Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

Split Testing with McAfee Secure Trust Seals

Posted by websiteverification on November 2, 2009

There are several ways for online businesses to boost conversion rates. You may be able to think of some of these ways, but I have a couple more that you should consider.  Trust seals from businesses such as McAfee Secure will help boost sales and conversion rates. This is because when your customers see the trust seals on your site, they know that they can trust it more than other sites, because it has been verified by a third party.

In doing some research, I have found another great way to improve your conversion rate. This is split testing.  By using split testing, a business can determine the best spots on their websites to put things, including trust seals.  Simply changing the color of a link, or putting it on the opposite side of the webpage, can truly increase the amount of people that click on it.  This does seem pretty amazing, but people have short attention spans, and if they can’t find what they are looking for right when they want it, they will just go to another site. Split testing will show you how effective your site is and will help you to be able to get the highest conversion rate possible.

The most frequently used type of split testing is A/B split testing.  A/B split testing lets you compare two versions of your website against each other.  You will be able to determine which version is most effective. Many businesses have used split testing to test the effectiveness of trust seals. They compare a version of their site with trust seals against one without. The outcome has been reported is that the use of trust seals has doubled conversion rates.  This is great results, and totally worth it.

So, if you are looking to improve your conversion rate, think about trust seals from companies such as McAfee Secure.  And don’t forget to try split testing as well.  Not only will you know how to better arrange your site so that customers will want to visit, but you will see the results of how trust seals can help.  Good luck!

Posted in mcafee secure, website verification | Tagged: , , , , , | 1 Comment »

BBB Online Trust Seals for Website Security

Posted by websiteverification on October 15, 2009

The ultimate goal of the BBB Online is to generate a standard of trustworthy business practices. The BBB online knows customers want to be sure that they are shopping on websites that are safe and secure. They don’t want their private information falling into the wrong hands.  The BBB online and trust seals are the answer.

The BBB online has set up some recommendations to help online business owners stay on track.

Be Honest in Advertising – Follow an honest standard of advertising and selling.

Be Transparent – Plainly identify the nature, place and ownership of your business.  Obviously reveal all policies, guarantees and procedures that influence a customer’s decision to buy.

Be Responsive – Address marketplace disputes speedily, professionally, and honestly.

Honor Promises – Obey all written agreements and verbal representations.

Safeguard Privacy – Safeguard all data collected against mishandling and fraud.  Gather personal information only as needed and respect the preferences of customers regarding the use of their information.

Embody Integrity – Approach all business dealings, marketplace transactions and commitments with integrity.

Tell the Truth – Truthfully represent products and services, including clear and satisfactory disclosures of all material terms.

Build Trust – Maintain a positive track record in the business world.

The BBB online wants to promote trust and confidence on the internet by providing trust seals.   A trust seal is an image that is placed on a business website to show proof that the website has been verified and meets the program standards for good business practices online.  As an online business owner, you should have trust seals posted on your website to prove to your customers that you are a legitimate business. Look for trust seals, such as the BBB online, to help your online business.

Posted in BBB, website verification | Tagged: , , , , | Leave a Comment »

Complying with the PCI Data Security Standards is Too Hard and Too Expensive

Posted by websiteverification on July 22, 2009

We all know by now that PCI compliance is necessary, but that doesn’t mean it’s the easiest thing in the world to accomplish.  Many businesses claim that complying with the PCI Data Security Standard is too hard and too expensive.

Understanding and executing the 12 PCI DSS requirements can seem intimidating, especially for small to medium sized businesses. However, these requirements were developed to help protect businesses from being victims of cardholder theft. Even if there was no requirement for PCI compliance, the practices for security found in these standards are steps that every business would want to take anyways to protect sensitive information. Most aspects of the PCI DSS are already a common practice for businesses who want their sites secure. There are many products and services available to help meet the requirements for security and PCI compliance.

When people say PCI is too hard, sometimes what they may really mean is that complying is expensive. But you should know that the business risks and ultimate costs of non-compliance can greatly exceed the cost of implementing PCI DSS.

Non-compliance can be very expensive if not catastrophic. Non-compliance doesn’t just result in costs associated with fines, credit card replacement and audit fees, but also from loss of business reputation and revenue. In fact a recent study stated that 70 percent of the cost of non-compliance was loss of revenue. This is not only a big deal for big companies that are criticized by the media, but may be truly disastrous for small businesses and the result is putting them out of business.

So, if you are one of those people that have ignored PCI compliance, know that it is not worth it.  Complying with the PCI Data Security Standard is a must!

Posted in pci compliance, website verification | Tagged: , , , , , | 1 Comment »

Identity Theft Can Be Avoided With Vulnerability Assessments

Posted by websiteverification on June 26, 2009

It has been said that identity theft is the largest white collar crime ever in the United States.  As a website owner, you may wonder what you can do to protect your clients.  I am here to recommend that you should definitely have vulnerability assessments done on your website.  A vulnerability assessment is defined as the process of identifying, quantifying and prioritizing the vulnerabilities in a system.  You may have also heard of vulnerability scanning or pci scanning, it is really all basically the same thing.  And it is one of the best ways that you, as an online business owner, can protect the information of your customers.

