Do not get hacked: 7 tips for a secure online shop

Suddenly your online shop is offline. Or your payment system has been hacked, with the result that your customers' money does not end up with you, but with criminals. Without knowing it, your online shop can be vulnerable. With these 7 tips, you can make it difficult for hackers.Read on to discover Van Vliet’s 3 tips to protect your webshop against digital threats.

The Netherlands has over 82,000 online shops as of the end of 2022. That is more than twice as many as in 2018. "This rapid growth is quite worrisome because not every online shop has its security in order," says Marc van Vliet, security consultant at Perfect Day. He worked in e-commerce for years and knows the online dangers in practice.

Major consequences

The consequences of a hack can be major. Your online shop is suddenly offline, hackers change your product prices or bank details, or there are suddenly nasty texts on your site. And it can be even more serious, says Van Vliet. "The e-mail traffic of one of our clients was hacked. Criminals sent e-mails with payment requests to customers. The customers then unknowingly paid the criminals and not the online shop. Just try to get that money back to the customer."

7 tips

"You do not want to keep looking for your 'stolen bike,' or buy a new one. That costs time and money. So you use that extra lock. The same goes for your online shop. Think about what it will cost you if it goes wrong." Van Vliet gives you 7 tips for a secure online shop.

1. Use two-step verification

Your customers must be able to pay safely in your online shop. You can do that with two-step verification. This two-step verification has been mandatory in the EU since 1 January 2021. It allows your customer to safely pay for a product. In addition to logging in with a password, the customer uses an extra way to prove that they really are the owner of the account. With a fingerprint or a code, for example. Online payment through your online shop is requested from your own bank or a payment service provider (in Dutch). These companies specialize in providing secure payment systems.

2. Provide a secure internet connection

Make it difficult for criminals and use an extra secure Internet connection for your online shop. Build the website with SSL/TLS certificates. A buyer will see from the https web address that it is not a fake online shop.

3. Run updates

Your shop can be unsafe in several ways without you knowing it. Many entrepreneurs forget to run updates. Through a vulnerability in outdated software, cybercriminals penetrate your website. They hack the payment process, for example. The payment page of your online shop then looks the same, but the criminals change the underlying data, such as the account number on which you receive payments. Or they steal your customer's credit card data unnoticed.

4. Beware of phishing

As an online shop owner, you are also vulnerable to phishing emails. You may count on receiving many messages from customers, often with pictures attached. For example, because a product is broken. Such an attachment may contain malware or a virus, with which a criminal can shut down your shop.

5. Be careful with customer data

Check what customer data you have. "Many entrepreneurs do not realise how much customer data they actually have, or where they store them. Only when you know that, you know where to start with security." Do not ask for unnecessary data from your customers. "You do not need a date of birth to ship a mouse pad." Customer data (in Dutch) that you do not have, you also do not need to secure.

Comply with the privacy law GDPR and use a processing register in which you keep track of what personal data you collect. Also check in which country your website's hosting party stores data. The GDPR has strict requirements (in Dutch) for data storage.

6. Use unique passwords

Give your employees personal user accounts, with unique passwords. That way, you reduce the chances of someone misusing passwords.

7. Secure the contact form

Secure your contact form with a captcha (in Dutch), which is a test that proves a customer is not a robot. You can expect more spam and phishing emails if you do not secure your contact form properly. If you secure your contact form and receive fewer of those phishing emails, you are less likely to click on a malicious link.