Reading time: 5 minutes

Providing secure online payment options can draw customers to your business’ website because of the convenience and accessibility. Online shopping is increasing in popularity, and you can take advantage of that by ensuring you provide the online payment options your customers want. However, you are dealing with sensitive financial information. Customers expect you to treat their sensitive data with care. Not only that, but the law also implies specific requirements when you deal with this kind of personal information. One of these requirements is to collect and store such details securely. Therefore, you need to take steps to ensure that you have a secure online payment process that aligns with your legal obligations. This article will go through four tips for creating a secure online payment process on your website, so that you can meet these requirements.

1. Research Your Options

Nowadays, your online store can take on many potential forms. You could collect online payments through:

Some store options will come with built-in methods for accepting customers’ payments online. For example, Shopify, a popular eCommerce platform, lets you accept customers’ credit card details using their service “Shopify Payments”.

What you need to do to secure your online payments will depend on the:

  • structure of the website you run;
  • level of control you have over the payment options; and
  • kinds of customer payments you accept.

If you sell on your own online store, work together with your bank to determine what payment gateways they support. They can help you determine which options provide the best value for your money and what kind of security you may need. Figure out what payment functions you want to offer your customers, and work from there.

For example, do you want to offer customers a shopping cart function that can store their purchases for a set period? The security concerns involved in this will differ from if you were only to offer a ‘buy now’ functionality.

2. Check Relevant Security Standards

If you operate on an eCommerce platform or online marketplace, they will primarily handle the details of managing online payment software securely. However, you still need to evaluate these options to ensure that they offer the security you want for your online payments. If you operate from your own system, then you are responsible for meeting security standards.

If you accept credit card payments, you should make sure any online payment system you use is PCI compliant. This means it complies with the global minimum security standard for credit payments, the Payment Card Industry Data Security Standard (PCI DSS). This standard operates on maintaining secure behaviours and systems to protect customers’ financial data adequately. These requirements include:

  • implementing a firewall to protect card data;
  • not using default passwords or log in credentials;
  • using and regularly updating anti-virus software;
  • encrypting the transmission of cardholder data and protecting stored data; and
  • regularly testing and monitoring networks.

3. Encrypt Your Connection

Encryption is a way of scrambling your information into a code that third parties cannot understand. Only a party with the relevant code can decode the data and read it. Any website page that deals with online payments should be encrypted, indicated by the lock icon next to your domain URL. This significantly reduces the risk of a cyberattack while customers are in the process of giving you their financial details. If you store customers’ financial details as well, ensure that you encrypt this data.

For example, you may allow customers to save their credit card details with your payment service for easy access later. This adds the responsibility of ensuring that this stored card data is also encrypted and secure.

No matter what kind of software or gateway you use for accepting online payments, ensure that it is up to date on any patches or security fixes. 

4. Develop a Response Strategy

One of the most crucial pieces of security is developing an incident response plan should there be a security breach. You need to implement secure preventative measures, but these can only ever lower a cybersecurity risk rather than eliminate it completely. Dealing with the fallout of a cyberattack will be significantly more manageable and less stressful if you have a predetermined plan to follow. Such a plan may include:

  • shutting down systems to prevent further leakage;
  • evaluating access points to determine where a breach occurred;
  • informing affected parties where appropriate; and
  • accessing backups for unaffected software and information.

Key Takeaways

As more and more customers turn to the Internet for their shopping needs, your business online presence will only continue to expand. Customers want to know that their sensitive financial details are secure, so you need to take steps to ensure you meet the appropriate standard. Privacy law also requires that you enact reasonable security measures for this kind of information. If you would like more information or help with your website’s online payments, contact LegalVision’s IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

How can I accept payments online?

There are various methods by which you can accept payments online. You can use a direct bank transfer service or accept customer credit card details through a payment gateway or service like PayPal.

What is a payment gateway?

A payment gateway is a virtual system designed for eCommerce that is a secure way to accept customer credit/debit card details. Examples include Stripe and Windcave.

What does PCI DSS stand for?

PCI DSS stands for Payment Card Industry Data Security Standard. This is a global standard for accepting credit card details, which specifies minimum security requirements for doing so.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards