Is your website checkout experience really secure?

As a frequent online shopper, I am well-aware of and highly concerned with online security – especially at the checkout experience. Eventually, so are the thousands of hackers around the globe. Just take a quick look at what Identity Force had identified as the some of the most important breaches in 2016 from the around the world.

As a small business owner, it can be very difficult to thwart all of the attacks on your website. In fact, the more popular your software, the more likely you are to experience attacks. In 2016, 16,000 WordPress websites were hacked.

Of course there are important steps that you can take to make it that much harder for hackers to steal your data.

The other day, a friend of mine was shopping on a website called Butter London. Sure enough, she had asked me if I thought the website was safe to shop on. The first thing I did was ask if it was https or http in the browser? She replied http. I verified her findings and said NO GO!

Butter London

After our conversation, I was curious as to why any site in 2017 would not have https and not just on the checkout experience, especially considering Google security mandate, which they proposed a couple of years ago and have now implemented worldwide as of January 31 2017.  As of this date, any site without https will begin to see their organic ranking slowly decline in favor of sites with https being served first.

In the past, some ecommerce websites would use the outdated practice of only securing the checkout pages and leaving the catalog and non-checkout pages unsecure. There were two philosophies here:

A) Transactional Credit Card Data was not being captured on non-checkout pages
B) The processing time between HTTP and HTTPS was noticeable.

Checkout Experience - Security

Additionally, I noticed that the website was directing to a Netsuite hosted checkout page to secure its checkout experience. Keep in mind that a third party hosted checkout page in and of itself is not necessarily cause for concern. When you visit an online store, sometimes you will be directed to a reliable third party solution like PayPal to checkout your products. The third party solution will, many-a-times have a different URL than the ecommerce website.

The specific issue with this website was that the third party solution’s checkout experience was not fully secure. There are three types of symbols a customer will see on the checkout page. Referring to the below image, we clearly see that anything but the secure symbol indicates that some information could be stolen or seen by others during the transaction. It’s not something I would personally as a consumer want to take a chance with.

secure content


Lost Revenue For Business

Going back to my friend who was going to make a purchase on Butter London, she ended up making a $100 purchase on a different website.

If we were to total up the number of customers that decide on a daily basis not to purchase from a website that does not have a fully secure checkout experience, that one customer increases ten-fold. Lost business is the last thing you want as an entrepreneur!

Here are two methods for checkout to ensure your customers feel safer.

1. Third-Party Hosted Checkout Experience

While the above example uses Netsuite as a hosted checkout experience, it does not fully secure the page. Third party checkout options like PayPal, Google Checkout and Amazon Payments are are some of the better known systems that fully secure your customers credit card data.

For myself, if a vendor does not have a PayPal option, I immediately search Amazon for the same or similar product.  There are thousands of customers who will only purchase your products if you have a secure and reliable checkout solution like PayPal on your website.

2. Semi Integrated Payment Solution

If you need a more robust solution, yet still want to ensure your customers’ credit card data is secure, you can look into a third party billing solutions like ChargifyRecurly or a variety of other solutions on the market that provide a solid and secure checkout experience for your customers.

3. New TLS 2.0 Protocols

What happens on 30 June 2018?

30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. Here is what you need to do in order to stay prepared:

  • Migrate to a minimum of TLS 1.1, preferably TLS 1.2.
  • Patch TLS software against implementation vulnerabilities.Migrate to a minimum of TLS 1.1, preferably TLS 1.2.
  • Configure TLS securely.
  • Use PCI SSC resources.
  • Not sure where to begin? There is a pretty comprehensive guide listed here Or if you are already a customer with Alpha Beta Commerce, you are all set and our team has taken care of this for you.

    For your ecommerce business, you want to ensure customers have every reason to trust that their credit card and sensitive data is secured. Remember – Online or not, reputation is everything.

    If you like this article, please share it with your entrepreneur friends running e-commerce businesses!