Archive for online security

How to do Business Online – Securely

January 26, 2009 at 2:55 pm · Filed under online security ·Tagged , , , ,

I attended an interesting seminar on Online Security on Thursday last in Dublin. The seminar was organised by the IIA and had speakers from AIB Merchant Services, Realex, IPSO, MasterCard and TrustWave.

Rather than going through the presentations one by one, I’ll list the 3 main issues and topics I took away from the event.

1. PCI Data Security Standard (PCI-DSS)

PCI DSS is a security standard that lists requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The standard is intended to help organizations proactively protect customer account data. It is a standard that all online retailers need to educate themselves about as they will need to comply with the regulations in the near future.

There are 4 levels of online merchants – measured on the number of card transactions they process annually. We fall into level four.  All retailers in levels one to three should be compliant by now, as the deadlines have passed. There is currently no deadline for level four merchants. But talking to experts at the seminar, the opinion is that the deadline will be set around September 2009. So it is the responsibility of online merchants to get to know about the standard and become compliant with it. My view is that it is better to be compliant sooner rather than later.

To become compliant the merchant needs to get assessed by a PCI Qualified Security Assessor (QSA). There are a number of QSA’s in Ireland – see here for the worldwide list and search on Ireland. Rather than wait for the deadline, we plan to get assessed and passed as soon as possible and publicise the fact that we are PCI-DSS compliant. This will give potential customers even more added assurance that we are a secure shopping site.

combination-lock

2. 3d Secure

3D Secure is an extra validation step in the customer’s purchase process that the card merchants are encouraging online retailers to implement. I have used it myself when shopping with some sites. The issue I see with 3D Secure is that it has some benefits for the retailer but very little for the online shopper. We were also told at the seminar that the extra step of inputting the 3D Secure password can cause up to 15% of customers to abandon their purchase – as they are confused by the extra requirements for further validation information. We (at PuddleDucks) simply cannot afford to lose 15% of our potential sales so we will not implement 3dSecure for the time being. We will wait until it becomes more widely available and an advertising/education campaign is undertaken by the card providers.

shopping_cart

3. Chargebacks

Chargebacks are reversals of credit card transactions back to the retailer e.g. if a fraudulent (e.g. stolen) card is used online, the transaction is approved and the merchant (like us) dispatches the goods. Once the card is reported to be stolen the card issuer (the bank!) then comes back to the merchant and will recoup the transaction amount along with a processing charge. Luckily we have never had a chargeback imposed on us. The main thing for online retailers is to be vigilant regarding unusually large orders, strange selection of items, overseas orders, orders at unusual times, an order where the card is issued by a bank in once country and the customer is located in another country, etc. The number one rule is to be very careful – even if the transaction is approved by the bank this is not a guarantee that you will get the funds. And I learned that you can get chargeback up to 180 days after the date of the transaction.

Overall an interesting and informative seminar. Thanks to Irene at the IIA for organising it.

Comments (8)

Internet Shopping (with us) is Safe!

November 27, 2008 at 10:37 am · Filed under online security, Our business ·Tagged , , , , , ,

I’ve recently read reports in the technology press saying that a percentage of Irish e-commerce sites don’t take customer security seriously.  See one of the reports here. I have no reason to doubt the statistics but this type of report fills me with dread, as it gives the impression that it is unsafe to do online shopping with any Irish e-commerce websites.

Firstly let me say this at the top of my e-voice to everyone who’s listening. “We do take security extremely seriously”. Why wouldn’t we? Our whole business (and livelihood!) is dependent on convincing our potential customers to trust us and enter their personal and credit card details on our website. So, here is a list of the reasons why you can be sure that shopping with us at puddleducks.ie is safe:

  1. All communication of your personal and credit card data is encrypted. Check the “https://” and the padlock on our checkout pages.
  2. We have an up-to-date security cert from Thawte. Check that it is current by clicking on the cert. It will show it is current and it will display today’s date.
  3. For credit card processing we use Realex – the leading payment service provider, also used by companies such as Aer Lingus and Vodafone.
  4. We do not store your credit card details on our server. In fact, we never ever see them.
  5. We show our actual real address and land-line phone number on our homepage. Go on – phone us – we are real people!
  6. We publish a security policy on the site showing the measures we take to protect your personal data.

It is important to educate internet users on how they know whether a certain online shopping site is safe or not. Occasionally, we hear scare stories in the media regarding internet security. In some of these reports, instead of teaching people about the few steps to know when a site is safe or not, commentators often say “To be really sure only shop at large well known websites such as Amazon or Ebay”. This type of advice can have a huge impact our business and is very simplistic. 

Instead, the advice should be “Learn the difference between a safe and unsafe site and then go shop at the safe and secure Irish-owned small businesses (like us!) that are introducing more competition and extra choice to the Irish online shopper. Learn that sites taking the type of security measures listed above can be trusted and you can safely shop with them.” Please!

— Aedan

Leave a Comment