4 security considerations for online store payments

In this post, we look at four security considerations that must guide the development of an online store if a suitable level of quality is to be achieved.
Published on
May 5, 2021
Author
Category
Finance & Fintech

Buying online was an everyday occurrence long before the COVID-19 pandemic broke out, but the compelling need for non-essential retail stores to close down tipped the balance even more in favourof ecommerce. There are now many people throughout the world who rely on online retail for supplies, not just frivolous purchases of clothing items or consumer electronics goods, and it’s placing the matter of cybersecurity into harsher light.

After all, issues with online payments can seem relatively trivial when you’re dealing with small orders of items that aren’t strictly necessary — but when you’re talking about vulnerable people (often with limited budgets) receiving food and other necessities, there’s a pressing need to ensure that such issues don’t arise in the first place.

Given today’s design standards and user expectations, having a weak payment system will soon sully a brand and disincline visitors to risk their hard-earned money. In this post, we’re going to look at four security considerations that must guide the development of a modern online store if a suitable level of quality is to be achieved. 

Human hand using phone to shop online with credit card

Ensuring that linked systems are protected

Safeguarding a payment process in isolation simply isn’t enough to prevent fraud. This is due to the modular nature of online stores. Data is shared between different parts for ease of use, and this means that any segment of a store system with high-level permissions can serve as a point of vulnerability. One weak link in the chain is all that’s needed to render it insecure.

The simplest way to avoid such points of insecurity is to use a fully-featured store CMS with all its components based in the cloud and regular automatic updates. A wide-reaching platform with a native payment gateway — Shopify, for instance — makes for an easy choice, because you can feel assured that all the component parts will combine perfectly.

But then there’s the matter of plugins (or extensions, or add-ons, depending on the system). The use of plugins is extremely common in ecommerce, with sellers eager to make their stores easier to use or simply more attractive, yet each plugin constitutes a fresh point of weakness. One poorly-optimized plugin can allow malicious actors to gain access to an entire system. The best thing to do is limit plugin use, using only those plugins that can be properly vetted.

Balancing authentication with convenience

We live in the era of biometrics, with smartphone ownership being incredibly common and fingerprint readers (plus facial recognition systems) appearing on many such devices. Notably, this sets a precedent that must be kept in mind. Users now know the ease of getting near-instant (yet secure) access to their devices — and they expect similar ease online.

This doesn’t mean that online stores should (or could) store biometrics data. That’s something that most people wouldn’t accept. Instead, it means they need to be very careful with how they handle their authentication systems. They need to be secure, preventing unauthorized users from somehow gaining access, but without slowing things down too much.

Leaning on smartphone and browser storage is the way to go. Users can keep their card details stored locally under their main logins, then submit them when needed following suitable local authentication (confirming CVCs — Card Verification Codes — or using biometrics-secured logins). You must also think about which gateways you’ll support. The more gateways you offer, the better the user experience will be, but the more security issues you’ll need to address.

Complying with all relevant data regulations

The implementation of the GDPR — General Data Protection Regulation — back in 2018 heralded a significant change in how most people view the storage and processing of private data. Though it only technically applies to companies based in the EU or with customers based in the EU, it’s had influence throughout the world through setting a powerful precedent (and playing a large role in backing Open Banking).

Accordingly, one of the core concerns when managing online payments must be ensuring that the underlying systems are fully compliant with all relevant regulations and user expectations. The perception of impropriety is a serious threat. Even in the event that it’s entirely legal to store and process data in a certain way, there’s no guarantee that customers will find it acceptable.

And given the immense influence that negative customer comments routed through social media can have (often leaving brand images utterly devastated), it’s mission-critical that you not only store and use data responsibly but also make your actions abundantly clear. Providing and promoting a comprehensive breakdown of your data policy will be a key step.

Keeping shoppers apprised of best practices

Lastly, there’s a security concern that gets overlooked far too often, and that’s the behaviour of the customers. Online sellers can focus entirely on keeping their systems secured and fail to consider how easily something like social engineering (Tripwire has more on this) can compromise user accounts and lead to fraudulent transactions.

Any contention that a store owner shouldn’t much care about such transactions is a non-starter for two reasons. Firstly, those transactions will ultimately be contested, leading to chargebacks and lost money. Secondly, the customers who see their accounts compromised will be less likely to return. That you weren’t at fault won’t really matter: they won’t be able to visit your store without thinking of their bad experiences.

