Chetu – Custom Software Development CompanySearch blackphone blackcross black

10 Ways to Improve Your eCommerce Store's Security

By: Ronald Dod

Request A Consult

Here's where we're going if you want to jump ahead:

Every business should put in extra effort to make their sites, information stores, and data as secure as possible. This is especially important for eCommerce brands dealing with a wealth of customer information and transaction data.

Creating the most secure shopping experience isn't a one-off sweep once your store goes live. Security should have a regular maintenance and inspection routine, with additional inspections around platform patches, plugin upgrades, and, ideally, any changes to the code—no matter how small.

The cost of missing even a seemingly minor issue can be significant.

Data breaches aren't limited to major brands. According to Trustwave, 90% of breaches target and impact small merchants.

Large brands that get hit can see costs as high as $4 million per breach. Small business owners aren't hit quite so hard; on average, their cost is $37,000 for a data breach.

Those fees begin to stack up as they come in from multiple angles:

That last examination alone can cost anywhere from $20k to $50k.

Then there are the non-monetary costs from a breach, including lost trust, customers who terminate their relationship, and the impact on your brand's reputation.

brand trust after security breach

Proactively addressing some key security issues is the only way to mitigate risk, protect customer data, and reduce the potential for losses.

1. Take better control of your passwords.

According to a survey from Harris Interactive, "59% of brands admit to reusing passwords because it is too hard to remember them." In addition, 54% of Americans agree that their password habits are poor and need to change.

Never reuse the same passwords across your internal systems, especially where there are public-facing logins and, especially, not for administrative accounts.

It's best to generate a unique password for each of your systems, and then set up a schedule for updating passwords.

You can also use a password manager to generate passwords from an encrypted vault where your sites are only accessed locally and only with a master password. This ensures a unique password is generated for every site.

2. Encrypt your entire store.

The old approach to encryption for eCommerce was to use SSL encryption for the checkout experience. Changes have already been made to promote higher security in websites; a recent update from Chrome aims to make browsing more secure for its users.

security update from chrome before and after

Customers will be served a security warning on any site/page that attempts to gather customer data, such as with a form, as long as those pages are not encrypted.

Platforms like Shopify are now using SSL site-wide, across every one of its customer sites and every page within.

3. Configure two-factor authentication.

SaaS platforms for eCommerce and other business verticals are widely adopting and recommending the use of two-factor authentication to improve security.

With two-factor authentication, even with a compromised password you'll be required to provide additional information and login confirmation via another channel, such as email, SMS, or even phone.

Set this up in your eCommerce platform like Shopify, on your social accounts, and on any other business app you may be using—especially if it's installed on a mobile device.

4. Don't trust native security.

Depending on the platform you use, you may want to beef up security with additional plugins. While WooCommerce and other platforms like Magento provide easy-setup eCommerce, they don't always offer the best native security.

If you're running a CMS-based platform like WordPress/WooCommerce, look for top-recommended security plugins that fill the gaps where native security was thin.

Platforms like Shopify and BigCommerce tend to be more secure, but there are still security plugins you can use to reinforce that security.

5. Help customers be more secure.

While customer security is somewhat out of your control in regards to how they protect themselves, you can take extra steps to help them.

Two-factor authentication can be offered for customers to keep their accounts secure. You should also consider requiring stricter password parameters, such as requiring a number, a capital letter, and a symbol within their password.

example of password parameters

Last, brands often integrate with trusted social platforms to allow customers faster and more convenient access. If you integrate social logins in this manner, you're leveraging the security of some major incumbent brands.

6. Keep redundant backups.

It can be incredibly frustrating to suffer a data breach where additional damage is also done to your digital infrastructure.

Shopify backup

In some cases, hackers may even maliciously destroy or wipe data. By maintaining redundant backups on a daily basis, you dramatically reduce the damage associated with a hacker and any subsequent data loss. Once the breach has been addressed, you can restore from your most recent backup and focus on getting back to business while further improving security.

7. Never store credit card data.

In order to be PCI-compliant, most modern eCommerce platforms don't—and cannot—store passwords. Payments are processed through an external trusted payment processor. Some brands, however, offer options for offline credit processing, where card and consumer data get stored.

storing consumer data

Note the example plugin above that allows credit card information to be stored and sent via email. This is an unsafe practice you should absolutely avoid.

Storing customer and credit card data exposes you and your customer's information, with subsequent great risk. Simply put, never store customer credit card data in any form.

You should pursue Payment Card Industry Data Security Standard accreditation (PCI DSS). In order to get this accreditation, your site must complete an audit and be found to follow a number of standards, including:

8. Use a card processor with address and card verification.

The more fraud detection tools you have available, the less likely you are to have chargebacks or have customers taken advantage of if their personal information is stolen and attempts to purchase are made with your store.

Enable an address verification system (AVS), and require the card verification value (CVV) for credit card transactions to reduce fraudulent charges. You can further tighten security, here, by requiring a partial or complete address and zip code match during checkout.

9. Set up alerts.

If your payment processor allows for it, you should configure alerts using a number of variables to trigger the alert. These could include:

Here's an example of fraud indicators from Shopify:

list of fraud indicators

With alerts, you can get notifications when these events occur and even set up payment processing rules to halt the charge and suspend the order until it's manually approved.

10. Perform routine PCI scans.

Proactive security inspections help you catch issues before they cost you customers and revenue. Regardless of how reputable your eCommerce platform host is, you should perform regular quarterly PCI scans. These scans identify risks and vulnerabilities that could leave your store open to hacks and the injection of malware and viruses. Last, as part of your routine scans, check for updates and patches for your platform—pay special attention to security enhancements.

A few extra hours adjusting your code with a developer today could save you tens of thousands of dollars down the road.


Maintaining a secure site doesn't entail a significant amount of work unless you identify a major risk or potential threat. For the most part, the proactive steps mentioned in this article require little more than routine maintenance and monitoring to ensure your business, as well as your customers, stay protected.

About the Author


Ronald Dod is the CMO and Co-founder at, an eCommerce-focused marketing agency.


Chetu does not affect the opinion of this article. Any mention of a specific software, company or individual does not constitute an endorsement from either party unless otherwise specified. This blog should not be construed as legal advice.

Founded in 2000, Chetu is a global software development service provider, offering solutions and support services. Chetu's specialized technology and industry experts serve startups, SMBs, and Fortune 500 companies with an unparalleled software delivery model suited to the needs of the client. Chetu's one-stop-shop model spans the entire software technology spectrum. Headquartered in Plantation, Florida, Chetu has fourteen locations throughout the U.S. and abroad.

Suggested Reading

graphic with division choosing between Magento community edition vs enterprise edition

Magento Community vs. Magento Enterprise: Which is Right for your Business?

Read More
The Ultimate Guide to Custom BigCommerce Checkout

The Ultimate Guide to Custom BigCommerce Checkout

Read More
Main Hero


Read More

Privacy Policy | Legal Policy | Careers | Sitemap | Referral | Contact Us

Copyright © 2000-2024 Chetu Inc. All Rights Reserved.

Button to scroll to top

By continuing to use this website, you agree to our cookie policy. GOT IT