How Well Do You Protect Your Customers’ Privacy?

Internet users have always been wary of providing personal and financial information online, but as the web has grown, so has the number of transactions, as well as the number of sites seeking orders for products or services. Customers have grown more accustomed to providing their information to many kinds of businesses, but privacy concerns continue to grow. In the wake of the recent concerns about privacy on Facebook, I wanted to focus on the privacy of e-commerce site customers as well.

Faceless Shopper

The last thing your business can afford is public recognition of lapses in privacy and security. But the concerns go far beyond customer perception as well. The emergence and growth of PCI Compliance puts a serious legal and financial burden on companies of all sizes to protect their customers’ credit cards and other financial information in an effort to prevent fraud.

If you haven’t performed a recent review of your practices relating to both privacy and security, now is a good time. And if you’ve never really given it much thought, please keep reading and then develop your own plan to maintain your customer’s valuable information.

The First Step: An SSL Certificate

SSL Certificate

An SSL certificate is essential to protect sensitive information as it is transmitted over the internet, such as when a form containing personal or financial information is submitted by a customer. SSL Certificates can be purchased from a number of providers, including Verisign, GeoTrust, Comodo, and many others. The SSL certificate is engaged when the web site is accessed with a URL beginning with “https” instead of “http”, encrypting both the request (submission of the form or requesting a web page via a URL) and response (the information that is sent back to the browser).

All sensitive information should be collected and presented on pages served over HTTPS using the SSL certificate. Customers often look to the “lock icon” in the corner of their browser window to ensure that a page asking for this information is secure.

Credit Card Information

The best thing you can do to protect customer’s credit card information is to NEVER store it in the first place. If your website uses a real-time payment gateway such as or Payflow, the customer’s credit card is passed through to the gateway, and charged or authorized for the sale, and typically doesn’t need to be stored on your server at all. Instead, reference or transaction numbers are stored in your system so that transactions can be reviewed and pre-authorizations can be captured. If your site or database gets compromised, there are no raw credit card numbers and expiration dates that can be stolen.

Credit cards

If you can’t use a real-time gateway for any reason, make sure you download the payment data over a secure connection (https over a browser, or sFTP instead or regular FTP). Then delete it from your web server as quickly as possible, as well as removing it from your local systems, once the payment has been processed. If you make efforts to delete the data regularly, then a breach of your web site will expose as few credit card numbers as possible (those that have been provided since you last deleted data).

The one thing you should never store in any capacity is the CVV number, also known by other acronyms including CVC, CVV2, and CID. This is the 3- or 4-digit number on the front or back of credit cards, separate from the actual credit card number, that is not embossed or raised and therefore doesn’t show up on a credit card imprint. Credit card companies such as VISA and MasterCard pose significant fines on merchants who violate the mandate to not store the CVV code, even if a breach has not occurred. You may also lose the ability to process credit card transactions in the future.

Customer Names and Addresses

Although not as fraught with concerns as issues with payment data, protecting customers identifying information, especially their home address, is still of ultimate importance. Customers often don’t want other people finding out their full names or their home address, or even their employer, due to concerns about identity theft. (The more information a potential identity thief collects, the more likely he can impersonate the victim).

All pages that refer to a customer’s account, full name, and address should be served over HTTPs, so that the SSL certificate encrypts the data being transmitted. Other pages such as order history are also recommended for SSL protection, especially if your products are sensitive – think medical supplies, prescriptions, adult items, etc.

You should also test your site’s account creation, log-in, and forgotten password functions. Make sure there are no security holes in these processes.

Think Carefully about Open-Source Software

Open-source shopping carts are growing in popularity, due to the low cost (often free) and the typically large developer/user communities surrounding them. However, in the case of software whose source code is available to the public, it’s often much easier for hackers to find and exploit holes. WordPress, arguably the most widely-used blogging platform, has had to issue numerous updates to patch security holes and bugs that were found by hackers. Shopping cart software is no less prone to problems, and the results of losing customers’ credit card numbers can be much worse than having your blog replaced by a defaced page (porn or not!)

Additionally, open-source software is often not subjected to the same compliance issues as software that is funded by sales instead of being free. For example, even Magento’s Community Version, the current golden child of the open-source shopping cart market, won’t be PA-DSS compliant…so unless you purchase the Enterprise Edition (which is not free!) you won’t meet this required standard.

Shared Information

Another area of your site to review includes searchable areas like gift registries, wishlists, and other kinds of customer lists (such as those Amazon allows customers to create and share). For example, when a person searches your gift registry, does your site return too much information about matching records? If you display first and last name, city, and state, it could be too much information to maintain customers’ privacy. Limit the information to as little as possible, while still allowing gift shoppers to recognize the person they are shopping for.

