Is Your Web Site Secure Enough to Take Credit Card Orders?

Too often the hobbyist web master will develop an e-commerce web site without the knowledge needed to make it secure. This is putting online consumers in an unfair (and unsafe!) situation. Just because a web site advertises that it is secure, doesn't necessarily make it so. There are very few web site owners that would intentionally put their customers at risk. It is generally a case of the web site owner thinking his site is secure, when it really isn't.

Generally, you are safe to assume that big corporate web sites are safe for online ordering purposes. They have too much to lose to leave any security risks. Yes, these sites can be hacked...but it isn't likely. The public should be more concerned about the hundreds of thousands of small potato business web sites that are being created by the web hobbyist.

So, how can you make sure that your site is credit card friendly?

The number one mistake that web site owners make, when accepting credit cards online, is having orders e-mailed to themselves. This is an extremely risky way to receive credit card information. These e-mailed credit card numbers can be intercepted and copied.

Many people believe that if you put a web page order form on a secure page, beginning with https://, that the credit card information is safe. This is correct if you have the credit card numbers sent and stored in a secure database environment. This is ABSOLUTELY INCORRECT if those credit card numbers are sent via unencrypted e-mail. Even a hacker with limited knowledge of security issues can harvest credit card numbers from unencrypted e-mail messages.

Another common mistake is to publish an online order form on a non-secure page. If you place an online credit card order, look at the web site address on the page that requests your credit card information. Normally you will be notified that you are about to be transferred to a secure site, and a closed padlock will appear at the bottom of your browser screen. The web site address MUST begin with https:// and NOT http:// if it is secure.

Consumers: Never place a credit card order on a page that doesn't start with https://.
Web site Owners: Never place an order form, that asks for credit card numbers, on a page that doesn't start with https://. If you are unsure how to do this, contact the company that hosts your web site. They can probably help you set this up.

Protect your customers, build a secure site or have one built for you!
The easiest and safest method, for the average person, to build an e-commerce site is to find pre-packaged e-commerce solutions. Pre-installed shopping cart systems usually have a user-friendly control panel that allows the site owner to add/remove/change products without any knowledge of programming. Editing can usually be done by filling out a few online forms via your web browser.

Next, find out which merchant/bank account/online payment processing companies can integrate with that shopping cart system. The major benefit of integrating a bank/merchant account/payment processing company with a shopping cart is that the site owner is not involved in handling credit card transactions. Generally, the order information (less the credit card numbers) are e-mailed to the web site owner and the credit card numbers are sent, securely, to the processing company. A processing company charges the customers' credit card and then gets the actual payment to the site owners' bank account. This is the most secure method for accepting credit card orders online.