Manage Subscriptions · Subscribe Now · F.A.Q.'s
HOME · Tuesday, May 13, 2008
Shopping Carts & Online Payments
Fraud-Proofing Your Ebiz
Basic steps to help prevent data theft
I know a business that had its website hacked: Its entire customer database was hijacked and thousands of customer credit card numbers were stolen at the same time.
In the following months, the hackers did their best to steal as much as they could from this business through a number of "phishing" scams and direct email campaigns to the customers, all while posing as the legitimate business.
After months of heartache, expense and lost sleep, this company cleaned up the mess and the hackers moved on to greener pastures.
What's the lesson for all of us?
Whether you operate a multimillion dollar ecommerce empire or generate part-time income with a small eBay or ebook enterprise, the following tips will help you fraud-proof your online business before it's too late.
• Protect Your Passwords
Never share passwords for sensitive applications such as web hosting, email, PayPal, bank accounts or anything else with anyone.
If you must share hosting passwords with web designers or programmers, change the password immediately after they complete work.
Change all your sensitive passwords on a monthly basis.
• Use Proven Service Providers
Custom programming is great until someone figures out how to hack an unproven system.
When you use credit card and shopping cart providers like ClickBank, 1ShoppingCart, Authorize.net and PayPal, you greatly reduce the chances that your sensitive data will get hacked and stolen online.
• Shred Everything
A good, cross-cut shredder rates as just about the best investment you can make in online security.
Before throwing anything away, shred it.
The shredding list includes bank statements, check stubs, lists of names and emails, printed emails, and anything else that can lead someone back to you, a customer, an account or where you go or what you do online.
• Fight the "Clone Wars"
Keep an eye out for illegal copies of your website posing as you or your business.
If you find someone posing as you online, the easiest way to shut them down is a direct frontal assault.
Contact their hosting company, their credit card processor, and their domain name registrar about the illegal activity.
Threaten to sue them (the provider) if the illegal activity does not cease immediately.
• Troll eBay
Regularly check eBay for people selling bootleg copies of your products.
Set up automated searches to email you any time a listing gets placed with your name, product name or any reference similar to your product.
Sign up with eBay's Vero program to get the offenders shut down immediately with a simple email from you.
• What Mom Always Told You: "Never talk to strangers!"
That means never give any information to anyone via phone or email, especially if they call you.
Your bank, hosting provider, email service, ISP and PayPal already know your username and PIN number... they don't need to call or email you to ask you to confirm it.
• Additional Tips
Never leave your physical mail (incoming or outgoing) in your mailbox overnight.
Don't share any sensitive information with anyone who doesn't need to know it.
Be careful of any shareware you download and use because it can contain spyware and even viruses intended to steal critical information.
Use common sense and never think you're invulnerable to an attack that could derail your business with one little misstep.
Blinklist | Del.icio.us | Furl | Ma.gnolia | Newsvine | Spurl | Reddit | Technorati
Published on Monday, December 11, 2006
Comments:
Jim said:
"Be careful of any shareware you download and use because it can contain spyware and even viruses intended to steal critical information."
My comment:
Shareware is not a type of software, but rather a marketing method. The method is used by Symantic, Microsoft, and a few other little companied you may have heard of, even if they do not use the term "shareware" in their advertising.
The Association of Shareware Professionals [ASP] has fought for years to disentangle the erroneous association of properly obtained software, that happens to be marketed as shareware, with harmful computer code such as viruses and spy ware.
In general, software marketed via shareware channels and other commercial software is normally virus-free. Indeed, the basis of shareware marketing is TBYB [try-before-you-buy].
Companies that integrate the shareware marketing method in their core business model [over 10,000 of them!] would no more want to distribute a virus or Trojan than companies distributing by other channels. The try-before-you-buy nature of software marketed as shareware means that our
members work very hard at closing a sale with each user by impressing them
with how good the product that theyre trying is. Distributing software problems and malware invaders doesnt result in a good relationship with our best potential customers.
The ASP is a not-for-profit association of over 1,300 independent software
developers, marketers and vendors, most of whom use the try-before-you-buy method of software distribution. For more information on the ASP, visit our consumer information web site at http://asp-shareware.com/ .
Ed L. Pulliam
Association of Shareware Professionals
Janesville, WI (USA)
877 479-4493 Toll Free in US and Canada
1-608-752-8985
Posted by: Ed L. Pulliam
Thursday, January 11, 2007
Jim - I am a technology advisor for Parsippany Chamber of Commerce (www.parsippanychamber.org) -- I would like reprint rights so I can distribute your article to members?
Please advise.
flcahill@parsippanychamber.org.
Posted by: Frank Cahill
Monday, January 29, 2007
Excellent article. Now the bad news. If a hacker wants to break in, it's a done deal. Might take a few long days. Met a professional hacker for a large accounting firm. Told me that he has never been stopped from getting root access to a server. Make sure you have a lot of liablity insurance if you're an ecommerce site or put the legalese on your site to give yourself some protection. It's a shame but there are some major companies that will tell you their sob story right now (cough tjm/marshalls cough). Best wishes. Scott Neuman - Recordweb.com
Posted by: Scott Neuman
Monday, April 23, 2007
I own an ecommerce site and have been in business for at least a decade. This past month, my GATEWAY was hacked and in excess of 4,000 credit card numbers were authorized (within 2 days). Where is the security? This anomaly should have rung out fast and furious within the Authorize.net system since my company does nowhere near that amount of business. More than half a month has transpired and it is still "in review." (My MSP, on the other hand, immediately reversed all charges.)
