Your merchant service provider must be able to show that your data is as safe as possible from digital or physical intrusion by outsiders, fellow customers and rogue employees.
You need to be confident that you and your provider have appropriate controls in place, including –
If you are going to process client information such as personal and credit card data through your website, it is mandatory to have a Secure Sockets Layer SSL certificate installed. SSL is the standard security technology for establishing an encrypted link between your e-commerce server and your customer's browser.
Handling Security Incidents
The merchant service provider you choose must be easy to contact (e.g. by telephone and email) with requests for support, and able to respond to security incidents promptly. Similarly, your provider must establish a means of securely contacting you (or your delegate) about any incidents that may affect your data.
The maximum acceptable response time should be included in your Service Level Agreement (SLA) with the provider.
When choosing an online merchant service provider, consider its data backup protocols.
The frequency of backups depends on the method being used, and what is being backed up. Things that don't change often don't need to be backed up often, but a reasonable minimum is every 24 hours. Increasing or decreasing the frequency should be driven by the number of transactions your business can afford to lose.
Case Study - Leonie Smith, 'The Cyber Safety Lady'
Leonie Smith, 'The Cyber Safety Lady', says that once you establish your own database of contacts and subscribers, it is important to protect this valuable resource: "You also should back it up, so download a copy of it onto your own computer so that it could never be lost if anything happens [to your website or social media presence]."
If your business involves online ordering with immediate dispatch of products, you may want backups to run more frequently than once per day. On the other hand, if your business processes orders weekly in a 'batch mode', you would most likely be covered by weekly backups completed just prior to the weekly run.
ACCAN recommends that you also back-up your own data using an alternate cloud service, or on an easily accessible external hard disk that you control, to protect against a cloud system failure of any sort.