LAST YEAR, THE information commissioner Richard Thomas made a stark statement: "Over the past year, we have seen far too many careless and inexcusable breaches of people's personal information. The roll call of banks, retailers, government departments, public bodies and other organisations that have admitted serious security lapses is frankly horrifying."

With high-profile breaches of security in the high street and online, overhauling your site’s security is now imperative. Identity theft, for instance, is currently costing the UK economy £1.7bn a year. "Business and public sector leaders must take their data-protection obligations more seriously. The majority of organisations process personal information appropriately, but privacy must be given more priority in every UK boardroom," warned Thomas. "Organisations that fail to process personal information in line with the principles of the Data Protection Act risk enforcement action by the ICO (information commissioner’s office) and losing the trust of their customers."

The days of the dotcom crash may be long gone, but concerns over online payments still remain, despite a record number of people choosing to shop online over the Christmas period last year. Over £50 billion is expected to have been spent online during the festivities, with the vast majority of this via plastic cards. For eCommerce site owners, this means increased vigilance in the face of mounting levels of fraud. Online shopping fraud losses on cards are part of the card-not-present fraud total of £212.6 million last year alone. Even more alarming for online retailers are the latest research figures that indicate that 24 per cent of shoppers do not purchase online at all due to security concerns, 65 per cent abandoned a purchase for security concerns and 84 per cent believe that online businesses do not do enough to protect them.

The latest figures from APACS, the UK payments association, indicate that more than ten million credit and debit cards are now signed up for secure online payments. The rise of the internet auction site has seen a massive drive with card and e-payment becoming increasingly popular. PayPal has 63.8 million subscribers in 45 countries, and had $18.9bn of transactions last year, an increase of 55 per cent over the previous year.

In an attempt to inject some much-needed confidence into the eCommerce market, APACS and the Home Office are promoting schemes that add additional layers of security to online payments, but don’t require the online retailer to install any additional software or hardware. One high-profile system is SecureCode. Cardholders sign up and choose a private password, which they then use when shopping at participating retailers.

Home Office minister Vernon Coaker also commented, “Shopping online is convenient for consumers and retailers alike, but although the internet offers valuable opportunities for law-abiding citizens, it also presents opportunities for fraudsters. The key to tackling online fraud is prevention, which is why the Government supports industry initiatives such as Verified by Visa and MasterCard SecureCode, which are designed to make online transactions even more secure. I urge cardholders to sign up to these protective schemes.”

Most eCommerce websites will use a third-party payment provider to handle card clearing. Simon Black, MD of Protx, says, “For an eCommerce site owner, the first priority should be to find a secure payment service provider to process all online payments. If the business is small, I would recommend that they outsource all aspects of payment processing to a third party. Thus, card details are entered on a secure payment page hosted by the payment service provider, not on the merchant’s website.” Securing your site’s payment mechanism is certainly important, but so is informing your site’s customers of the security measures that are in place. This instils confidence in the customer that all online business must cultivate to remain profitable over the long term.

Andrew Horbury, marketing programs manager at VeriSign, commented, “Phishing will move away from banks as they get more secure. Retailers will be targeted even more next as they will be seen as the easy option. Web designers should move away from bad web design practices, pop-ups and pop-unders – all of the things that can be easily spoofed and that often confuse customers. If they have existing security precautions, then use them; don’t just use SSL for securing payments, use it for securing registration pages and any page that involves transmission of personal details.”

Jo Morecroft, owner of Surf-wax (www.surf-wax.co.uk), also pointed out that security of your own site is also important. “Ensuring security for customers is paramount for a small business, and this has to work both ways for a small business – customer security is important, but so is the issue of protecting yourself, as there are many scams to identify and repel, potential fraudulent purchasers, hackers, worms/viruses and so on. Protecting yourself also means you are protecting your customers. Spending time regularly reviewing security procedures is a requirement as is recognising when you need professional advice.”

Clearly all web designers should ensure that commerce pages adhere to SSL specifications, as this has long been a security standard in the online retail space. Protx’s Simon Black continued, “If sensitive data is entered elsewhere on the merchant’s website, they need to ensure that these web pages are secured by an SSL certificate. This technology is designed to establish a secure connection between two computers using a key-based encryption algorithm. An SSL certificate provides SSL technology on the merchant’s website, enabling encryption of sensitive information and protecting the web pages.”