Criminal identity theft occurs when a thieve gives another person’s name and personal information such as a drivers’ license, date of birth, or Social Security number (SSN) to obtain a job, housing, money, goods, or other services. It’s been reported by the Federal Trade Commission that in the last twelve months 9.93 million people have had some type of identity theft crime committed against them. Victims spend on average $1,200 in out-of-pocket expenses and an average of 175 hours in time and effort to resolve the many problems caused by identity thieves. The scary thing is that it takes a victim on average 12 months before they even realize they have been victimized!

So how can vulnerability assessments help? Having vulnerability scanning conducted by an approved scanning vendor yearly or even quarterly can protect your site and help keep you compliant with the PCI DSS (Payment Card Industry Data Security Standards). Merchants that accept, process or store credit card information on their site, must have the scanning conducted.  Once passing the scan they will receive the official certification that they need to submit to their acquiring bank.  You can be sure that you will avoid penalties and heavy fines, if you are conducting these scans and staying compliant.

It has been proven that merchants who are pci compliant see online orders increase. Why? Because shoppers are more confident in using their credit cards online when they know that the sites they are shopping on are more protected from the risk of identity theft.

Some areas that are tested during a vulnerability assessment are firewalls, server vulnerabilities, virtual private networking (VPN), email configuration, remote access services, web site analysis, modems, and more.

So if you own an online business, don’t take any risks.  Keep your site compliant and safe from identity thieves for the protection of your business and your customers. Start vulnerability assessments now.

Posted in pci compliance, website verification | Tagged: , , , , , , , | 1 Comment »

The PCI Standards SAQ

Posted by websiteverification on June 1, 2009

While doing my research into the PCI standards I have come across a term quite often; SAQ.  The acronym stands for Self Assessment Questionnaire. The PCI standards Self Assessment Questionnaire is a tool used to assist merchants and service providers in self-evaluating their PCI compliance.

There are five different versions of the PCI standards SAQ in order to meet various scenarios.  The version that your organization will need to complete depends on how your company handles credit card data. For some businesses, the appropriate questionnaire is short and simple, while for others it is long and technical.  But each questionnaire is divided into six sections that focus on a specific are of security. These are:

  1. Maintain a secure network.
  2. Protect cardholder data.
  3. Maintain a vulnerability management program.
  4. Implement strong access control measures.
  5. Regularly monitor and test networks.
  6. Maintain and information security policy.

While completing the SAQ, merchants have to pass each question in order to be considered compliant with the PCI standards. Failing any question means the merchant or service provider is not compliant. The risk(s) identified by the questionnaire must be remedied and the questionnaire retaken.

The SAQ may seem somewhat complicated, but there are many businesses and websites out there that can help you complete it.  Also, depending on your merchant level, the SAQ may not be enough.  You may need to have an onsite audit completed to certify your PCI compliance.  The best thing to do if you are unsure is to check with your acquirer.

Posted in pci compliance, website verification | Tagged: , , , , , | Leave a Comment »

What’s Wrong With The PCI DSS?

Posted by websiteverification on May 14, 2009

There has been a lot of criticism regarding companies following the PCI DSS as there only form of security. While it is important to have other options for security, following the PCI DSS does work!
clipped from www.tripwire.com

There’s nothing wrong with PCI DSS that cannot be cured by following it

I continue to hear comments that PCI DSS doesn’t work and that it should be modified or even eliminated.
find it interesting that so much fault can be leveled at PCI DSS in light of the facts that Verizon Business puts forth in their 2009 Data Breach Investigations Report. Here are some of their findings after investigating data breaches that compromised 285 million records in 2008 alone:
 81% of the victims were not PCI compliant
The last point—81% of the victims were not PCI compliant—speaks volumes about the spirit, intent and effectiveness of PCI DSS …. if it is treated as security best practice and followed on a daily basis rather than treating it as a checklist that must be passed annually. Until each of the above percentages changes dramatically, I think PCI DSS should be seen as a good security best practice to follow continuously.
Posted by Ed Rarick
  blog it

Posted in pci compliance, website verification | Tagged: , , , , , | 1 Comment »

PCI DSS Fines

Posted by websiteverification on April 28, 2009

Ok, so we all know about the PCI DSS (Payment Card Industry Data Security Standards) by now. But some of you may be wondering what the PCI DSS fines are if you do not become compliant. The fines can be pretty steep as I will explain below, but not only will you risk huge fines if you aren’t compliant, you are putting your security system and customer information at risk.

All businesses who store, transmit or process credit card data are required to follow the PCI DSS, and should have become PCI compliant by the end of 2007. If you are one of these businesses and are not yet compliant, you are constantly at risk of losing sensitive cardholder data, which will most likely result in PCI DSS fines, legal action and bad publicity. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.

High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the cardholder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations.

