Online Security InformationOnline Security Information
Some people take online security for granted and assume that all systems developed will automatically meet with todays high standards insisted on by the Payment Card Industry and the Information Commissioners Office. Unfortunately this is far from the case with basic vulnerabilities being left open even on ecommerce systems as standard.Ensuring a Secure Website System
Ensuring your website systems are secure is essential not only to avoid potential fines but also for ongoing business sustainability: Would you ever use a website that is known to have had a publicised security breach?
Who Regulates Online Security?
There is currently not one organisation that is given the task of overseeing online security, the closest we have in the UK is the Information Commissioners Office a government organisation that enforces the UK Data Protection Act: Many companies do not realise that their ecommerce systems and websites collect consumer data and as such the company that owns the website needs to be listed on the UK Data Protection register, this is done directly with the Information Commissioners Office. Failure to comply with the UK Data Protection Act’s requirements can result in a fine of up to £500,000. For further Information please visit our page about the UK Data Protection Act
All website systems that collect and pass data should do so on pages protected by an SSL Certificate (Secure Socket Layer Certificate). Consumers are encouraged to check that a website has an SSL Certificate prior to using any form of Credit / Payment Card by banks, online experts and press, ensuring your website system not only has a valid SSL Certificate but has one that is produced to a high standard should be part of best practice for any company wishing to trade on line. Not all website providers offer SSL Certificates as standard so confirming any system you are thinking of commissioning will have one and the level it will operate at is essential. We provide further information about SSL certificates and how to check on our SSL Certificates page.
Ecommerce Security takes several forms, from ensuring the software used and the systems do not have known vulnerabilities is a basic starting point, moving through to more advanced server security requirements and secure processing of payment card data. Ensuring interfacing with your chosen payment gateway is completed in a manor to exclude the introduction of known vulnerabilities and flawed processing and data capture methods. With the insistence of meeting Payment card Industry Data Security Standards to allow your business to process online payments trouble free not only protects your customers but your business long term. Business Internet Consultant is able to provide you with a consultancy service to ensure any development you are considering meets the highest level of security from day one. For further information about Ecommerce security and the minimum standards we recommend for best practice see our e-commerce security page, you will find easy to follow understandable advice and instructions. All companies we recommend meet and exceed these requirements and believe in the high best practice values we preach.
PCI DSS Compliance
PCI DSS Compliance or Payment Card Industry Data Security Standards Compliance to give it it’s official title! This is a set of standards laid out by the Payment Card Industry (Visa, Mastercard, American Express, Discovery and JCB) to ensure the protection of payment card data. These standards cover trading in the following methods – Online, Telephone, Mail Order & Traditional Point of Sale. Effectively if your business has a breach in compliance that results in a loss and your organisation does not meet PCI DSS compliance standards your business will be fined and potentially have the ability to take payment via Credit or Debit card removed. Fines relating to breaches that have resulted in losses caused by non compliance can be life changing and often result in the business ceasing trading. Meeting PCI DSS compliance requirements are not difficult as long as the system being specified and supplied is engineered to comply from the beginning. It is not the providing website system suppliers responsibility to comply, the emphasis is clearly laid at the feet of the merchant account holder (The Website Owner) and as such due diligence is required to ensure these requirements are met and exceeded. Business Internet Consultant offers several ways to check and ensure protection against a non compliance breech. Further information can be found here
CMS Website Security
Content Management Systems are often forgot about in relation to security as most do not collect payments or consumer details but in some circumstances the website will collect consumer data through enquiry forms or have other features or functions that store personal information. In these instances the website will need to store this information securely and even pass this data under an SSL certificate. If consumer data is not stored securely then a breach in data security can occur and your business then becomes liable under the UK Data Protection Act. In recent cases breaches of security have cost the company involved £50,000 in fines. For further information in relation to CMS Website Security visit our dedicated CMS Website Security Section.
Please complete the form below if you can complete as much information as possible this will allow us to direct your enquiry more efficiently.
Online Security Information
Online Security Information Some people take online security for granted and assume that all systems developed will automatically meet with todays high standards