Online commerce and in general all websites that require online payments are considered normal and safe in the common sense, but when arrive the real payment moment, Users are always a little afraid to pay via the web and to release their data.
Let's see together what are the essential elements to evaluate the security of online payments:
1) Choose real websites, which correspond to a VAT number and a real Company, possibly check the existence of the proposing Company on the VIES website of the European Community or on the Agenzia delle Entrate website (for Italian VAT); the site must also list precisely the Terms and Conditions of Sale and any Returns.
2) Use only sites with SSL certificates, a padlock appears on the browser bar before the site url, which if clicked provides security information on the certificate.
3) Check that at the time of payment with the most used operators such as: Mastercard, Visa, Paypal, Applepay, Skrill and similar, the payment management is actually passed (encrypted via internal Gateway) to the portal of the selected manager (eg . Paypal) or the authorized bank intermediary. This is the most sensitive and crucial phase and that in 90% leads the User to be wary or not to complete the transaction if the "customer experience" or the perceived sense of security do not satisfy him.
4) The Ecommerce site or in any case the payment requestor will not store any data relating to credit cards, security codes or other sensitive information on the payment, but will only receive the outcome (positive or negative) of the transaction, the transaction code and a possible error message in the negative case from the authorized intermediary.
5) If a site requests card details before passing them to the payment gateway (usually for the convenience of the Customer for recurring payments), verify that the security systems of those who will manage this data are compliant with the PCI DSS regulation (which should be explicitly recalled and declared) or there is something strange.
6) The bank intermediary and the payment manager are required to use the European SCA (Strong Customer Authentication) protocol during the payment confirmation, i.e. a verified system of customer identification or double authentication, usually with PIN confirmation on a different device (e.g. mobile phone). This procedure is optional for amounts under 30 euros.