So don’t risk it. If you are not yet PCI compliant get there now. It is not as hard as it may seem, and well worth the time and money you put into it. If you don’t want to risk those pesky PCI DSS fines, you know what to do!

Posted in pci compliance, website verification | Tagged: , , , , , , , , | 4 Comments »

Are the Websites you Shop on PCI Certified?

Posted by websiteverification on March 31, 2009

You may have heard a lot about PCI compliance, and maybe you have taken all the steps you need to ensure that your business is PCI certified. But, I have a question for you? Are the websites you are shopping on PCI certified? This is something that is important to you as an online shopper, because you want to make sure that your personal information, such as account numbers, etc. is safe and secure. One way that you can be sure, is if the website you are shopping on is PCI certified.

Just to review, what it means to PCI certified is that the website is complying with all the requirements of the PCI DSS (which stands for Payment Card Industry Data Security Standards). These requirements include things such as building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, regularly monitoring and testing networks, and maintaining an information security policy. Also, the website should be carrying out quarterly or daily PCI vulnerability scans. These scans will scan the website on a quarterly or daily basis in order to make sure that there are no threats or vulnerabilities on the website that would cause customer information to become stolen by hackers and online thieves.

You may be wondering how you can tell if a website that you shop on is PCI certified. The easiest way to tell is by looking for trust seals posted on the website. Trust seals are small images, that when clicked on, will confirm that the website has been verified and has conducted PCI scans. It is important to look for trust seals when shopping online, so that you aren’t putting your personal information in on a site that is not safe from online theft.

So when you shop online, be careful. Do your homework and look for those trust seals that are up to date. You want to be sure that the site you are shopping on is verified by a third party, and is following PCI compliance. Don’t let your personal information fall into the hands of the wrong person. Make sure that you are shopping on websites that are PCI certified.

Posted in pci compliance, website verification | Tagged: , , , , , , | Leave a Comment »

Vulnerability Assessments?

Posted by websiteverification on March 18, 2009

You may have heard the term “vulnerability assessment, but aren’t quite sure what it means. You are not alone. I ran into this term a few times in my research and wasn’t quite sure what to think, so I decided to find out what exactly a vulnerability assessment is, and how it relates to PCI compliance.

These days, the risk of threats on the internet has become increasingly worrisome. The rising cleverness of intruder attacks using vulnerabilities found in online networks and applications has made it crucial for businesses to assess their network on a regular basis. This is where a vulnerability assessment comes in. A vulnerability assessment works hand in hand with PCI scanning to accurately scan web applications, databases, networks, operating systems and other software to find threats and assess the risk to the business. In a nutshell, running these PCI scans (sometimes referred to as vulnerability scans) help to reveal any areas in your network that are weak or prone to attack. Then you will be able to make any changes needed to your network to ensure that your business and customers are safe.

As with anything, it is important to realize that using vulnerability scanning alone, is not entirely fail-safe. As a business, you can combine the use of vulnerability scanning along with other means of website protection to ensure the security of your business and customers. Also, you should be aware, that not all vulnerability or PCI scanners are the same, so you really should do some research and make sure that you are using an approved scanning vendor (aka ASV), that will do the best job for you.

A company that I have found to be very helpful in all my research is Trust Guard. They offer a lot of information on a vulnerability assessment and vulnerability scanning. Check it out, and ensure that your business is protected.

Posted in pci compliance, website verification | Tagged: , , , , , , , , | Leave a Comment »

The PCI Security Standards Council

Posted by websiteverification on March 10, 2009

I have been talking about the PCI Security Standards a lot in my posts. I have gone into a lot of detail about what the PCI Security Standards are, but I thought it might be helpful to let you know where they come from. In doing all my research one of my main sources has been the PCI Security Standards Council’s website (found at https://www.pcisecuritystandards.org/). They are kind of the main resource and enforcer of PCI compliance and PCI scanning. I thought it might be helpful to everyone to let you know a great place to find out more information about the PCI Security Standards.

The PCI Security Standards Council’s goal is to improve security for payment card accounts by bringing more education and awareness of the PCI Security Standards to merchants and businesses around the world. The PCI Security Standards Council was founded by the five major credit card companies American Express, Discover, JCB International, MasterCard, and Visa.

To give you some idea of how the PCI Security Standards Council runs on a daily basis, I have included some information about the different areas of the council. The PCI Security Standards Council is headed by a policy-setting Executive Committee, consisting of representatives from the five founding payment brands. Operational decisions are made by a Management Committee, as well as from the payment brands. An Advisory Board, drawn from participating organizations, offers input to the organization and feedback on the progress of the PCI Data Security Standards. A Marketing Working Group, Technical Working Group, and a Legal Committee, whose participants are drawn from the payment brands, deal with their respective activities.

So if you are ready to make your business PCI compliant, reading about the PCI Security Standards Council is a great place to start. You can find a lot of great useful resources and information on their site to help you know what you need to do.

Posted in pci compliance, website verification | Tagged: , , , , , , , , | Leave a Comment »