In addition to providing some key suggestions in the support section of your site, you should have some relevant advice for those who reach out to you for assistance, and promote good security practices through your blog and marketing emails. Remind your customers to change their passwords on a semi-regular basis (you can even require this for good measure), choose sensible account-recovery terms, and keep their login details safe.

Wrap

To compete in this time of online retail effectively serving as a utility, every ecommerce store owner must take payment security extremely seriously. Keeping the aforementioned security concerns in mind while configuring a store will make it markedly easier to produce a setup that’s suitably robust, leading to better performance and happier customers.

Get detailed insights into your customer's financial behaviours

Discover how the simplified DirectID process can cut the normal application time from 7 days down to 1 hour and provide you with enriched data insights about your customers to enable you to make smart credit and risk decisions.

Latest posts

Showing 0 results

Advanced credit & risk insights

Affordability

Assess how much your customer can afford to repay. Use enriched data to identify income, and fixed vs flexibile spend.

Affordability

Assess how much your customer can afford to repay. Use enriched data to identify income, and fixed vs flexibile spend.

Income verification

Verify your customer's income across all income streams, whether it's salaried wages, freelance earnings or benefits.

Categorisation & classification

Cut through the noise of a bank statement and understand how and where your customers spend their money.

Emerging financial distress

Identify emerging financial distress to enable early intervention before your customer defaults.

SME financial health

See the balance trend of an SME’s accounts with a view on income, stability and fluctuations. View the money a business earns, spends and saves on a regular basis.

What our customers say

Testimonials - Fintech X Webflow Template

DirectID began working with Target at the beginning of 2020 to provide open banking data for their new Mortgage Hub. It is the first digital mortgage platform to be designed from the ground up, and the first to use open banking data as the backbone for customer experience.

Global vehicle manufacturer

Automotive financing

Testimonials - Fintech X Webflow Template

DirectID began working with Target at the beginning of 2020 to provide open banking data for their new Mortgage Hub. It is the first digital mortgage platform to be designed from the ground up, and the first to use open banking data as the backbone for customer experience.

Shieldpay

Multi-award winning payment platform. Designed for highly secure & efficient transactions. Trusted by over 100 law firms, lenders and professional services.

Testimonials - Fintech X Webflow Template

DirectID began working with Target at the beginning of 2020 to provide open banking data for their new Mortgage Hub. It is the first digital mortgage platform to be designed from the ground up, and the first to use open banking data as the backbone for customer experience.

Target Group

A Tech Mahindra company and a leading business services provider in lending, investments and insurance, managing over £25bn+ assets.

Testimonials - Fintech X Webflow Template

DirectID began working with Target at the beginning of 2020 to provide open banking data for their new Mortgage Hub. It is the first digital mortgage platform to be designed from the ground up, and the first to use open banking data as the backbone for customer experience.

Best Egg

Consumer-lending platform developed by Marlette Holdings, Inc.

Testimonials - Fintech X Webflow Template

DirectID began working with Target at the beginning of 2020 to provide open banking data for their new Mortgage Hub. It is the first digital mortgage platform to be designed from the ground up, and the first to use open banking data as the backbone for customer experience.

Dana

A lending as a service provider using open banking to strengthen their credit scoring engine

Get started using open banking data

Talk with one of our specialists to find out more about using open banking data.

  • Demo of the guided customer consent journey

  • Walk through of our real-time data & insights

  • Coverage check in your markets

Frequently asked questions

Schedule a call
01

What is open banking and how does it work?

Open banking is the practice that allows people and businesses to share up to 12 months of transaction data. DirectID is regulated by the Financial Conduct Authority as an Account Information Service Provider (AISP) - the intermediary who safely facilitate this process.

02

What is transaction categorisation?

Transaction categorisation is the process of adding context to raw transaction data. The process gives you an understanding of what your customers' spend their money  and where.

03

How does bank account verification work?

Using the bank account verification API, DirectID matches the details provided from your customer to those on their account. We apply a set of sophisticated algorithms and rules to verify the name, and then tell you what does and does not match.

04

How do you verify income with open banking?

After a customer shares their data, DirectID identify recurring credits to the account and group these. Using an algorithm we identify the monthly income for each income stream. We then return the calculated income and confidence score to you.

Speak with one of our specialists