At this stage, we’re all well aware of credit card security and PCI compliance. However, there has been little mention of the user names and passwords used by customers. It is important to look into the storage of this critical data. There are shopping carts in use that store this information in plain text. This of course jeopardizes the customers’ security, because if hackers are able to compromise your server, all information becomes readily available to fraudulent elements.

Several shopping cards are programmed to store information in a database like Microsoft Access, mysql, or MSSQL. The method or steps to access this information are determined by your choice of a web hosting provider. In fact , you may even be able to access this information via an Open Database Connectivity (ODBC).

To check for the level of security, check your tables and records. Especially focus on the password table to see whether or not the passwords are encrypted. It is very important for these passowrds to be protected because even though it is not advisable, most people use the same password for their various accounts. This does make for easy memorization and convenience, but is bad for security purposes.

Shopping Cart password: The admin password should be changed immediately when the items are added to a cart. This password should contain letters, numbers and maybe a couple of extra characters like %, !, *, {, etc. The harder it is for you to remember, the better. By changing the password from what was initially provided by the vendor, you meet one of the requirements for PCI DSS.

Password Strength and Security: For every new customer that signs up, there should be a new and unique password. It is a good idea to check for password strength before deciding on one. Finally, make sure that when users are creating an account, their session is absolutely secure.

For More information visit Credit Card Processing and Merchant Account Services.

http://www.paynetsystems.com

Article Source: http://www.articleset.com