Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

Posts Tagged ‘website verification’

Do You Need IT Penetration Testing?

Posted by websiteverification on January 19, 2012

IT penetration testing is a process used to assess the safety and security of a computer system or network by faking an attack from malicious hackers.  The procedure is related to a vulnerability assessment, but includes a lot more.  A vulnerability assessment is performed by a machine looking throughout your network.   With a penetration test, a professional penetration testing resource reviews the results of the vulnerability scans and also validates the results against the network or application.  Because it is an actual human being performing the review, there are frequently new findings that a machine doesn’t catch.  Also, because the test is usually carried out from the position of a prospective hacker, it will more often find the vulnerabilities that hackers find.  You may have heard penetration testing referred to as ethical hacking.

Penetration testing is done for many different reasons.  Some of these are: To discover high risk vulnerabilities that can result from low risk vulnerabilities.  To recognize vulnerabilities that may otherwise be hard to identify with automated network or vulnerability scanning software. Testing networks to be able to successfully detect and respond to hacking attacks.

Penetration tests are an element of a security audit.  The Payment Card Industry Data Security Standard (PCI DSS) and the security and auditing standard require both annual and ongoing penetration testing.

Advertisements

Posted in website verification | Tagged: , , , , , | Leave a Comment »

Online Business Owners Should Improve Online Conversion Rates

Posted by websiteverification on September 1, 2011

Online business owners everywhere are constantly trying to improve sales and profits.  If you own a business online, you may know that one way you can do this is by improving your conversion rate.  When referring to conversions in online marketing and sales we are referring to when a visitor comes to the website and completes the business owner’s intended action.  Such as, buying something on the website or joining an email list or newsletter.  Ultimately, the conversion occurs when the visitor becomes the customer. The conversion rate is the percentage of visitors who perform the intended action…the percentage who make a purchase or whatever the intended action is.

Finding the online conversion rate for your website is really important if you want to be successful. Conversion rates are a really good way to measure the success of your website and help you see what things may be working and what things aren’t.  There are many things you can do to improve your conversion rate and increase online sales and profits.

Create user reviews about the products or services you offer on your site.  This can accelerate conversion on your website and improve conversion rate.  You may choose to reserve a section or page on your site for previous customer’s reviews. When someone searches for something that you sell, they will be directed to your site to see the reviews.

Produce better substance for your website that clearly targets the conversion goal.  For example, if you are selling clothing online, make sure that you have pictures, text, video, etc. relating to that clothing.  Make certain you add content to your website regarding any special sales or clearance.

Improve your website navigation structure.  If your website is not easy to navigate, visitors will be less likely to continue to visit the site.  Be sure that the way it is structured makes it easy for visitors to browse and find what they want without having to think too much about where to click.

Remember, increasing conversion rate is essential in increasing sales and profits when it comes to an online business.  If you want to increase sales (and who doesn’t?) think about using some of these ideas to improve your conversion rates.  Also, there are some companies that will help you with this and do it for you.  Check them out if you are interested!

Posted in website verification | Tagged: , , , , , , , | Leave a Comment »

You Can Overcome Website Vulnerabilities That Can Lead to Hacking

Posted by websiteverification on March 18, 2011

All website and online business owners are concerned about the website vulnerabilities that may affect their site.  This is because internet threats are everyone.  One in particular is hacking.  Everyone has heard of computer hacking, but do you really know what can happen to your website if it is hacked? How can you overcome website vulnerabilities that lead to hacking?

Wikipedia describes computer hacking as the practice of changing computer hardware and software to accomplish a function which is outside of the creator’s original purpose.  Essentially, hacking is unlawful use of a computer and its network resources. Crimes such as identity theft, credit card fraud or other computer crimes are often the result of hacking.

Some hackers are technology buffs who enjoy learning how computers work and may even consider computer hacking as a form of art.  However, computer hacking is illegal unless it is done under contract between an ethical hacker and an organization.

Vulnerability scanning is the best way to protect your website from the vulnerabilities that can lead to things like hacking.   It is crucial that you test your website applications on a regular basis to ensure the safety of your computer systems and web data, as well as your customer’s private information. According to the PCI Security Standards, you should have your website and system scanned at least quarterly by an approved scanning vendor.  The vulnerability scans will identify any type of vulnerabilities found in your website so you can fix them.

