 Want to know how to make your online store safe for your customers? Find out here on The Journey. Now that we've moved our lives almost entirely online, every season is shopping season. And so is the opportunity for e-commerce site owners to grow their business and generate profit. And with opportunity comes great responsibility and the ever-growing importance of securing your website to protect your users and your website's revenue. Yeah, and the most important thing to keep in mind is that your online customers depend on you to protect their data. So as an e-commerce website owner, you're required to follow the PCI DSS compliance requirements. And these requirements are governed by major credit card companies to securely handle cardholder information. It's a good thing and you're obligated to follow them even if you don't process any payments yourself. Yeah, and while we've outlined some PCI requirements for your reference, it's important to keep in mind that PCI compliance violations aren't the only negative impact you can expect in the event of a compromise. Impacts of a hack can range from blacklisting by Google or other sites, loss of customer trust and bearing reputation, or even impacts to your website's traffic. And really to help, we've included number of steps that you can take to improve the security of your e-commerce website. That being said, this is not legal advice. There are many other additional laws, regulations, and guidelines that may or may not be related to your e-commerce website. So let's start with why is e-commerce security important? And I think the biggest reason is trust is the key to your online business. Getting blacklisted can be devastating for any e-commerce website. And if a security incident occurs, it can wreak havoc on traffic, revenue, and brand reputation. Under most circumstances, bad actors don't manually handpick websites to attack since this is very time consuming. But the majority of attacks against websites are automated and performed by bots who are looking for websites with known vulnerabilities. And these automated scripts, they make it easy for hackers to find websites, scan for vulnerabilities, and gain unauthorized access. And small web stores aren't exempt of this. And criminals are opportunists, and they'll target any accessible websites or server resources. Yeah, and on top of that, if a merchant is found to be non-compliant with PCI DSS, there are a number of penalties and consequences ranging from fines, loss of time, and an ability to process payments. The average cost of a data breach for a small business is about $86,500 with enterprise organization paying $4 million. So with that, let's talk about security principles for online stores. The methods you use to secure your e-commerce websites will depend on whether your website is managed or self-hosted. And for websites running managed stores like websites plus marketing and Squarespace, the server and all its software are proprietary, meaning you will not be held liable for security configurations, and you pay the service provider a monthly fee for this luxury. And if you're a self-hosted store, however, you'll want to pay close attention to the following recommendations. So with PCI, everything is about reducing the attack surface. And for an e-commerce site, this involves the car data environment, or CDE, the manner in which you handle credit cards on your site. Yeah, and even if you do leverage third-party services like Stripe, Recurly, PayPal, or another secure payment option, you have an obligation to follow the requirements as set forth by PCI DSS. Keeping your website's attack service as small as possible is a fundamental first step toward improving your security measures. This means reducing the number of different points that bad actors can enter or extract data from your environment. This can come in the form of insecure credentials, unpatched third-party components, plugins or extensions, software and CMS vulnerabilities, and even server configurations. And whenever you add new features or components to your website, you're also introducing potential for vulnerability, which may be exploited. Yeah, so consider every component you've added or want to add and ask yourself the following questions. Do you really need this plugin or component? Does the software vendor have a plan if a vulnerability is disclosed? Are there frequent patches or releases? And are software developers prioritizing security? That's a good one. Also ask, are there any new patches? Like, do you plan on monitoring and applying security updates as soon as they are released? And if a third-party component is your only option, leverage reputable sources with a track record of support and form activity. Ensuring that any of the updates that have been made recently, positive reviews and other credibility indicators that indicate it has not been neglected. But found some unused plugins, themes or other software on your website? Not using it? Then lose it, remove it, and you can help reduce your attack surface, making it more difficult for attackers to exploit any vulnerabilities. So now let's talk about PCI compliance and secure payments. If you operate an e-commerce site, PCI compliance is a requirement and compliance is not dictated by the volume of transactions or restricted solely to storage, transmission, and processing. It applies to any business that accepts credit cards. And many online stores use a reputable payment gateway to help process credit card payments and transactions. And while this can help you lift some PCI requirement, it doesn't mean you're off the hook entirely. So when you gain an understanding of what it takes to run a secure online store and embrace those principles, it offers peace of mind. You'll also gain confidence that your customer's data is safe and you're staying on the good side of any regulatory agencies that might drop by. And most importantly, taking steps to ensure that you're utilizing the best practices towards compliance are also good practices toward a great security posture. All right, that's a wrap. You just learned how to make your online store safe for your customers. Be sure to comment below and subscribe to our channel. And ring that bell so you're the first to know when we drop new episodes like these. This is The Journey. We'll see you next time.