Cyber security store

Users of the Google Chrome browser have recently been informed whether the connection to the server of the website they are visiting is secure. On this occasion, Shoper reminds the security rules for e-commerce.

Warnings about unencrypted connections to servers of sites that require logging in or providing a payment card number in Chrome are another step in the long-term changes led by Google to make HTTPS more widespread and thus safer for Internet users. Sites with the encrypted protocol have also been given higher priority in the Bing search engine and Mozilla Firefox browser for several years. Google does not rule out that in the future an additional warning sign - a red triangle with an exclamation point - will appear next to the addresses of sites with unencrypted connections.

S for Security, S for SSL

HTTPS is an encrypted version of the HTTP protocol, which is one of the primary methods of sending data over the network. The letter S at the end of the acronym comes from the English word secure and indicates that the information sent is encrypted with a cryptographic key. This allows data sent from an Internet user's computer to a server to remain confidential. An additional security feature in the form of an SSL (Secure Socket Layer) certificate is standard on websites that require login and sensitive data. Moreover, now Google, among others, wants sites that do not require data to be encrypted as well. - A certificate for a store is no longer an option, but an obligation. E-customers check before buying whether the site is secure, and if they don't see a green padlock, they abandon the transaction. If they see a red warning icon next to the site's address, they will leave the unsafe site as soon as possible, notes Tomasz Tybon, director of marketing and sales at Dreamcommerce, provider of Shoper ready-to-use online store software. - Sellers should also remember that the certificate needs to be renewed. It's easier to remember this when the SSL is purchased together with the software, in which case renewing the licenses of both elements is done simultaneously, he adds.

Secure data collection

The use of encryption and additional security measures is also enforced by regulations on the collection and storage of personal data. According to the Law on the Protection of Personal Data, collected data should be adequately protected against "access to unauthorized persons, taking by an unauthorized person, processing in violation of the Act, alteration, loss, damage or destruction." GIODO, where the database should be registered, recommends using SSL as part of the security policy. It is also worth recalling that information about what data the store requires from the customer, how it will be stored and secured, for what purpose it will be used and to whom it will be shared, should be made available to customers on the store's website in the Terms and Conditions or Privacy Policy documents.

Proven hosting and e-commerce platform

To protect customer data, it is necessary to use proven services. - When choosing an online store software provider or a hosting provider, you need to pay attention to the security features they offer. The hosting service can also be purchased together with the software. Such an option is offered by Shoper, for example. Then the provider is responsible for the security of the dedicated hosting. It is also on his side to update the system, and often it is the lack of the latest version that creates an opportunity for a cybercriminal to break in through a vulnerability in the software, Tomasz Tybon recommends.