E-commerce requirement: an infrastructure of trust
There is a relationship of trust inherent between publisher and reader in the process of purchasing print subscriptions and other traditional forms of content – because people are comfortable with the process that is in place.
However, even if your consumers trust you as a company, they don’t necessarily trust the process of e-commerce, especially if you’re new to the game. In order to be successful with an e-commerce initiative, you must build on your existing relationship of trust by providing an infrastructure that adheres to current security standards and helps your audience feel at ease buying products from your website.
Simply put: You want to give the customer confidence in your online purchasing process. Here’s what you need.
Basic security means you offer a secure shopping cart, which requires these steps:
- Acquire an SSL certificate as evidence of SSL encryption, which creates secure transmission of information to the server and back.
- Post a clear and accessible privacy/security policy.
- Ensure that you have a built-in secure payment gateway or that you use a reputable company with secure payment gateway capabilities.
- Deliver your pages under https.
PCI compliance is the hallmark of a reliable and secure e-commerce site. The Payment Card Industry (PCI) Data Security Standard is a joint initiative of Visa, Mastercard, Discover and American Express. In response to the growing severity of credit card theft, PCI-DSS was created with the goal of protecting cardholder data wherever it may reside. PCI is an industry-wide standard for credit card security that must be followed by both merchants and providers.
What you should know about PCI compliance:
- If you sell online and accept credit cards, you MUST be PCI-compliant.
- If you are using a hosted solution, your provider must beCardholder Information Security Program (CISP) certified and be on Visa’s approved list. Ask your provider to show proof of certification.
- CISP certification is intended to protect Visa cardholder data – wherever it resides – ensuring that members, merchants, and service providers maintain the highest information security standard. CISP certification provides the assurance to customers that their account information is safe.
- Non-compliant merchants risk lawsuits that can result in up to $10,000 in monthly fines, up to $500,000 in fines (per incident) and/or losing the ability to process transactions altogether.
A robust infrastructure
Your website infrastructure should build on PCI compliance to ensure speed, scalability and further reliability. A good provider will utilize state-of-the art systems, thoughtful processes and redundant hardware that can “fail over” to other working hardware if a problem is detected. Since generating revenue is your main priority, slow page draws and downtime translates directly into lost revenue.
A trustworthy infrastructure runs quickly, is always available and can be updated without business interruption. Here’s a checklist of functionality you should have to ensure that your site runs quickly and is always available, and that your data can be recovered in the event of an outage:
- Clustered database and application servers
- High-availability and failover environments
- Integrated mobile site delivery
- Robust caching
- Data center redundancy
- Bandwidth diversity/multiple internet uplinks
- Annual audit by an independent third party
- Regular near-line backups and daily off-site backup
- On-site personnel and customer support
- Multiple integration point capability
- Workflow support
- High content throughput
- Real-time customer interaction
- Separate development, staging and production environments
- Capability for collaborative interaction, multiple partner input
- High bandwidth and low latency to ensure consistent and speedy delivery of content
E-commerce represents an intriguing opportunity for media companies that are looking to diversify their digital revenue streams. Creating a secure, trustworthy environment is the first – and most critical – step in delivering a successful e-commerce initiative.
Thomas Chaffee is CEO of ePublishing, a leading SaaS CMS provider helping publishers and media companies make more money online.