VeriSign’s Andrew Horbury offered this advice: “Post the VeriSign Secured seal if you are a VeriSign customer to let consumers know that you take their security seriously. SSL is low-cost and easy to implement, but it is one of the most essential parts of an online business – without the padlock, the green bar or the secured seal, people will not trust your site. Larger sites that have a customer accountbased relationship with a consumer consider two-factor authentication to improve the security at login. Two-factor authentication, such as the VIP product, protects against ID theft by providing a password that is only valid once, so if phished they are of no use to the fraudster. “

Micro businesses that are attracted to the plethora of instant eCommerce site services that are now available can be a fast and efficient way for a web designer to get their site up and running. Richard Stevenson, head of Corporate Communications at 1&1 Internet, commented, “Businesses should make sure that they only choose solutions from reputable vendors who have long-term competence in eCommerce systems. Ensure a vendor has developed the solution that you buy with certifications for MasterCard Site Data Protection, Visa Account Information Security and Payment Card Industry (PCI) Security Standard. An eShop solution that is PCI-compliant means that it fully complies with major credit card providers’ requirements for data security. This means that the eShop package does not store any of your customers’ credit card details and therefore complies with current regulations.”

Combating data theft should be a high priority for all web designers. Identity theft is of great concern to all internet users, none more so than online shoppers. Dave Birch, director of consultancy Consult Hyperion and organiser of the Digital Money Forum, says, “Bad website design and sloppy implementation can cause serious problems – look at the case of the NHS application system for doctors that allowed anyone to download their confidential details – but it is also certainly the case that experienced website administrators and designers know how to plug these kinds of holes. Some basic security training really ought to be part of web design education from now on. If you’re teaching someone how to use Dreamweaver on a LAMP server, then you should be teaching them how to ensure appropriate configuration.”

Andrew Horbury at VeriSign closed with this advice: “Seriously consider using Extended Validation SSL – the additional vetting procedures and the visual cues offered by the green bar can help turn browsers into shoppers. 53 per cent of shoppers who abandon online purchases due to a negative sense of security report that they would have completed the transaction had a recognised trustmark, such as the VeriSign Secured Seal, been present.”

What is certain is that all web designers have to become increasingly security savvy as these skills will be expected by eCommerce clients. As you design each new site, think about how you can enhance its security provisions. Protection such as 128-bit SSL is well-understood, but on tomorrow’s commercial websites, customers will demand more. The card clearance providers are working hard to reduce fraud, but it’s up to you as the site’s designer to put in place adequate security systems. Consumer confidence in your client’s site is critical.

The web design market has radically changed, particularly over the last three years. Design as an isolated activity is now rare. Clients are looking to include the latest technologies on the sites they commission, but they are also looking to buy completely integrated services. Increasingly, only those designers and design agencies that can offer the full service package will be able to develop and maintain a sustainable business in the future. For designers, the move to more software as a service platform should be viewed as simply an evolution of their market. The reseller market is not a necessary evil that designers are being forced to add to their businesses; it should be viewed as a business opportunity that should not be missed by any savvy designer or agency.

When choosing a hosting service to partner with, use all the due care you would use when buying any critical service for your business. Look for hosts with a strong track record and the infrastructure to support the sites you’ll be reselling. Any problems and your clients will look to you for solutions – not the host. Toast Design’s David Foreman said, “The company we buy our space from (Skymarket) are superb in this department. If you’re reselling, you need to know that the support is there if an issue arises that you can’t resolve. If you don’t get a high level of support, issues can’t be resolved quickly and you’ll lose clients. They will see you as the prime contact, so if your suppliers let you down, it can leave you in a difficult position.”

Fasthosts’ Mark Jeffries concluded by saying, “There are very compelling reasons why reseller hosting can be an attractive bet for web designers. Today, a full range of white-label web solutions such as domain names, hosting, email, eCommerce and unlimited broadband packages are offered at low trade prices, ready to be rebranded as your own and sold to your customer base. By combining web design with hosting, designers can increase their revenues and also offer a more complete solution to their clients. There is much scope to develop your own hosting brand in line with your corporate identity. Agencies can thus provide own-branded packages of tailored design, web development and hosting to their niche markets.”

Being able to not only deliver the latest website design, but also hosting and any additional services that your clients require, offers a great commercial advantage over your business’s competitors. Fullservice web design is fast becoming the norm. Take a look at hosting reselling. It could offer your business a completely new market sector that could deliver a great profit margin for very little cost.