Safety and Security
Nepbay uses a sophisticated object-orientated programming language. Our administration panel is inaccessible to attackers because it's only available on our internal network and completely removed from our public facing servers.Additionally, it has a secondary authentication that authenticates users with our internal Windows network.
We Use a secure connection for online checkout. We use strong SSL [Secure Sockets Layer] authentication for Web and data protection. SSL certificates are a must for transactions and to validate our credit cards we use a payment gateway that uses live address verification services right on our checkout," he says. "This prevents fraudulent purchases by comparing the address entered online to the address they have on file with their credit card company".
We Don't store sensitive data. There is no reason to store thousands of records on our customers, especially credit card numbers, expiration dates and CVV2 [card verification value] codes.
We Require strong passwords. While it is the responsibility of the retailer to keep customer information safe on the back-end, we can help customers help themselves by requiring a minimum number of characters and the use of symbols or numbers. Longer, more complex logins will make it harder for criminals to breach your site from the front-end.
We Layer your security. One of the best ways to keep your business safe from cybercriminals is layering your security. We start with firewalls, an essential aspect in stopping attackers before they can breach your network and gain access to your critical information. Next we add extra layers of security to the website and applications such as contact forms, login boxes and search queries. These measures will ensure that your ecommerce environment is protected from application-level attacks like SQL (Structured Query Language) injections and cross-site scripting (XSS)".
We Provide security training to employees. Employees need to know they should never email or text sensitive data or reveal private customer information in chat sessions as none of these communication methods is secure.
Employees also need to be educated on the laws and policies that affect customer data and be trained on the actions required to keep it safe. Finally we use strict written protocols and policies to reinforce and encourage employees to adhere to mandated security practices.
We Use tracking numbers for all orders. To combat chargeback fraud, we have tracking numbers for every order sent out.
We Monitor our site regularly--and make sure whoever is hosting it is, too. We Always try to have a real-time analytics tool. It's the real-world equivalent of installing security cameras in your shop. Tools like Woopra or Clicky allow you to observe how visitors are navigating and interacting with your website in real time, allowing you to detect fraudulent or suspicious behavior. With tools like these we even receive alerts on our phones when there is suspicious activity, allowing us to act quickly and prevent suspicious behavior from causing harm.
Perform regular PCI scans. Perform regular quarterly PCI scans through services like Trustwave to lessen the risk that your ecommerce platform is vulnerable to hacking attempts. If you're using third-party downloaded software like Magento or PrestaShop, stay on top of new versions with security enhancements. A few hours of development time today can potentially save your entire business in the future.
Patch your systems. Patch everything immediately--literally the day they release a new version. That includes the Web server itself, as well as other third-party code like Java, Python, Perl, WordPress and Joomla, which are favorite targets for attackers.
Breached sites are constantly found running a three-year-old version of PHP or ColdFusion from 2007. So it's critical you install patches on all software: Your Web apps, Xcart, OSCommerce, ZenCart and any of the others all need to be patched regularly.
Consider a fraud management service. "Fraud does happen. And for merchants, the best resolution is to make sure you are not holding the bag when it does," says Bob Egner, vice president of Product Management at EPiServer, a .NET content management and ecommerce product company. "Most credit card companies offer fraud management and chargeback management services. This is a practical approach to take because most security experts know there is no such thing as 100 percent safe."
Make sure you or whoever is hosting your site is backing it up--and has a disaster recovery plan. "Results from a recent study by Carbonite revealed businesses have big gaps in their data backup plans--putting them at risk for losing valuable information in the instance of power outage, hard drive failure or even a virus," says David Friend, CEO of Carbonite. So to make sure your site is properly protected, back it up regularly--or make sure your hosting service is doing so.