I reported the situation to the FBI and they told me this is happening more and more to small businesses. Is anyone else outraged?
Posted by: Nancy McKay
Thursday, May 17, 2007
Regarding the clone war: What you said is good information that every site should know.
But trying to stop a clone site is a lot easier said than done. First you have to be able to get a phone number and/or email address that's valid. And they usually don't answer anyway.
Threatening their ISP only results in that ISP saying "take us to court and prove it." Lets face it, the ISP is making money from the clone so why help you?
If you can find the registrar, good luck there. What's in it for them? to help you
Unless you have a lot of money and time to burn it is very difficult to actually get a clone shut down. The problem is the lack of any governing body that enforces such things.
The web is still the wild west with very few marshals and lots of bad guys looking to steal your ideas. Being innovative, providing quality content, and SEO goes a long way to making sure the clones don't get much.
Posted by: Michael Keilhofer
Tuesday, July 03, 2007
The single most important thing with lists is that they have to be simple to use. Anything that takes more than three seconds to use will be great for about a week. After that only half the items get put in, worse than nothing.
Text file on the desktop is the one, so long as you can avoid spending half an hour making it look nice every time you open it. Ten minutes every morning organising it then the rest of the day getting things crossed off.
Posted by: Lisa
Sunday, January 27, 2008
Ecommerce Articles
- Browse All Articles
- Browse our complete archive of ecommerce articles.
- Accounting, Management & Legal
- Ecommerce articles related to managing a small business including ecommerce accounting, business strategy and legal considerations.
- Conversion & Usability
- Online business articles about converting web site visitors into customers and how to gauge and improve your business website's usability.
- Development & Programming
- Articles to help designers, developers and programmers create successful, search engine friendly ecommerce websites and improve existing ones.
- Hosting, Infrastructure & Software
- Articles for ecommerce businesses about ecommerce web hosting, business infrastructure, business strategy and helpful ecommerce & small business software.
- Interviews & Profiles
- Interviews with prominent ecommerce business personalities and profiles of successful online businesses.
- Inventory & Shipping
- Ecommerce articles about inventory management, ecommerce order fulfillment and product shipping considerations.
- Marketing & Revenue Growth
- Articles relating to online marketing, email marketing and using the Internet to growing your business.
- Search Engine Optimization
- Search engine optimization articles for ecommerce business owners, strategists, marketers and developers.
- Shopping Carts & Online Payments
- Articles covering ecommerce shopping cart platforms and options for choosing an online payment gateway.
- Training & Education
- Tutorials and articles providing training and education for ecommerce business owners and developers of ecommerce websites.
Search Articles
Ecommerce Community
- Ecommerce Blogs
- Read our blogs about ecommerce topics written by industry professionals.
- Community Forum
- Connect with other ecommerce professionals to trade advice and answers in our community forum.
- Podcasts
- Check out our ecommerce podcasts covering topics ranging from interviews to tutorials.
- RSS Content Feeds
- Subscribe to our RSS feeds and have fresh ecommerce content delivered to you.
Ecommerce Resources
- Free Email Newsletter
- Sign up for Ecommerce Notes, our free email newsletter for ecommerce business owners and developers.
- Ecommerce Directory
- Browse our directory of ecommerce products and services, or submit your own listing in our directory.
- Ecommerce Glossary
- Familiarize yourself with terminology or submit terms to help others with our Ecommerce Glossary.
- Events Calendar
- Find out about upcoming ecommerce events or invite other ecommerce professionals by posting your own event.
- Press Releases
- Browse ecommerce related press releases and post your own press release for distribution.
- Ecommerce Store & Back Issues
- Pick up back issues of Practical eCommerce magazine along with other merchandise from Practical Ecommerce
About Practical eCommerce
- Frequently Asked Questions
- Look at frequently asked questions regarded using our website, subscribing to our magazine and more.
- Advertising Information
- Information about advertising in Practical eCommerce magazine, on our website, or in our email newsletters.
- Editorial Sharing
- Learn about options for sharing our content with your visitors, customers or employees.
- About Us
- Learn more about Practical Ecommerce magazine and meet our staff.
- Contact Us
- Contact Practical Ecommerce at any time for more information. We'd love to hear from you.
Copyright 2007 Confluence Distribution, Inc. and Practical eCommerce.
All Rights Reserved.
Great article Jim, I would like to add one thing that many people are still unaware of even though its becoming so critical for business online. Ensure that ALL your providers online are PCI/CISP certified. PCI/CISP are strict new standards for conducting business online set down by the credit card industry (visa, mastercard, etc) and only the MOST secure systems can become certified. PCI/CISP very clearly outlines how data should be stored, and transmitted online. 1ShoppingCart.com was one of the first eCommerce solutions to become fully certified in 2006, but you have to ensure every company in your payment process has been certified as well. If you want to learn more about PCI/CISP, you can read our page at: http://www.1shoppingcart.com/pci-cisp-shopping-cart.asp you will find links back to the appropriate pages at Visa here also. Michael Valiant http://blog.1shoppingcart.com
Posted by: Michael Valiant
Monday, January 08, 2007