1. Verify your web provider has an Attestation of Compliance (AoC).
When investigating how secure a site is, many people logically assume they can google that. And if you do, you'll find a whole list of automated security scans that boast they can assess your website for compliance and security. Unfortunately...these scans really can't deliver because they don't know enough about your site and servers to look at the right things. For example, these scans almost always indicate you're missing a software patch...but if you're server isn't running that software to start with, you definitely don't need any patches for it!
Instead of relying on an Automated Security Scan, ask your web provider to provide an Attestation of Compliance (AoC) certificate. This document certifies the provider's results of a Payment Card Industry Data Security Standard or PCI DSS assessment. This means they completed the necessary documentation to be properly and thoroughly assessed based on the software their systems actually use. The AoC is the ultimate document to prove your web providers have your back – you can always request to see the form if you are curious about your provider's security practices.
If you accept credit card data via your website, you need a current AoC. If anyone tells you otherwise...run the other direction!
2. Make sure credit card numbers are never transmitted by email. Whenever you receive a sale through your All Your Retail website, you're automatically alerted via email. But...that email never includes the customers' credit card information. Email is too easily intercepted and is not a secure method for transmitting this sensitive information.
3. Know where and how your customers' credit card numbers are stored. When retailers get an email alerting them to a new All Your Retail website sale, they're directed to login to their own secure digital backroom to see more information. This secure backroom is where all customer payment information is stored to facilitate the completion of transactions.
4. Make sure you can control and limit who has access to credit card information. Not only are credit card numbers stored in the separate and secure backroom of a retailer's All Your Retail website, store owners can control who on their staff has - and does not have - access to the backroom via powerful permissions control. You may want one employee to be able to access the All Your Retail App and control which items are in your clearance center...but you may not want that same employee to be able to access the backroom where credit card information is kept. With an All Your Retail website ...that's no problem.
5. Know how long credit card information is kept. Make sure your web provider is not keeping credit card information around for longer than necessary. Once an order is marked as complete in the secure backroom of your All Your Retail website, all but the last four digits of that consumer's credit card number (for reference) are purged entirely from the system within 48 hours. You can't steal what isn't there!
6. Ensure servers are kept in secure locations. In our digital world, secure locations require both physical and connectivity security. That's really only possible to achieve in facilities specifically designed for that purpose. All data collected via All Your Retail sites are routed and stored on servers in a high security data center. We can take you to visit our servers...but it will require passing a retina scan in a sally port to even step foot inside!
7. Only accept credit card information from consumers over HTTPS. Customers completing a purchase or submitting payment information during checkout are always doing so through a secure HTTPS link on every All Your Retail sites – no matter what level site a retailer has chosen. HTTPS encrypts and decrypts security-sensitive communications like the information transmitted from a shopper's computer to your website's server. Today, many browsers even warn consumers if the site they are on lacks the necessary Secure Sockets Layer (SSL) certificate to have an HTTPS link during sensitive activities. It looks like this...and can scare consumers away from buying from you: Example of a browser warning that a site is not secure.
Ask Questions! If you aren't an All Your Retail client use this information as a launch pad to have discussions about security and PCI Compliance with your current web provider.
If you are an All Your Retail client, rest assured your website and your customers' data is protected. You have the most secure website in the Industry.
Not an All Your Retail
website user yet?
There is no time to waste!
Contact us today to set up your website.