Keeping Card Swipers At Bay
As a subscriber to the Sucuri blog, came across this today. By Ben Martin, it's packed with loads of useful info. It's relevant to anyone who's running an e-commerce site based on the WordPress platform. It does however skip one important item.
One of the best ways to protect yourself is to force all transactions off-site and have them be handled directly by your merchant service provider. That's called SIM ("server integration method"). Total techie babble, yeah I know. Another name coined by a nerd in the name of bafflement. But the idea isn't complicated. So here's the gist.
Do not process credit cards yourself on your own website. Have your MSP take care of everything.
Now, there are advantages to keeping transactions on-site. It's a little more user-friendly. You keep the customer inside the highly designed envelope of your own carefully branded website. It's just classier.
If you are set on doing it that way, I agree with Ben Martin. You should have an enterprise firewall with threat monitoring. I also agree with him that his own company, Sucuri, does a great job with all of that, for a very reasonable price. Full disclosure here: I am a longtime Sucuri customer and a Sucuri fan.
I will go one step further and say that - even if you are using SIM - the firewall is still a prudent investment. The reason is, any website which features a store will draw malefactors like moths to a flame. For a relatively small annual fee, the firewall brings invaluable peace of mind.
Read Ben's full post here.