If your eCommerce store accepts payments online, your website and customers face inherent security threats on a daily basis. Among these, credit card fraud and identity theft are trends that continue to create the most challenging risks for online brands. Regardless of whether you have a nice looking site design or the most amazing products in your inventory, a customer won’t hesitate to leave your site if they don’t feel comfortable sharing their credit card information online.

According to Mayleen Bywater, senior product manager for security solutions at Vox Telecom, the most vulnerable actions during the shopping process occur during the login and checkout process. “On login, customers provide key personal information to create an account and on checkout, they provide their financial details. Together, these two online processes give the perpetrator enough information to damage both the business and consumer’s reputation,” says Mayleen.

When developing a risk management strategy, it’s important that eCommerce business owners prioritise secure payment processing and the protection of customers’ sensitive data. This article, written in collaboration with PayU, provides effective tips that will help online retailers ensure a safe online payment environment is applied to their business.

Use a PCI compliant payment gateway

Payment Card Industry Data Security Standards (PCI DSS) compliance requires that all businesses accepting online payments follow a set of industry standards created to safeguard consumers from fraudulent online activities during and after a payment process. Committing to the best online safety practices includes the use of firewalls, the protection of cardholder data, installing and updating anti-virus software and anti-spyware, among others. Online brands can enforce these industry safety standards when they choose a payment gateway that is already in compliance with PCI standards. When signing up with a well-respected payment gateway service, the business will benefit from across-the-board guidance in PCI compliance such as security checks, educational resources, and customer support.

Use token encryption where you need to collect client sensitive data

When a customer enters their debit or credit card information online the data should, by default, be collected through a process of tokenisation. Through 128-bit encryption, the credit card information is transformed into a custom token when it reaches the payment gateway, meaning that payment data is never revealed and is stored safely. As the customer completes the transaction, the system only saves the token and a symbolic representation of the credit card number, which appears as ************1111.

Update your systems regularly

Continuous checks should be performed to ensure that the website security is up to standard. These checks should be performed on every page and system software that collect data. The biggest risk comes from links that pull information from other systems; therefore it’s important to have frequent security updates on these programmes. Operating system patches normally address the security bugs in the website and most business owners delay this essential process until there is a breach. While updates normally occur automatically, it’s best to manually check for and install the latest version of any software that is running on your website.

Create an online security policy for your business

Draw up policies and processes to manage and enforce compliance related to storing and using consumer information. These guidelines will help the business establish well-defined lines of responsibilities when it comes to online security. They are usually achieved by displaying a privacy policy and terms of use page on your website. The privacy policy discloses how your business handles users’ personal data and can help give your customers the assurance that their information is protected. The terms of service can be applied to limit the liability of your eCommerce site when customers agree to the security provisions for making an online purchase.


The ability to collect and store sensitive data is the lifeblood of eCommerce websites. Without active data protection solutions to curb security breaches, retailers and their customers become attractive targets for cyber criminals. As online shopping continues to grow in popularity in South Africa, a secure payment environment has become imperative to ensure customers feel confident when making purchases online.