So if you are doing what you should be and taking the steps to protect your site and overcome website vulnerabilities, then you will look out for computer hackers.

Posted in website verification | Tagged: , , , , | Leave a Comment »

Avoid Website Vulnerabilities

Posted by websiteverification on November 11, 2010

When you have created your own website, you need to be aware of the risks of website vulnerabilities.  You spend a lot of time producing your website and maintaining it.  You don’t want an attack against your site because most likely, you would have to start all over.  Be sure that your site is not vulnerable to malicious attacks.  Below are listed some of the most prevalent website attacks that you should be aware of.

Cross Site Scripting

Cross site scripting (also known as XSS) has been proven to be the most prevalent threats to websites. XSS happens when one of your web applications gathers malicious data because of an attacker setting it up. Malicious attackers insert client side script into web pages that are viewed by other users.  When the user clicks on a link to your site from another website, instant message, or email message, it attacks your site.  The attacker is then able to gather data from your site, and it can cause major problems. The best way to avoid this is as a user, only open links from web pages that are trusted.  Cross site scripting is one of the most common threats to websites.

SQL Injection

SQL injection attacks are another common website threat. SQL stands for “structured query language”.  An SQL injection attack is when a person places malicious code into the SQL strings of your website.  The producer of the website may accept the code while they are creating their website, not realizing that it is malicious.  It will then cause major problems to the website because the attacker will now have access to website data.  They may change or steal data from your website.

Session Hijacking

Another threat to be sure your website is not vulnerable of is session hijacking.  This is when a valid computer session is exploited.  The attacker is able to take over a web user’s computer session by obtaining the session id and then pretending to be the authorized user.  They can then steal important information from the victim.  Session hijacking may or may not be detectable to the website owner.  But if your website is not responding in the normal or expected way, session hijacking could be a possible cause, so be aware.

So if you are an owner of a website, you need to watch out for these website vulnerabilities.  One of the best ways to get rid of any website vulnerabilities is to have quarterly scans of your website by an approved scanning vendor.

Posted in pci compliance, website verification | Tagged: , , , , , | Leave a Comment »

What You Should Know About PCI Vulnerability Standards

Posted by websiteverification on June 29, 2010

The topic of the PCI Vulnerability Standards has been all over the web over the last few years. By now we all pretty much know that PCI compliance is an obligation for all merchants that accept credit cards. But all the talk about PCI has brought up numerous questions as well.  I put together a list of some frequently asked questions to help everyone with some answers.

What exactly are the PCI Vulnerability Standards? The PCI vulnerability standards, usually referred to as PCI DSS (PCI data security standards), consist of 12 detailed requirements produced by the PCI council.  The PCI council consists of the five major credit card companies. The standards were created for the purpose of bringing forth a unified way for businesses to keep their customer’s private information safe and secure. It was put into place September of 2006.

Do the PCI standards apply to all businesses? Any business that accepts transmits or stores credit card information must meet the specifications of PCI compliance, no matter their size.  To put it more simply, if you accept credit cards at your place of business, then the PCI requirements must be followed.

What if we don’t accept credit cards, but we accept debit cards? PCI compliance still applies here.  The PCI standards must be followed by any organization accepting credit or debit cards, or pre paid cards.  Essentially, if you are accepting any kind of cards branded with a logo from one of the five major credit card companies – American Express, Discover, JCB, MasterCard, or Visa – you must be in compliance.

Where is a complete list of the PCI Vulnerability Standards? Check out the website https://www.pcisecuritystandards.org.

How is PCI scanning related to PCI compliance? According to the PCI council, in order to sustain proper PCI compliance, your business should undergo daily or quarterly PCI scans of your system.  An ASV, approved scanning vendor, should scan your system including things like your website, office internet connections, and more.  Basically anything that is connected to a public IP address.

What happens if I am not in compliance? Outrageous fines as high as $100,000 a month may be charged for violating PCI.  This can becatastrophic, especially to small businesses, so do not take this lightly.

This article may or may not have answered all your PCI related questions.  Above all just remember that the PCI vulnerability standards must be followed and if you still have questions, don’t hesitate to ask. There is a lot of information available and PCI compliance is very important.

