Three Measures for Secure Checkout on Your Website

March 03, 2017 Partner Success
Atit Shah
By Atit Shah, Head of Security
Atit Shah
By Atit Shah, Head of Security


This stems from a larger campaign for more security, as many tech companies have increasingly emphasized users switching their sites and businesses over to HTTPS encryption so that they can be used for things like secure checkout, one of the main lines of defense against the growing threats that exist on the web.

For the average consumer this may seem trivial, but as an e-commerce site owner or an online business that handles sensitive data wanting to reach a broader customer base and build more trust, this means that there is a need to take security more seriously. Not only will switching to HTTPS elevate the security of online services, but it will also help increase customer awareness and trust when they visit insecure websites.

Here are some measures businesses can take to move to and beyond the basic security HTTPS can provide:

  • Enabling HTTPS will remedy most issues surrounding Google’s new agenda, but beyond that, transitioning to the encryption will provides user authenticity of the website they are visiting. The S within the protocol stands for “secure”, and that means any communication or transfer of data between the user and the site is encrypted.
  • If online businesses haven’t done so, installing basic security is a necessary step in the right direction. Protecting sites with at least SSL/TLS protocols, especially on login and checkout pages where sensitive information may be shared, will add an initial layer of defense that is imperative.
  • The past few years have seen various attacks like Heartbleed, BEAST, and POODLE targeting security vulnerabilities in SSL/TLS. Make sure these implementations are following best practices such as having strong private keys (e.g. 2048-bit RSA), supporting TLS 1.1 and using higher, secure cipher suites with perfect forward secrecy, and a reliable Certificate Authority.

Secure checkout on payments pages

As of 2020, virtually all software platforms use the HTTPS protocol by default for both shopping and checkout. What’s more, the credit card collection processes used by WePay in our deployments of Link, Clear and Core require high degrees of security. Consumers and platforms can proceed with confidence that secure checkout with WePay follows these high standards.

Hopefully these practices will help you avoid the expected Google flags but more importantly will lay a foundation to keep your site and your users safer online. To find out more about the risks that insecure practices can lead to, take a look at our webinar on fraud on payment platforms.


About the author

Atit Shah

Atit Shah, Head of Security

Atit Shah is Head of Security for WePay. He has more than 11 years of combined experience in technology, security and leadership. Prior to WePay, he held security-related positions at Microsoft, Deloitte, and Ernst & Young.

More blog posts by Atit Shah