A surprising number of small businesses avoid E-commerce because they believe credit card information submitted via the Internet can be easily compromised. Nothing could be farther from the truth. In fact, if your E-commerce is properly implemented by a skilled developer, your customers are safer using an online interface than they are handing their card over to the staff at their local coffee-shop.
The greatest vulnerability in the payment process – handing a credit card to another person – is eliminated entirely under the automated payment processing model used in secure E-commerce. Payment gateway services like Authorize.net directly capture your customers’ credit card information. This means that their payment information never resides on your web site at any time, which in turn means that an unauthorized administrative login or a data security breach of your site can never expose your customers to fraudulent charges on their accounts.
Of course, in order to take advantage of this extraordinary security, your site has to be designed to use secure automated payments. That sounds like a no-brainer, but over the years I’ve come across an unsettling number of small business web sites that have no secure features on them at all. They have no security certificate, so credit card information is transmitted unencrypted and ‘in the open’. They keep the credit card information in a database on their web server and use the information to run a manual charge to the account using their point-of-sale system.
Not surprisingly, these unsecured web stores seldom see much in the way of sales. Online shoppers are increasingly security-aware and few of them, if any, will type in their credit card information unless they see that little security ‘lock’ icon appear at the bottom of their browser window.
Maintaining credit card information of any kind on your web server is a grave financial liability for your business. It violates the Payment Card Industry Data Security Standard (PCI-DSS), and probably violates the terms of service with your hosting provider as well. For many businesses and small web sites the extra expense of a gateway account (in addition to their point-of-sale account) can be a nuisance. But when you consider that a single compromised credit card number could cost your business thousands of dollars, $20 a month or so looks like very cheap insurance.