Lock Down Web Site Security

The ongoing threats of spam, identity theft and data security breaches hang heavily in the air at the close of 2005. Headlines detailing these dangers have made sure your customers are more aware than ever of the perils of buying online.

In fact, 48 percent of Americans avoid making purchases on the Internet because they’re afraid their financial information may be stolen, according to a survey conducted earlier this year by the Cyber Security Industry Alliance.

So what’s a responsible online merchant to do? Following are tips to not only ensure your Web site adequately handles customers’ data, but also make it undeniably clear that buying from your site is safe.

1. Stay informed about privacy regulations. One of the biggest mistakes catalogers and online merchants routinely make is not keeping informed of privacy laws, says Ken Burke, CEO of MarketLive, a Petaluma, Calif.-based e-commerce technology and development company.

The regulatory environment is constantly changing, notes Burke, as state and federal laws attempt to keep up with the growth of e-commerce and the increasing number of data security breaches. Rich Alessi, director of information technology and managed services for MarketLive, points to the Payment Card Industry (PCI) data security standards that went into effect in June as an example of regulations on which catalogers must stay current. Alessi stresses the importance of annually reviewing such rules to keep up with changes.

Organizations such as the International Association of Privacy Professionals (www.privacyassociation.org), the Privacy Foundation, (www.privacyfoundation.org) and PrivacyExchange.org can be helpful resources in keeping up to date on privacy issues.

2. Look for intruders. Once you understand what’s expected of your Web site from a regulatory perspective, make technological improvements to your site, Alessi recommends. High on his list is an intruder detection system (IDS). A passive device that sits on your network and waits for abnormal behavior, an IDS works like an antivirus program, says Alessi. It looks for patterns known to be associated with security attacks and alerts you when it sees one happening, allowing you to take action.