Online Payment Security Options

Special thanks to a friend for sharing an article about online payment security options from fitsmallbusiness.com. You can read it here.

One of the initial points of the article was discussing the differences in security needed based on whether or not you used a hosted or self-hosted checkout page. The most important reason for this is to know who is responsible for scanning the site for security holes – you or the company hosting the checkout process. Here is a snippet from the article my friend shared with me:

Online payment security starts with a secure checkout. That means the order checkout forms that collect customer data are hosted securely, data is properly encrypted during transmission, and any stored payment information is protected.

There are two types of online checkouts that you can use: A self-hosted checkout or a hosted checkout.

online website securityWhat is a Self-hosted Checkout?

A self-hosted checkout collects and transmits customer payment data on your store’s servers. This puts the security risk on you and makes you responsible for managing secure data connection, transmission, and storage systems Even if you use a top e-commerce platform, you can be responsible for handling security. Not all e-commerce platforms ensure secure checkouts with every payment processor.

What is a Hosted Checkout?

With a hosted checkout, sensitive payment data is entered directly into your secure payment provider’s system via a secure, encrypted connection called SSL (secure sockets layer authentication). Simply put, sensitive data never touches your store’s servers. In some cases your e-commerce platform ensures this, in others, your payment provider makes it happen. Either way, using a hosted checkout takes the bulk of e-commerce security risks off your shoulders.

This is one reason why hosted checkout providers like Square, Paypal, and Stripe are so popular.

How do You Choose?

Wondering why anyone would choose a self-hosted checkout over a secure hosted checkout? That’s a good question. For most small online sellers, a hosted checkout delivers everything needed to process payments in a tidy, secure package. But for others, factors such as checkout customization and lower credit card processing costs can come into play. In these cases, the flexibility that self-hosted checkouts offer can be worth the security headaches.

However, even if your checkout pages are hosted, it’s always a good idea to scan and secure your website from vulnerabilities accessible by hackers. Trust Guard provides trust seals and security scanning to help you protect your site and keep it safe.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.

Playing Russian Roulette with Hackers

Business owners who never scan their websites for security vulnerabilities are playing Russian Roulette with hackers.

Russian Roulette is the practice of loading a bullet into one chamber of a revolver, spinning the cylinder and then pulling the trigger while pointing the gun at one’s own head. There is a one in six chance that the bullet will kill you. It’s an activity that is potentially very dangerous.

 

Russian Roulette

 

There are people out there that love to take risks. They go climb cliffs, swim in oceans, and walk into dance clubs leaving very little to the imagination. Hobbies aside, some people take unnecessary risks with their online businesses. More than 30,000 websites of all shapes and sizes fall prey to hackers every single day, holidays included. But for some unexplainable reason, there are those who believe that, although they have done nothing to protect themselves from viruses and malware, getting hacked could never happen to them.

 

Truth is, there are about the same odds in getting hacked as there are in playing Russian Roulette. And the same is true for both games: the longer you play, the ‘better’ the chances of ending the life of your body or business. If you have been in business for more than five years without ever running a security scan, consider yourself a very lucky person.

 

Security scans, like those performed by Trust Guard and their partners, can check for over 75,500 vulnerabilities used by hackers to make a total mess – just like Russian Roulette would make a total mess of your face. More than 85% of all websites they scan fail their first scan – which demonstrates the overall need for additional and consistent scanning.

 

If you haven’t scanned your website, contact Trust Guard and use this 50% off discount code: STO50. They have a money back guarantee. They’ll also give you a trust seal. It’s a little image that you display on your site to show website’s visitors that you’re not a risk-taker when it comes to their online safety. When they see the seal, it gives them peace of mind, so more of them buy from you.

 

So stop taking unnecessary risks. Sign up for security scans from Trust Guard.

Top Three Cyber Security Tips

Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.

He is one of three men who has been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.

Cyber Security

Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber security attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.

Once Collins had his target’s username and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.

Sometimes, even for celebrities, it is hard to tell if an email is legitimate or not.

Here are some key cyber security tips:

  1. If you receive a suspicious email from a place where you have an account, never click on any links inside of it. Instead, go to the specific service provider’s website and log in from there. You can also make a quick phone call. In any case, most companies will not ask for your username or password through an email.
  2. Once you get to the website, use different passwords for different accounts, and switch passwords often – for banks every three months at least. If you have different passwords and one account gets hacked, the other accounts should be OK.
  3. If you feel confident about opening a link in a non-business-related email – even if it appears to be from a friend – always hover over the link first to see where the link is going before clicking on it. Your friend’s email account may have been hacked.

You could fork out $14,000 or so for a military-grade-secure smartphone to help thwart hackers — but a little cyber security know-how will certainly cost a lot less. There are many, many more hackers just like Mr. Collins who haven’t been caught. Let’s do everything we can to keep them away from our personal, private information.

 

Special thanks to NBC News for their article on the subject.

Three Tips to Keep Hackers Away from Your Website

hackersWith hackers making more and more money, and more hackers showing up every day because of it, it’s no wonder online business owners are finally starting to take internet security seriously.

Did you know that, on average, 20 WordPress websites and blogs are hacked every minute of every day? With hackers making more and more money, and more hackers showing up every day because of it, it’s no wonder online business owners are finally starting to take internet security seriously.

Here are a few tips to help keep your website safe from hackers:

Keep Software Updated

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them. If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco, and many other CMS programs notify you of available system updates when you log in.

Keep Error Messages Generic

Be careful with how much information you give away in your error messages. For example, if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.

Utilize Website Security Toolsb_143010289373

There are other tips, of course, like updating unique passwords, keeping your SSL active and being careful of file uploads, but once you think you have done all you can, then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred malware and vulnerability scanning. Companies like Trust Guard can periodically monitor your website for potential issues and warn you if any are found. High-risk issues need to be fixed immediately to keep hackers from infiltrating your site which could cause you economic, legal, and reputational problems.

As a side benefit, their trust seals (small images that you can display on your front and check-out pages, show customers that website security is one of your top concerns. They will feel safer shopping on your site and consequently more of them will buy from you). Visit Trust Guard today!

Free PCI Scanning

pci scanningIt’s in all the news all the time nowadays.  One business or another is getting hacked. If you own a business yourself, you know that one of the best ways to keep your site safe is through PCI scanning.  Not only is it one of the best ways, but it is also required to be PCI compliant if you accept credit cards. You know that you want your website to be safe and your customer’s confidential information safe.  Did you know that you can get free PCI scanning?

FreePCIScanning.com will scan your website and search for vulnerabilities that hackers may use to access your site.  After the scan is complete, they send you a free detailed report.  If it comes back OK you will have the peace of mind knowing that your site is safe. If it doesn’t pass, they will let you know where the problems are so you can get them fixed. This is a $47 value, for free!

Because new vulnerabilities are found constantly, you should always get scanned periodically even after your free scan. The Payment Card Industry requires that you scan at least quarterly.  Trust Guard is another company that will help you with PCI Scanning. They can scan your site daily, weekly or monthly to keep your site safe and secure for a low monthly fee. So get started now.  Request your free scan and then keep scanning!

Is Your Site Safe? Get a Free Scan | EpicEcommerce