Get All Access for $5/mo

How to Safeguard Online Shopping Transactions A secure credit-card transaction system can encourage shoppers to make purchases and help ensure that you stay in business.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

How to Safeguard Online Shopping Transactions

Security should be a top priority for every online entrepreneur with a shopping cart or an e-commerce ambition.

Giving shoppers confidence that their credit-card information and personal details will be safe in your hands can make them more apt to make a purchase and become a regular customer. Conversely, shoppers' deep-seated worries about fraud mean that if you give them reason for concern, they could back out of a purchase and stay away for good.

Security precautions also can save you money -- and maybe even preserve your business. The costs of a hack can be steep if credit-card information is stolen and you are at fault. Not only could you face huge clean-up expenses, angry customers and scary lawsuits, you also would likely face the wrath of the credit-card companies, which require merchants to abide by what's known as the Payment Card Industry (PCI) Data Security Standard. The card companies could fine you, force you to undergo expensive security audits or even bar you from accepting any plastic.

Related: Seven Ways to Whip Your Website into Shape

To both instill customer confidence and avoid the horrors of a data breach, experts say a locked down shopping cart system is essential. What's more, that system should not store any cardholder data. Hacks of these complex software programs are common, and you are a target even if you're tiny. For example, more than 80 percent of card data compromises investigated by Visa affect merchants that process fewer than 20,000 transactions a year.

"Secure shopping-cart systems are essential for maintaining the integrity of the payment process," says Ella Nevill, a spokeswoman for the PCI Security Standards Council, an organization formed by the five top credit card companies to develop the standards and educate the public about them. "Our mantra is, if you don't need it, don't store it. Small merchants should ensure that they or their service provider protect themselves and their customers by using software that does not store cardholder data or jeopardize their PCI security efforts."

Merchants who are not large enough to have their own technology staffs typically use "hosted" shopping carts, which offer built-in security, technical support, and automatic, free software updates and upgrades.

Related: How One Startup Streamlined and Stylized its Online Storefront

"They are easy to manage, so they are good for entry-level stores," says Kerry Watson, an author of books on e-commerce software.

There are hundreds of such managed service providers that can help you start using a shopping cart in which they, not you, take responsibility for security. Services popular with small businesses include Volusion, BigCommerce and Shopify, Watson says. Prices can range from $20 to several hundred dollars a month, depending on the volume of business you do.

When selecting a company, weigh security features carefully. The provider should not store any sensitive cardholder data and should provide defenses against hacker attacks and encryption of sensitive data as it travels across the Internet to your site and the credit-card payment processor.

If you have large numbers of items for sale and need more control and customization than a hosted service can offer, you may want to use licensed proprietary software or open-source software to set up your own cart. Some popular makers include OpenCart, CubeCart, xt:Commerce and OXID eSales, but there are many others. Prices can be as low as zero for open-source software or reach into the hundreds and beyond, Watson says. You will also need a technology staff or a service plan to handle the maintenance and security of your system.

Whatever type of shopping cart you use, it's wise to retain a third-party credit-card processor, rather than handle sensitive card data yourself. This means that when customers make purchases, they will temporarily leave your website and enter their card information on the processor's site. Then they will return to your site to finish their transaction.

Related: A Seven-Step Guide to Protecting Customer Privacy

If you don't have a crackerjack tech staff, "the best thing is to let somebody else process your credit-card transactions for you," says Edward S. Ferrara, a security and risk analyst at Forrester Research. Then, "you don't have to be an IT professional -- you can just be a merchant."

Many small e-tailers use services from Amazon, PayPal and Google Checkout to handle their transactions. Other services popular with small companies include CRE Secure, and Skrill Holdings, formerly known as Moneybookers.

If you want to process credit cards yourself, be prepared to spend significant amounts of time and money to jump through numerous PCI-standards hoops and maintain dedicated server equipment.

Whichever approach you take, make sure the software and services you use have been validated as PCI compliant and ask for evidence annually that they remain so.

"There's no one-size-fits-all approach here," Nevill says. "The most important thing is to be aware of the risks to cardholder data and to ask the right questions of your vendor or service provider."

After all, your business could depend on it.

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

This Mom Started a Side Hustle on Facebook — Now It Averages $14,000 a Month and She Can 'Work From a Resort in the Maldives'

Heather Freeman was searching for a way to make some extra cash — and her cousin gave her a great idea.

Starting a Business

He Turned His High School Science Fair Project Into a Product That Solves a $390 Billion Problem: 'This Has Not Been Done Before'

Vasya Tremsin was just 18 years old when he came up with the idea for outdoor fire sensor company Torch Sensors.

Starting a Business

How to Find the Right Programmers: A Brief Guideline for Startup Founders

For startup founders under a plethora of challenges like timing, investors and changing market demand, it is extremely hard to hire programmers who can deliver.

Side Hustle

This 26-Year-Old's Side Hustle That 'Anybody Can Do' Grew to Earn $170,000 a Month. Here's What Happened When I Tested It.

Stephen Alvarez was working at a dental supply company and following his passion for cars on the side — then an Instagram ad changed everything.

Business News

Why Does Taylor Swift Keep Stopping Her Shows Mid-Song? It's Actually a Great Lesson in Leadership.

Taylor Swift has paused nearly half of her shows while on the European leg of her Eras tour, and the reason is something leaders can learn from.