Limit Employee Access

You should also limit your employee’s access to customer and payment information only to those people who need to access it to perform their jobs. Employees come and go, sometimes under contentious circumstances. When an employee leaves the company, delete his or her account or change its password so that the former employee can no longer access the information. Also, encourage (or enforce) employees to use strong passwords and to periodically change them to protect their accounts from unauthorized access.

Many shopping carts and accounting systems allow you to configure user accounts to access only certain parts of the application. Often, you can allow your web developers, customer service representatives, and other employees to access the necessary parts of your system without giving them access to customer records and payment details.

Application Integration and Data Sharing

Data Sharing

When sharing data between your cart and other applications (such as accounting systems, CRM systems, even a mailing list application), don’t transfer more data than necessary. Your mailing list doesn’t need the customer’s credit card information – not even the last four digits. So why bother? If it’s not needed, don’t keep it there. Don’t download data you don’t need into Excel and keep it on your hard drive either. And be very careful to make sure you don’t email credit card information to anyone! It’s surprising how many retailers and developers aren’t conditioned or informed about the risks of emailing sensitive data.

Review Your Database

Look at how your shopping cart stores customer records and allows forgotten passwords to be retrieved. Are your customers’ passwords encrypted before being stored in your database? Are passwords mailed in plain-text, where anyone with a packet sniffer can intercept them? Or do you email the customer a password reset link sent instead? Can site administrators see the old password or just reset it to a new one?

Communicate the Good

Finally, it’s also good to spell out the details of how you maintain customer privacy in a detailed Privacy Policy on your site. Most sites link to their privacy policy from their footer. But also consider hitting the highlights in a few bullet points in a more conspicuous place, perhaps on the view cart page, or the page where customers enter their credit card number. Add a “View our Complete Privacy Policy” link below it for customers who want to read all the nitty-gritty details.

The larger and more visible your company grows, the more important it becomes for you to deal with these issues BEFORE you a breach occurs. When it makes sense financially to do so, consider online services such as McAfee Secure or ControlScan, and later, consider hiring a company that specializes in website and computer security services. The peace of mind, and lack of future problems, will likely make it worth every penny.

Share This Post

Find us on Facebook

Follow us on Google+


  1. Great post Susan.

    All though not directly tied to data two big areas I see as problems is shared SSLs and two a lesser degree shared servers.

    Shared SSLs cause the customer to leave your domain/site which is never a great thing.

    Shared servers mean you are sharing the hardware; which means there is a backdoor most of the time.

  2. Hi All,

    I have a WS08-1 TS that several of our customers use.

    Problem: with Windows Explorer (not IE), they can browse
    to the C: drive, click on “users” and see the names of all the
    other users (a list of our customers essentially).

    I need to protect the user’s privacy (their names) from everyone
    else. How do I make it so they only see their own name and
    none of the other user’s names?

    Many thanks,

  3. can anyone help me with the question I posted a week ago?

  4. Susan Petracco says:

    @Umbro England, you might have more luck on a Windows forum with your questions. Our readership tends to lean more toward web applications, not Windows servers. I personally don’t have the first clue on an answer. But good luck!

  5. I think customer security is the main task. Site having Ssl certificate and high bit subscription are good to get rid from this problem.

  6. I think customer security is the prime task of every entrepreneur. There should be all the transaction record confidential and only viewable for owners. Very nice post.

  7. Susan, it’s definitely a topic that all websites should take a serious look at, to try to patch up as many holes as possible in their current website to assure that all the customer’s privacy are met. At the same time though we should all be aware that no matter how secure a server may be, it is never 100% safe from hackers, bad-doeers, so thats why we just gotta make sure we are always on top of that!

    Till then,


  8. Thats great post. All e-shop owners should consider that topic. Even CRE loaded now issued a final version with advanced credit card security.
    My opinion, at least SSL certificate is “TO have”.

  9. DNS Server Hosting says:

    This is a great post, and it is definitely a great time of year to read it, since many sales go on this time of year. I hate that hackers and phishers have ruined everything for everyone, but there are always a few bad apples.

  10. Security is of paramount importance today. You simply can’t afford to lose customers sensitive information by not taking adequate measures in advance. Great rundown of things to know about security. I agree particularly about limiting employee access. They don’t have as much personal stake in the business so they might take a chance that you may not.

  11. Part of the reason that good ecommerce solutions cost so much is because they require the security. I have to explain this to clients all the time.

    • Great point Julian. Even Magento, probably the most popular free shopping cart software, doesn’t have PCI compliance in its free version. You have to pay for that level of security.

  12. Customer privacy is a very critical part of customer service. They need to know if you intend to use their information and make it available to other companies. Everything has to be transparent as much as possible when it comes to their personal information.

  13. Awesome post! In my opinion, aside from maintaining the privacy of the customers, this can also be a plus for online businesses because they can earn loyalty and trust from their customers eventually leading to increase sales.