Protecting Customer Personal Data
June 19, 2009
Businesses that accepts credit cards from their website are compelled to abide by The Payment Card Industry Data Security Standard (PCI DSS) which is a set of comprehensive requirements for the protection of payment card data; developed by Visa, MasterCard, American Express, Discover and JCB.
PCI DSS provides business best practice guidelines to establish a “minimum security standard” to ensure customer personal details and credit card information are secured from thief. There is an industry built around this to help ecommerce site owners achieve PCI Compliance. PC1 Compliance includes testing procedure put in place by site owner to ensure the way they handle data is safe and secure.
Private companies that doe not sell online but collect sensitive personal details re required to collect such information over SSL and register with information commissioner office to ensure data in their possession are collected and stored safely and securely however there does not seem to be a rigorous data safety enforcement similar to PCI DSS which could partly explain what could have gone wrong with Parcelforce customer tracking system which was in the new recently.
It was reported that personal data including signatures of recipients of Parcels has been exposed to those tracking deliveries on the Parcelforce website. A failure in Parcelforce system allowed people using the mail tracing service access to the name, postcode and signature of various Parcelforce customer details. This clearly put Parcelforce at risk of breaching data protection rules.
Data Protection just like PCI DSS ?
Information Commissioner’s Office (ICO) stipulates that businesses have a responsibility to keep personal and sensitive information secure. Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure,” said a spokeswoman for the ICO.
“Failure to protect personal details such as names, addresses and signatures could lead to information falling into the wrong hands and ultimately the loss of customers’ trust and confidence.
Requirements of the ICO and PC1 DSS are not too dissimilar; the only difference is that the credit card consortium that created PC1 DSS enforces compliance proactively on merchants that processes their credit cards.
PCI Compliance - A must of ecommerce credit card processing
June 14, 2009
PCI DSS or Payment Card Industry Data Security Standard is a kind of a universal norm for security established by the PCI Security Standards Council. This norm or standard needs to be followed by any organization that utilizes processes or sends information pertaining to the credit cards issued by companies like MasterCard, American Express and Visa.
How are you impacted?
The main impact is on the security aspect. Close to 234 million credit card holder data were either leaked or hacked into in the last four years in the world, which led to the institution of certain mandatory check points. For instance, Visa made changes to its Account Information Security Program beginning October, such that it made it compulsory for all merchants handling less than a million annual transactions comprising of levels 2, 3 and 4 to process through the PCI DSS accredited provider only. They could do this either through a PCI Compliance certificate provider or give alternate certification of this compliance to demonstrate that they are indeed following this.
When you as a merchant process through any of the PCI Compliance certificate providers, the advantage is that the site itself through its payment pages is fully compliant with PCI and you are only required to fill up the SAQ (Self Assessment Questionnaire), related to the transactions. Only when you store, process or transmit cardholder data on your business network, will you need to get vulnerability scans done every quarter.
Irrespective of your methodology of processing online credit card payments, there are some measures that you are supposed to take to ensure that your business is in full compliance with PCI.
What are these measures?
Depending on the number of transactions processed by you as a merchant, there are different levels stipulated. These levels are the data you need to provide for showing compliance.
* A merchant who processes more than six million records annually, needs to get an audit done at site in addition to getting his network scanned every quarter.
* Merchants processing less than six million records or transactions per annum do not need to conduct an audit at site, but need to fill up the SAQ and get their network scanned annually and quarterly respectively.
Merchants processing through any of the PCI Compliance certificate providers however need not go through the quarterly scan as that will be taken care of by the Level 1 PCI DSS compliance validation that is inherent in the systems of these providers. Of course, the only condition is that you do not use your own business network with your site being located at a different place to process credit card information.
Types of Self Assessment Questionnaires
Though the SAQ is of 4 types, you are only required to complete the type that is relevant to your activity.
* SAQ A
This is applicable for merchants who outsource card member data and who use the services of the PCI Compliance certificate provider.
* SAQ B
This type is relevant only for those merchants who process information face –to-face.
* SAQ C
Those merchants who have point of sale systems linked to the service provider through the internet will be required to use SAQ C since there is no data of card members stored at the site.
* SAQ D
This type is for merchants, who function in an environment wherein all necessary card member information is stored and undergoes preliminary processing internally.
The PCI website provides total information on the SAQ that is meant for your business and you can download the same for completion when required.
eCommerce the only safe haven in recession?
March 19, 2009
The unprecedented turmoil in the British economy has seen ’safe’ institutions like Banks nationalised (another word for saying administration?), picture of UK High street landscape redrawn with names that has been there for decades such as Woolworth and Virgin Mega stores omitted from the new picture. Also for the first time in over a decade, UK unemployment has reached and exceeded two million with another one million people expected to be out of work within the next 12 months.
