Website security

When entering private information, be sure to check that the site uses encryption to keep any data you enter on the website safe.

To tell if a website uses encryption, look for a web address with https (“s” for secure) with a lock icon beside it (as pictured below). It may look different depending on what web browser you use.

How do I choose a secure password?

Length and complexity is pivotal to create the strongest possible password. Make it as long as possible, at least 14 characters is recommended. Remember to use uncommon letters, punctuation, symbols, and number combinations. Use capitalization to add complexity.

Microsoft suggests some smart guidelines to follow when creating passwords:

Microsoft provides a password checker so you can test the strength of new passwords before putting them to use.

Some common mistakes made when creating passwords that you should avoid:

1. Words found in a Dictionary (in any language).

2. Words spelled backwards, common misspellings, and abbreviations.

3. Sequences or repeated characters. Ex: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).

4. Using your name, birthday, driver’s license, passport number, or any other personal information someone could connect to you.

How do I remember all these passwords?

Using the Mac OS X Keychain Access application or an online storage solution such as Wallet, or LastPass these are all ways to keep your passwords secure. All you need… Read more

Good business is built on trust. When selling goods and services online, a high level of security is key to building customer trust. Here are several ways that you can increase online store security and build customer confidence.

Write and post your security policy

First, draft a transparent security policy that outlines the steps you take to protect customer information. Next, post this security policy in a prominent place on your ecommerce website.

There are several benefits of writing and posting your security policy:

• Build trust by demonstrating your commitment to protecting customer information.
• Save time by having a policy that you can refer to when questions arise.
• Achieve due diligence by having a security policy in place.

Guarantee your goods and services

Provide a customer-friendly warranty and return policy. Guaranteeing your products or services increases credibility and demonstrates your approach to customer care.

Having guarantees and warranties improves customer experience and increases the chance of sales and referrals.

Encrypt your information

An important way of increasing security is to use Secure Socket Layer (SSL) encryption. SSL encryption is an ecommerce standard, and most customers won’t provide financial information without it.

The SSL protocol encrypts information by translating financial information into a code that only your online store can decipher. A small lock in the browser window indicates the presence of SSL protocol. Another indicator of SSL is a URL that begins with https:// instead of http://. These indicators provide customers with a sense of security when shopping… Read more

PCI DSS and credit card payment processing

The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.

What is PCI DSS?

The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.

The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique… Read more