PrintReports of holes in companies' e-commerce systems could convince even the most rational person that thieves are prowling every corner of the Web, waiting to steal victims' credit card numbers, personal data and other sensitive information.
But as any Internet security expert will tell you, e-commerce is actually much more secure than real-world commerce. When you leave your credit card receipt on a restaurant table or give your credit card number to a telephone operator, you're accepting the risk that things you didn't order might appear on next month's bill. Yet when you enter a credit card number on a reputable e-commerce site, you're sending it over a secure connection to a server that's accessible only to authorized personnel and protected against even the most determined intruders.
Yet in the world of e-commerce, perception matters just as much as reality. Small businesses often outsource their e-commerce systems, and many small business owners don't know or care about e-commerce security technology. When your customers start to ask questions, however, it's best to know the answers before they take their business elsewhere.
Here are a few of the most frequently asked e-commerce security questions. This list isn't complete by any means, but it's a good start.
Can cyber thieves intercept a customer's credit card number on the Web?
A properly configured e-commerce system makes it almost impossible to steal a customer's credit card number. The customer's browser uses a secure connection to encrypt their credit card number and other information before it's sent; this data will remain encrypted once it's on the merchant's server. Even if thieves intercept this encrypted data, they have no way to read it. What about the flaws in e-commerce systems that are reported by the media?
These are real problems, sometimes serious enough to compromise an e-commerce system. Almost all of these flaws, however, involve obscure, extremely advanced technical knowledge. Most of them, in fact, are discovered by computer researchers who report the problems to software companies even before they appear in the press. A reputable e-commerce hosting firm will carefully track the latest bugs and security flaws, and they'll fix potential problems before an intruder has the chance to exploit them.
Does that mean that e-commerce sites might not always fix these security flaws or even know they exist?
That might be true — computer security requires constant vigilance, and administrators must know about potential problems and ways to fix them. That's why it's important for a business to use a reputable, experienced hosting service or e-commerce provider. Small firms don't have the expertise to handle these problems on their own, and running a do-it-yourself e-commerce server invites trouble.
What happens if someone does steal a customer's credit card number?
All major credit card companies provide the same consumer protection they offer with brick and mortar transactions. In most cases, this means the consumer is liable for no more than $50 as long as they report the unauthorized use in a timely manner. The consequences can be far worse for the business from which the number was stolen — such incidents can ruin a company's reputation and possibly expose it to legal liability. This is another good reason why you should entrust your company's e-commerce system to a reputable provider with a solid track record.
