by | 21 Oct 2015

Payment Information is the eCommerce hot potato!

To provide the ultimate shopping experience and facilitate online transactions, some eCommerce sites are keeping the payment information data of their customers, for purchases they make using their debit cards. In this way, customers are not prompted to re-enter their payment information again for every new order. Is that a good idea? Discover in this article which payment information data can be kept and why.

Should I keep payment information data?

It is simple: hackers and identity thieves cannot steal what you don’t have.  First advice is to not collect or save any private customer data through your e-commerce solution that is not essential to your business.  This technique is called « data minimization » : keep the customer data a company needs for competitive advantage and purge the rest (What Customer Data Should You Keep–And Toss? Forbes).

Indeed, the only sensitive data that you want to avoid handling is your customers’ credit card number and CVC; other than that, you’re welcome to store any other information on your local machines. If your store allowed customers’ payment information to fall into hackers’ hands , you might have to pay tens of thousands of dollars in fees, fines, and damages (4 Ways to Improve Ecommerce Security for the Holidays, PracticalEcommerce).

According to a report released by IBM and the Ponemon Institute, the per-record cost of a data breach reached $154 in 2015, up 12 percent from last year’s $145.

Credit card payments should be handled by a separate company that specializes in credit cards. These companies are called “Credit Card Processors” and are often governed by the credit card companies themselves (Cybersource/Visa, Accertify/American Express, Datacash/Mastercard).

Is payment processor the best solution for eCommerce sites?

With a payment processor,  data goes directly from your customer browser to the processor, without dealing with your server. If your eCommerce website is vulnerable or breached, hackers will not be able to steal any payment information.

Many providers, including Authorize.Net, and PayPal, offer services that will allow you to off load payment information to them.  Leading eCommerce platforms such as Magento and Shopify support a whole host of payment gateways and processors. However, even with a payment processor, data will pass through your eCommerce platform. A cybersecurity solution should be a mandatory to protect your confidential customer data.

Conclusion on online payment processor

Payment processor is just a tiny brick to protect your customer data and keep your reputation safe. OZON is a cybersecurity solution designed for all major eCommerce platforms including PrestaShop, Magento and WooCommerce.  It detects vulnerabilities and malwares, protects against cyber-attacks and identifies fraudulent transactions. All these functions are performed in real time. Test OZON now : you will get a free trial offer for one month.