Secure online shopping
Prudent Minds is all about saving you money and helping you manage your money well. Our 'Secure Shopping Site' scheme is developed to give you confidence when you buy online.
Why a Secure Online Shopping Site scheme?
The number of websites where you can do your online shopping has grown dramatically over the past 5 years and nothing is suggesting this will change. With so many websites taking your debit or credit card details, it is good to know that your payment details as well as your other personal details are safe. The Prudent Minds Secure Online Shopping Site scheme tests websites against various security criteria to establish whether shopping online will be secure and as such will provide a safe online buying experience to you.
Why Prudent Minds?
At Prudent Minds we have a track proven history of over 10 years of successful and secure web development. Our team of IT engineers are extremely experienced in designing, programming and running websites that look good and are liked by Search Engines. However, more importantly they also know how to ensure that the programming and coding behind the websites is of the highest standards when it comes to security. As such they can recognise “the good, the bad and the ugly” past the initial visual impression.
How does it work?
Websites can apply to us in order to have their Online Shopping Facilities tested. If a website passes the various tests it is awarded the Secure Online Shopping Site badge, which can be placed on the website and/or printed materials. Website which pass the tests are also listed in the directory on Prudent Minds. Therefore if you are ever in doubt about a website displaying the badge, simply check the directory in order to verify its authenticity.
What are the Secure Online Shopping criteria?
In order to identify what is a secure online shopping facility, Prudent Minds tests are carried out in the following areas:
Web hosting and servers
It is important to know both where a website is based and where the website is hosted. Location is important to your safety since consumer protection and information security laws vary around the world. This means that the laws in place where a website is hosted may offer less protection than the laws where you or the website are based.
Questions purely related to the physical hosting include:
- Which hosting company is used and their security policies and practices
- Whether the software on the servers is kept up-to-date
- Whether personal data and payment details are protected via SSL (secure sockets layer) encryption whilst travelling over the internet.
User accounts & passwords
Our development team believe that good security is pro-active security. This means security that is characterised by such things as regular password changes for servers and other systems, and a consistent policy governing password lengths and complexity to ensure password strength.
Storage of Payment Details
When taking payments online, websites generally have two options. They can host the payment process and payment detail storage on their own servers, or they can alternatively use a third party payment processors. If a website hosts its own system, the questions we are concerned with include:
- How personal data and payment details are stored on their servers
- How access to the stored details is controlled
- Does the website's handling of payment details conform to the PCI DSS, the Payment Card Industry data security standard, a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
In the alternative case, the website only stores personal data rather than personal data and payment details, and we we therefore simply comment on the choice of third party provider.
Storage of Address Details
Everyone hates spam and questions we are concerned with are whether the website tested has policies in place with regards to the sharing of personal address details it acquires from orders. Further, we would expect storage of these details to be secure in line with the criteria used when checking the web hosting and server security.
Web design and Programming
Although two websites might look exactly the same, an expert examination of the HTML coding may reveal a different picture. Using secure and up-to-date programming practices and languages is key to preventing hacking attempts and cross-site scripting attacks. We review the code of websites tested to see whether good practice has been followed to ensure the programming has been performed efficiently and securely.