Mobile Website Security

David Walsh
David Walsh

Are you Creating a Secured Mobile Site?

In an era when consumers are increasingly shifting all of their social media, shopping, and buying habits to their smartphones and tablet devices, many companies have deployed mobile versions of their websites in order to encourage strong sales across platforms.

This is good business sense, but it comes with a number of security-related considerations. After all, mobile devices are being used in the public space during the vast majority of purchases, and they’re bound to be transmitting data over open Wi-Fi networks, mobile data networks, and other connections that usually aren’t as private and secure as a home broadband connection.

Designers and developers have already mastered creating a robust, touch-friendly website for today’s smartphones and tablets. As ecommerce implementations rise, though, it’s time to start considering how to create a highly secure mobile site that will protect shoppers’ identities, defend against hackers and identity thieves, and compensate for the more open nature of mobile data connections and public Wi-Fi networks that these devices use most often. Protecting consumer data comes down to a few major tips and considerations.

1. Choose a Highly Secure Web Host

Web hosts have security reputations, just as websites, Wi-Fi connections, and shopping cart options do. Many hosts offer Secure Socket Layer connections, often called SSL encryption, for a small additional fee to those customers that require a highly secure connection between any consumer device and their own shopping cart software. Only those web hosts that offer such a connection should be chosen to serve mobile sites to consumers that are likely using a public network. Furthermore, SSL should be implemented for both desktop and mobile users.

It might be a good idea to contact an existing web host specifically to inquire about their security procedures both on the backend and in implementations that face a website’s users. By making sure that hackers can’t compromise the host, and can’t compromise the company’s website, greater protection against data loss and identity thief can contribute to a better mobile business.

2. Don’t Be Afraid to Implement Secure Socket Layers for Mobile Devices

SSL has long been a mainstay of desktop ecommerce websites, since the technology essentially creates a highly encrypted, very secure connection between one consumer and the website’s server. This technology’s popularity on desktops is due in no small part to its effectiveness, serving as one of the best ways to deter hackers. Mobile commerce sites, though, tend to implement SSL inconsistently.

This lack of SSL implementation for mobile buyers might be because mobile browsers were once limited in their use of SSL and “https” websites. That has all changed, though, and today’s mobile browsers are just as sophisticated as the ones used on desktops. They’re adept at handling SSL encryption and managing encrypted transactions, and developers should take advantage of this functionality right away.

3. Comply with Mobile PCI Security Standards

The Payment Card Industry CI Security Council, often abbreviated as the PCI Security Council, is the regulatory body that governs all transactions involves credit and debit carts online and off. The organization has long had a list of requirements and recommendations for developing desktop sites, but it wasn’t until recently that they got heavily involved in mobile transactions. It’s not a moment too soon, of course, with so many sites now engaging in mobile commerce.

The PCI Security Council has released a list of recommendations and guidelines for mobile websites that encourage mobile commerce and accept plastic as a form of payment. The document can be found on the organization’s website, and its implementation is the best way to gain PCI certification and consumer confidence at the same time.

4. Choose a Payment Gateway Developed for Mobile Implementation

Numerous companies have created mobile-specific payment solutions that implement the full list of PCI security standards while keeping customers engaged and encouraging them to complete a sale using their mobile device. These payment solutions involve both third-party websites and transitional web software solutions that can be deployed by the website’s owner for use locally.

In addition to PCI compliance, these systems offer another benefit that will help with deployment: because they’re designed specifically for mobile transactions, they often come with touch-friendly designs, mobile-friendly language, and an intuitive administration interface that scales well to both desktops and portable devices.

5. Create a Mobile Security Policy

Online retailers have worked hard to create robust privacy policies, but it’s now time to focus on a new type of policy. With mobile security policies, websites can clearly state which pieces of information they require from consumers, why they require it, and how it is used. Furthermore, this policy actually helps the website guide its mobile ecommerce development, since they will know exactly which user input fields to place in their mobile payment setup.

Remember that a mobile security policy should be the right balance of “short and sweet” with enough detail to guide future website developments and provide peace of mind to consumers who may be purchasing via mobile for the first time.

Clearly Defined Objectives and Industry Compliance are the Keys to Success

With a clear policy of mobile security and adherence to industry standards that govern transaction security and encryption, retailers that encourage mobile purchases will be able to safeguard themselves from malicious hackers, as well as from potential legal hurdles that might arise without a strong security policy and robust encryption. With the right policies and tools in place, consumers will feel more at ease with mobile commerce, and they’ll be more likely to buy what the company has to offer no matter where they are, or whose data connection they’re using.