Whatever sector of the economy you look things seem to be on a downward trend with the exception of ecommerce. Online shopping not only bucks the downward trends on the High street but it did it with double digits; 13%. The latest figures about the e-tail sector released by online retail research group IMRG Capgemini. IMRG added that February online shopping fell 11% from the month before, the monthly drop was down to enhanced sales in January, which was the result of continuing post-Christmas sales.
The report also said that online sales of beers, wines and spirits were up 30% on January and a surge of sales was recorded in the few days before Valentine’s Day on 14 February.
The increase in online sales is expected to keep bucking the trend for the rest of this year, it was claimed in some quarters that online sales growth would have been much stronger if the rest of the economy is not as weak at it currently is.
How to optimise your content for Google Base data feed
February 11, 2009
Google Base (formerly know as Froogle) is a free Google service aim primarily at products and services unlike the regular Google search which is targeted at information websites. Google and other research found out that search engine users looking for products use search engine quite differently from searchers looking to buy goods or services. A content optimised and submitted to Google Base would appear in Google Base, shopping search and may also appear on Google Maps.
Submitting your content to Google Base does not affect your site ranking in Google search, it actually give you additional bite of the organic search engine traffic should your feed be accepted, it would appear at the top of Google search engine result (in addition to Google Base itself), competition to appear on Google search engine result is quite stiff, only three products from Google Base tends to make it to Google SERPs (Search Engine Result Pages.
Algorithm for ranking Google Base products is not as advance as the algorithm for Google search, it is more literal in Google Base, this should be taken into account when preparing your product feed. You should include factors relevant to your product especially the product name, model etc in your product title and description, the keywords you are targeting should also appear in the title and description.
The first 15 words are quite significant, put a lot of though into your product description. Do not stuff the description with keywords as this is frowned upon and could lead to your listing being penalized.
Google Base allows custom attributes, it is important that you use this carefully as it will help rank your product higher, users searching for product are said to search differently to searchers searching for information, for example, a searcher looking to buy gloves for a child could use keywords like “gloves for a 10 year old” so if you added attribute such as “suitable for children aged 10-13 year old” your product is bound to be listed higher when the searchers looking for “gloves for a 10 year old” searches with the aforementioned key phrase.
Another optimisation tip to help you rank well in Google Base is images, by adding relevant images to your product you increase your click-through rates. The image should be a high resolution representation of the product or services you are offering, adding a generic image will not have significant impact on your product CTR. And finally, Google product search uses an eBay style rating system where your customer leave feedback about their purchase experience with your company, try and get as much good rating as possible as this will positively impact your rating in Google Base.
Useful Google Base related information
* Google Base homepage : http://www.google.com/base/
* Shopping Cart with automatic Google Base export : www.bosscart.co.uk
* Discuss Google Base : http://www.webmasterserve.com/ecommerce/
eCommerce Shopping Cart Comparison Chart
January 30, 2009
There is no better time to start online shop than now, whether you are thinking of starting an online shop from scratch,adding shopping cart facility to an existing website or just researching available ecommerce solutions.
The economic climate is quite gloomy for high street retailers but online traders large and small continue to see significant rise in sale, its time to take a serious look at ecommerce if you have not already done so.
The table below brings you brief information on some of the well know shopping basket software on the market today.
Virtuemart |
CubeCart | osCommerce | Zen Cart | |
| Details | Free open-source shopping cart. It works as a stand alone but its at it own when combined with Joomla. | Free and paid options, robust and tested. | One of the most popular if not the most popular free shopping cart | A fork of osCommerce project.It has some features it parent does not like downloadable goods. |
| Advantages | Quite simple to install, may need to install Joomla to get the full benefit of some functions | Cube Cart is easy to install, support is said to be efficient. | - Easy to install, some hosting company bundle it with their control panel software. | Support is easy to access, quite nifty. |
| Disadvantages | * May have to trawl the web to find support.
Prone to Joomla’s shortcomings. |
Product review module still in development. | Does not support downloadable good, support can be difficult to access. | Can be made to be more user friendly. Said to be resource intensive. |
| Use it for: |
A basic online shop. | Small shop, supports unlimited products. | Robust and reliable, has been around for some time. | Small online store. |
There are many other shopping cart software apart from the above, perhaps in due course reviews of other shopping cart will be posted. One particular shopping cart to be mentioned at this juncture is Boss Cart, it is one of the fastest growing ecommerce shopping cart software , it support unlinited products for merchants that sell products. For online traders who sell items such as MP3, PDF files and other digital gooes, there is a module that caters for this too.
