password protection on the admin directory via the htaccess file. If you haven’t even done this, then your store is WIDE open. Stop reading and sort it NOW.)

3. Don’t store credit card numbers (for a long time)

If the worst comes to the worst, and someone does break into your store, or database, the last thing you want is for them to get hold or your customers’ credit card details.

osCommerce doesn’t store these details by default, but several contributions let you capture them. If you do collect payment details, protect yourself and your customers by deleting the details (card number, CVV number, start and end date) right after processing their order.

Alternatively, use a third party payment gateway, who will handle the security issues for you. Although they take a large commission, they minimise your risk and you won’t be held responsible if the worst happens.

4. Only deliver to the card holder’s address

Sometimes people want you to send stuff to their friend, or their neighbour, or their long lost cousin from Mongolia as a ‘present’.

When ever the card information does not match the delivery address, you might want to investigate further. If a credit card is stolen, the thief obviously won’t be using the registered card address, and will want good delivered elsewhere.
I’m not saying 100% don’t dispatch to a secondary address, but do be wary. It’s a long drawn out, hit and miss, process to reclaim the money if you do get a fraudulent transaction.

Other signs of fraud include over friendly emails, strange sounding customer names, a small order followed by a larger one, or the person not caring about the specifics (what colour/model they getting), as long as the delivery is quick.

Summary

The above four tips are quick and fairly easy to implement. Some only take a few minutes, some may take a little longer, but all have great benefits.

Even if you only decide to try one or two of them, your store and your customers will be safer for it.

Enjoyed reading this post? Get more delivered directly to you.

Related Posts


Responses

  1. hi! another tips for a more safe oscommerce is… erase the “by oscommerce” because the people who wants to break into a osc they search on google with “by oscommerce” that’s a classic!


    AndreƩ | October 28th, 2008 at 7:37 pm

Reply

(required)

(will not be published) (required)