eCommerce Websites and Small Businesses

eCommerce is exactly what it sounds like: putting traditional business commerce in an online arena. Businesses of all sizes have turned to eCommerce as a way of reaching more customers and increasing sales.

eCommerce can be great for small businesses – especially when their competitors are larger companies. But managing an eCommerce site within a small business can be tricky when you consider the regulatory complexities that accompany collecting payment information.

This month, we’ll focus on the ins and outs of eCommerce websites for small businesses – from PCI Compliance and user verification to cybersecurity tips, best practices and recommended service providers.

We’ve discussed how businesses have made the shift online to follow consumer trends. These trends show that convenience is the driving force behind the increase in online shopping.

In fact, more than half of consumers preferred to shop online, and nearly all consumers made at least one online purchase in 2017.

eCommerce websites can also help you achieve business goals that are not revenue-related. Establishing an online presence can help you appear in search results and expand your business’ geographical reach.

Having an eCommerce site means you will be collecting payment information from customers. Although it may seem obvious, this is an important differentiator from other types of business websites because it requires you to follow the Payment Card Industry’s Data Security Standards (PCI DSS).

Any business that collects payment information must be PCI compliant. These regulatory standards were created so that businesses properly handle, store and transmit sensitive payment information.

PCI Compliance is divided into two groups (Merchant or Service Provider), each with four levels. PCI Compliance level is based on how many card transactions are made within your company each year, with small business merchants falling into Level 3 or 4.

No business is exempt from complying with these security standards – regardless of size. The challenge for small businesses is that they often lack the proper in-house expertise to meet and maintain these regulatory standards.

The security risks that come with eCommerce websites – such as inefficient payment and user verification, bot attacks and data breaches – can put an end to your business before it even starts.

Convenience often overshadows proper security for both consumers and businesses alike. Let’s explore some ways that you can have both convenience and security when it comes to your eCommerce site.

Fraudsters know that eCommerce is preferred amongst consumers. In turn, identity thieves target online stores to steal personal and financial information, as well as make purchases with fraudulent or stolen cards.

eCommerce stores allow customers to make purchases without their physical cards. Consequently, Card Not Present fraud (CNP) has become a favored method amongst identity thieves to use stolen credit cards without being detected.

Malicious bots can also cause harm to your site and put your customers’ information at risk. Bots are often networks of connected devices used to gain access into accounts, test your site’s security and skew analytics.

Bots can be programmed to carry out many functions, but eCommerce user accounts are often prime targets. Distil Networks found that 97 percent of sites experienced bot attacks in 2017 – with malicious bots accounting for nearly 16 percent of all eCommerce web traffic.

“Brute force attacks,” or bots repeatedly entering login combinations until access is granted, can be especially risky for your customers if they save personal and financial information to their accounts. Once inside, identity thieves can use these bots to collect the sensitive information, or even lock users out of their own accounts.

eCommerce sites are especially targeted by cybercriminals in data breach and phishing scams because of the personal and payment information they hold. Again, this is where PCI compliance comes in to ensure that your site meets regulatory security standards.

Fraudsters may also indirectly attack your site by targeting your customers in phishing scams. Spoofed websites are created by identity thieves to replicate known brands and convince victims to give up personal and financial information.

Once again, small businesses face the budget dilemma: do it yourself, or pay to have it managed for you.

Implementing the proper security measures to protect your eCommerce website is key. However, configuring and managing firewalls, secure servers and encrypted files require the proper in-house expertise that many small businesses often lack.

What are your options? Larger companies with more robust IT, web development and security teams may opt to build their own eCommerce websites and payment gateways. But, building your own website without the sufficient knowledge and resources can leave room for security vulnerabilities, misconfiguration and non-compliance.

Thus, smaller companies may want to opt for a third-party service like Shopify, Wix, BrainTree or PayPal that will handle most of the work for you. These service providers offer free and paid services, and they can be integrated into your own site.