Posted in pci compliance, website verification | Tagged: , , , , , , , , | Leave a Comment »

Website Security Ideas for Shoppers

Posted by websiteverification on December 16, 2009

Online shopping has become more popular over time because of the ease of shopping from the comfort of your own home. Although online shopping has become a common activity of many folks, research has shown that a lot of people still refuse to purchase items over the internet.  This is almost certainly due to the fact that customers do not feel safe when shopping on the internet.  Below I have listed some solutions for online shoppers who want to increase their safety while purchasing on the internet. It all comes down to proper website security.

Set up anti-virus software, a firewall, and anti-spyware software on your computer – You must have this to protect your computer and system against viruses that may harm or steal information off of your computer.  Check for updates to your software continually and choose a legitimate business to download or purchase the software from. In addition, you should consider applying the highest level of security available from the software that still gives you the functionality that you need.

Know the websites you are doing business with –When shopping on the internet, be as careful as you are when shopping in town. Make sure the website is owned by a business that you trust or have heard about from someone you trust.  Also, look for trust seals, or trust marks.  Online businesses that have been verified by a third party may display trust marks on their website proving that they are current and up to date with website security. If you are visiting a site for the first time, try and find out their physical business address and phone number on the website. Find out their return and exchange policy, and definitely take a look at the privacy policy.

Don’t forget to read the website’s privacy policy – Anytime you are leaving your personal or financial information with a website, you should read the privacy policy. You will want to know that your private information is being stored and used in a way that is legal and safe.

Make use of the website’s safety features – A lot of extra security is added to your transaction if you utilize the website’s safety features, such as passwords, personal questions, etc.

Never reply to emails that request personal or financial information from you – Attackers will try to get hold of your personal information by pretending they are a legitimate business and asking for you to confirm personal account information.  Any business that is legit will not ask for this type of information through email.

Make sure your information is being encrypted – Most websites use SSL (secure sockets layer) to encrypt information so that it cannot be stolen while in the process of the transaction. The way to know if the website is using a SSL is the URL will begin with https, instead of http.  Also, there should be some sort of a padlock icon.

Make purchases online with a credit card rather than a debit card– There are specific laws that limit your legal responsibility for falsified credit card charges.  You may not have the same level of protection if you use your  debit card.

Check your credit card statements regularly – Keep a good record of all your transactions at the time of purchase and then compare them to your bank statements.  If there are any discrepancies, report them at once.

These are just a few solutions to help keep you safe when you shop on the internet. It is important that you use these tips for website security when shopping online.

Posted in website verification | Tagged: , , , , , , , | 2 Comments »

BBB Online Trust Seals for Website Security

Posted by websiteverification on October 15, 2009

The ultimate goal of the BBB Online is to generate a standard of trustworthy business practices. The BBB online knows customers want to be sure that they are shopping on websites that are safe and secure. They don’t want their private information falling into the wrong hands.  The BBB online and trust seals are the answer.

The BBB online has set up some recommendations to help online business owners stay on track.

Be Honest in Advertising – Follow an honest standard of advertising and selling.

Be Transparent – Plainly identify the nature, place and ownership of your business.  Obviously reveal all policies, guarantees and procedures that influence a customer’s decision to buy.

Be Responsive – Address marketplace disputes speedily, professionally, and honestly.

Honor Promises – Obey all written agreements and verbal representations.

Safeguard Privacy – Safeguard all data collected against mishandling and fraud.  Gather personal information only as needed and respect the preferences of customers regarding the use of their information.

Embody Integrity – Approach all business dealings, marketplace transactions and commitments with integrity.

Tell the Truth – Truthfully represent products and services, including clear and satisfactory disclosures of all material terms.

Build Trust – Maintain a positive track record in the business world.

The BBB online wants to promote trust and confidence on the internet by providing trust seals.   A trust seal is an image that is placed on a business website to show proof that the website has been verified and meets the program standards for good business practices online.  As an online business owner, you should have trust seals posted on your website to prove to your customers that you are a legitimate business. Look for trust seals, such as the BBB online, to help your online business.

Posted in BBB, website verification | Tagged: , , , , | Leave a Comment »

Complying with the PCI Data Security Standards is Too Hard and Too Expensive

Posted by websiteverification on July 22, 2009

We all know by now that PCI compliance is necessary, but that doesn’t mean it’s the easiest thing in the world to accomplish.  Many businesses claim that complying with the PCI Data Security Standard is too hard and too expensive.

