Skip to content

Security Recommendations

Making payments online can save a lot of time and effort. But, there is a bunch of risks associated with online payments, and it’s crucial to recognise these risks and to make sure your clients can trust you with their payment data.

Warning

If you see anything suspicious, the checkout page looks weird, or you detect anomalies in your transaction processing - reach out to us immediately. Let’s fight against fraud together.

Why is web security important

Your website is your brand, your online storefront, and the first contact with clients. It is your identity. If it is not secure, business relationships can be compromised, and a single security breach can be a death-knell for your company.

The threats can come in many forms:

  • Infecting a website with malware to spread that malware to site visitors
  • Stealing customer information like names, email addresses, credit card and other transaction information
  • Adding the website to a botnet of infected sites
  • Hijacking or crashing the site

Security breaches may not only harm your users, but it also affects you and your business. Breaches often come with huge fines, penalties and other costs. Your business can be only successful if you build up trust and a vital relationship with your consumers. Even if a security breach at a small business website doesn’t trigger a data breach, it can still have an immense impact on customer trust.

The main reason people don’t lock up their website is the lack of awareness of the risks and consequences. Many wrongly believe that small business is too trivial to be noticed by hackers. But most of the hackers use automated tools to find vulnerable sites, and they don’t differentiate small and enterprise businesses.

Be prepared now: threats and attacks are everywhere.

General security guidelines

  • Keep your PaymentsTrust software up to date and always install the latest patches
  • Scan for security problems regularly if a scanner is available (such as MageReport for Magento)
  • Keep up to date all your software in use (operating system, web servers, frameworks, plugins etc)
  • Limit the number of user accounts to the PaymentsTrust portal with admin access rights to as few as possible.
  • Delete accounts for employees or contractors that no longer work for you (and also delete any unknown accounts)
  • Don’t share the same account between users (so that is possible to track who has worked with it if something happens)
  • Use strong passwords (10 characters at least)
  • Enable two-factor authentication (anywhere it is available)
  • Enable logging of actions in the software
  • Monitor accounts for suspicious activities
  • Use trusted payments providers