ECommerce Information Security Policy

Employing measures for protecting personal cardholder information provided in online payment transactions is important not only for reducing fraud but also for building customer confidence. Satisfied customers become repeated customers.

Preventing fraudulent transactions starts with creating and implementing your organization’s data security policy. Consumers expect that web-based merchants protect the personal payment information they provide during a transaction and that it will only be used for completing the transaction. They also expect that merchants explain the measures and procedures they have set in place to keep sensitive account data save. To meet your customers’ expectations and to prevent fraudulent activities, web-based merchants should consider implementing the following best practices:

* Educate Consumers about your Data Security Practices. Create a page that provides detailed information about your website’s security practices and controls. Consider including in it the following:
o A detailed explanation of how payment information is protected at all stages of the transaction process: during transmission, while on your server and at your physical work site.
o Make the page available to all visitors to your website. You should consider placing a link to it in your home page. Placing a link in your header or footer will make the page accessible from any page of your website.
* Create a Security Section in your FAQ Page. If you have not already done so, you should create a FAQ page and include in it questions and answers on how customers can protect themselves while shopping online.
* Add the Logos of Fraud Prevention Services that you are Using. Place on your website the logos of all fraud prevention and data protection services that you are using.
* Warn Customers against Sending Payment Information by Email. Email is not a secure way to do business, however some customers are not aware of that. To better protect their personal information you should highlight your security practices on your website and in your email correspondence. Advise customers that:
o Email is an insecure method of communication and should never be used for transmitting account data or other sensitive information.
o Your website is using SSL encryption services ensure that personal information is protected from unauthorized access and provides the safest way for shopping online.