Have you ever been searching for a specific product online (like that hot pair of shoes in your quickly-sold-out size), only to finally find the item on a website that looks a little cheesy? I know that when I land on a site that looks kind of homemade I hesitate to whip out the credit card. It’s hard to tell just by looks whether it’s safe to buy. But just because a site has a slick web 2.0 design doesn’t mean that it is any more secure than the cluttered one with the neon typeface on a dark background that makes you see spots when you look away.
We turned to David Mead, a Product Development Engineer at EMBARQ Business Security Solutions for some background on how shopping cart security works, plus steps for business owners to make sure that their carts are secure and their customers are confident buying from them. He also gave us some tips for when we are on the buying end of the cart.
First of all, how do shopping carts work?
An online store involves several pieces that need to work together.
First, there is the web host, or server space where the website and files are stored and made accessible.
Second is the shopping cart functionality. In a simple sense, the shopping cart component is what allows the user to search and purchase selections and stores then in a ‘cart’ or ‘bucket’ until the user is ready to check out. Typically, the shopping cart functionality also includes the mechanisms for the user to check out, get a total, figure shipping and put in their personal information.
The secure piece typically comes during check out with a SSL or Secured Socket Layer certificate. This is what makes “http” into “https.” The SSL provides for secure communication and transmission of the customers personal information (including credit card data) back to the server or payment processing gateway.
Third is the credit card gateway. Once the personal information is entered and submitted, additional things need to be secured. Most shopping carts do not have a credit card gateway built in, which is the thing that actually validates and charges the credit card. The gateway is kind of the equivalent of the payment system in a physical store after you swipe your card. Some online stores will actually store your cc information in a back end database and some smaller merchants will even then access that info, including credit card info and type it in to their physical credit card machine.
From the point where the personal information is entered, to wherever it is transferred, to however it is stored — it all needs to be secured. An SSL will typically take care of most of that (assuming the merchant is using a reputable credit card processor, which they probably are).
What’s the best way to make sure your cart is secure?
Use a secure shopping cart software
Sometimes shopping cart software has the security built in, and sometimes it doesn’t. The majority of big hosters like godaddy are offering ecommerce or shopping cart functionality that is pretty secure. They tend to have offer shopping cart products and a business can buy all of the secured pieces they need right there.