+31 10-7607070
Sell Website  Login
Nederlands
  • Online Business for Sale
  • Services
    • Services of Ecquisition.com
    • How does it work?
    • Business Valuation
    • Web store scans
    • FAQ
    • Rates
    • Marketplace Software
  • Knowledge Base
    • Introduction
    • Business valuation
    • Finance
    • Legal
    • Marketing
    • Acquisition process
    • Technology
  • About us
    • About Ecquisition.com
    • Introduction
    • Our Partners
    • Contact
    • Terms & Conditions
Inloggen
Webshop verkopen

security of your webshop and customer data

  1. Home ›
  2. Knowledge Base ›
  3. Security of your web store and customer data ›
Ben Koppenens Door: Ben Koppenens
Techniek & Platform

Security of your Website and Customer Data

Security & Privacy are valued by customers and there are also legal requirements for implementing it. In a previous article I wrote about the requirements for using a secure connection (SSL) for at least all transaction and personal data. This article covers the different types of data that you usually store as an ecommerce website owner and the requirements for storing this data safely. The European law says:
"The owner undertakes appropriate technical and organizational measures to protect personal data against loss or any form of unlawful processing. These measures, taking into account the state of the technology and the cost of implementation, provide an adequate level of security in view of the risks involving the processing and nature of data to be protected. "
This requirement is quite vague and general, but in short terms it means that the data must be stored "sufficiently secure".

Different types of data

Most data that you store as a site owner you don't  want it ending up in the hands of someone else. That applies to all written (SEO) texts to product descriptions and images. In addition, your site also collects data from visitors and customers. In addition to protecting this data from loss (backups!), you must also adequately protect this data against abuse and leaks. Due to software errors and / or hackers, this data can be obtained by others, which should be avoided as much as possible. There are legal requirements for this security and these differ between the types of data.

Personal data (& accounts)

These include: Name, Address, Zipcode / City and Date of Birth. If your store uses accounts (login option),  the passwords are also personal: These are also a popular target for hackers so they must be sufficiently secured (hashed).  Also check if there are no logs where (accidentally) these passwords are stored in original form (un-encrypted). Some recent leaks involved these kind of 'raw logs' which were exposed. Ask your developer about it!

Payment Details

Most e-commerce sites will use a payment provider to handle payments. Usually, the consumer first selects a payment method and then proceeds to a website of this payment provider where the data is entered. I think it's the best choice not to store bank account numbers or similar data yourself: it's usually not necessary and very sensitive information. The same goes for Credit Card data. And make sure that your credentials with your payment provider (Mollie, Targetpay, Internetbox, etc.) are protected; use 2-factor-authentication where possible.

Email addresses

Often you have a newsletter and manage a newsletter list of recipients. Besides that you can subscribe your clients as well (after permission!). Make sure that this data, along with your login details, remain secure. Email addresses are a popular prey for spammers and are also characterized as 'personal data'.

Security

Some aspects of web store data security.

Physical

The physical security takes place in the data center where your site is located. With almost all major hosting providers around the world, this security quite high. Only authorized people can reach the servers at the data center. Because of the many online hack possibilities, this form of unauthorized (physical) access is not really a problem if you run a website without extra high risk. (It would only be an issue for banks, payment service providers and really big corporations)

Database

If you develop your website (think of WooCommerce, Magento, etc.),  the developer often has access to the database. For many systems, this access is necessary or useful during development and installation (for example, via phpMyAdmin software). Make sure this access is well protected and removed/blocked after you go into production. If access is no longer required: delete the (development) users.

Access / Users

Your employees or fulfilment agencies will need to be able to log in to the back office for processing orders. Create accounts with as few rights as possible: so that users can only see the data that is strictly necessary for their role. Provide new passwords every now and then, and block employee accounts after the employee has left (don not use generic accounts like 'report', 'shipment' and share them). Only use personal accounts (no company-wide account), so users can block and can often see what someone else has done. In Europe (GDPR) it is also required that from every change which is made in personal data, the employee, time, date and change is logged. 

Software

The biggest problem with data leaks is the software used. For an open source package, there are many ways to keep the software up-to-date. Therefore, always check the updates of the software you are using. And that's not just "Wordpress" itself but also all plugins, themes, and server software (apache, mysql, phpmyadmin etc.). If you don't have enough skills for this, you cannot provide adequate security and you need to hire a specialist to do so.

When Selling your Website

In case of a business sale (a whole company changes shareholders), all of the above data remains within the company, and requires little contractual effort. However, for example, it is important for buyers to be sure which (part of a) address file gives permission for email (opt-in).

If you acquire a web store through an asset transaction, then transferring becomes more complicated. The customer information (including personal information), opt-in addresses etc. must be transferred from one company to another. The former owner must then carefully remove this information from his company (except minimal required info for the tax authorities). 

How it works
  • Free application
  • Manual processing
  • Personal contact
  • Live for 20.000+ buyers
  • Your business sold!

Latest profiles

Online business in heating systems
Webshop in verwarming systemen te koop. O.a. vloerverwarming, radiatoren en installatiemateriaal. B2C en B2B. Zeer sterk...
Lees meer
Website builder
Website builder platform te koop. Inkomen via abonnementen. Goede online zichtbaarheid; bezoekers 100% organisch. Veel t...
Lees meer
Online business in wine
Webshop in kwaliteitswijnen uit Italië. Meer dan 100 verschillende wijnen. Import voornamelijk van kleine producenten. ...
Lees meer
Online business in clothing brand
Webshop in uniek kledingmerk voor vrouwen en kinderen. Mix van vrouwelijke en stoere stijl. Verkoop van zowel kledingmer...
Lees meer
Online business in party clothes
Webshop te koop in feestkleding. De onderneming beschikt over uitstekende marktposities en groeit jaarlijks met dubbele ...
Lees meer

Contact

Address
Burg. Haspelslaan 13
1181 NB Amstelveen
Nederland
Call me
Tel: 020-2184499
E-mail: contact@webshopovername.nl


 

© Copyright 2021   Affiliates Terms and Conditions Privacy policy

Inloggen

×


 
Forgot password | register
Bedankt voor uw aanmelding

Sluiten
×

Register as seller

Already an account? Login here
   
Step (1/2)
Cancel 
Full Membership:
Upgrade your account to a full membership.:
75% Discount

1 Year

588,- 149,-

  • Reply to all profiles
  • Account verification
  • All website details

1 Month

49,-

  • Reply to all profiles
  • Account verification
  • All website details

One profile

29,-

  • Reply to 1 profile
  • Account verification
  • All website details
All amounts are ex VAT. Memberships won’t be renewed automatically. You will receive an invoice and can pay by Credit Card, Paypal or Bank Transfer.