Understanding and executing the 12 PCI DSS requirements can seem intimidating, especially for small to medium sized businesses. However, these requirements were developed to help protect businesses from being victims of cardholder theft. Even if there was no requirement for PCI compliance, the practices for security found in these standards are steps that every business would want to take anyways to protect sensitive information. Most aspects of the PCI DSS are already a common practice for businesses who want their sites secure. There are many products and services available to help meet the requirements for security and PCI compliance.

When people say PCI is too hard, sometimes what they may really mean is that complying is expensive. But you should know that the business risks and ultimate costs of non-compliance can greatly exceed the cost of implementing PCI DSS.

Non-compliance can be very expensive if not catastrophic. Non-compliance doesn’t just result in costs associated with fines, credit card replacement and audit fees, but also from loss of business reputation and revenue. In fact a recent study stated that 70 percent of the cost of non-compliance was loss of revenue. This is not only a big deal for big companies that are criticized by the media, but may be truly disastrous for small businesses and the result is putting them out of business.

So, if you are one of those people that have ignored PCI compliance, know that it is not worth it.  Complying with the PCI Data Security Standard is a must!

Posted in pci compliance, website verification | Tagged: , , , , , | 1 Comment »

Identity Theft Can Be Avoided With Vulnerability Assessments

Posted by websiteverification on June 26, 2009

It has been said that identity theft is the largest white collar crime ever in the United States.  As a website owner, you may wonder what you can do to protect your clients.  I am here to recommend that you should definitely have vulnerability assessments done on your website.  A vulnerability assessment is defined as the process of identifying, quantifying and prioritizing the vulnerabilities in a system.  You may have also heard of vulnerability scanning or pci scanning, it is really all basically the same thing.  And it is one of the best ways that you, as an online business owner, can protect the information of your customers.

Criminal identity theft occurs when a thieve gives another person’s name and personal information such as a drivers’ license, date of birth, or Social Security number (SSN) to obtain a job, housing, money, goods, or other services. It’s been reported by the Federal Trade Commission that in the last twelve months 9.93 million people have had some type of identity theft crime committed against them. Victims spend on average $1,200 in out-of-pocket expenses and an average of 175 hours in time and effort to resolve the many problems caused by identity thieves. The scary thing is that it takes a victim on average 12 months before they even realize they have been victimized!

So how can vulnerability assessments help? Having vulnerability scanning conducted by an approved scanning vendor yearly or even quarterly can protect your site and help keep you compliant with the PCI DSS (Payment Card Industry Data Security Standards). Merchants that accept, process or store credit card information on their site, must have the scanning conducted.  Once passing the scan they will receive the official certification that they need to submit to their acquiring bank.  You can be sure that you will avoid penalties and heavy fines, if you are conducting these scans and staying compliant.

It has been proven that merchants who are pci compliant see online orders increase. Why? Because shoppers are more confident in using their credit cards online when they know that the sites they are shopping on are more protected from the risk of identity theft.

Some areas that are tested during a vulnerability assessment are firewalls, server vulnerabilities, virtual private networking (VPN), email configuration, remote access services, web site analysis, modems, and more.

So if you own an online business, don’t take any risks.  Keep your site compliant and safe from identity thieves for the protection of your business and your customers. Start vulnerability assessments now.

Posted in pci compliance, website verification | Tagged: , , , , , , , | 1 Comment »

PCI DSS Fines

Posted by websiteverification on April 28, 2009

Ok, so we all know about the PCI DSS (Payment Card Industry Data Security Standards) by now. But some of you may be wondering what the PCI DSS fines are if you do not become compliant. The fines can be pretty steep as I will explain below, but not only will you risk huge fines if you aren’t compliant, you are putting your security system and customer information at risk.

All businesses who store, transmit or process credit card data are required to follow the PCI DSS, and should have become PCI compliant by the end of 2007. If you are one of these businesses and are not yet compliant, you are constantly at risk of losing sensitive cardholder data, which will most likely result in PCI DSS fines, legal action and bad publicity. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.

High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the cardholder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations.

So don’t risk it. If you are not yet PCI compliant get there now. It is not as hard as it may seem, and well worth the time and money you put into it. If you don’t want to risk those pesky PCI DSS fines, you know what to do!

Posted in pci compliance, website verification | Tagged: , , , , , , , , | 4 Comments »