PCI Compliance – Maintain a Vulnerability Management Program


Requirement 5: Use and regularly update anti-virus software
Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all systems commonly affected by viruses to protect systems from malicious software.

Requirement 6: Develop and maintain secure systems and applications

Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor provided security patches. All
systems must have the most recently released, appropriate software patches to protect against exploitation by employees, external hackers, and viruses.

PCI Compliance – Protect Cardholder Data


Requirement 3: Protect stored cardholder data
Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed and not sending PAN in unencrypted emails.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Sensitive information must be encrypted during transmission over networks that are easy and common for a hacker to intercept, modify, and divert data while in transit.

E-Commerce Marketing Basics

The World Wide Web currently has millions of online stores that individuals seeking an outlet for making money from home have established, yet the majority of those are not making a dime. The issue here is that these “Netrepreneurs” have the business knowledge and basic website design know-how to set up a business and a website, yet do not have a clue how to properly market their online stores. Marketing is just as important in the process of establishing an online store as setting up the website. Creating an online business is a fairly simple process, but without proper marketing, it is nothing more or less than a waste of time. Fortunately, the process of marketing is very simple once you know the proper steps to take.

The first thing that you must do to catapult your online store marketing procedure is the most simple, and that is to merely submit your site to all the major search engines, such as Google.Com and Yahoo.Com. The submission process requires nothing more than going to the search engine home pages, finding a link to site submission (usually near the bottom of the page) and typing in your site address. Alternately, one can simply search the term “multiple search engine submission” and find sites that will submit your home page to all the major search engines at once.

Once that initial basic step is taken care of, you will need to familiarize yourself with the Google algorithm system. Though it sounds daunting, this too is a fairly simple concept. Google will regularly, usually about every three months, crawl the internet searching all websites to determine their popularity. The more popular sites will go up in page rank and the lesser ones will either decline or stay stagnant. Most people think popularity comes from the number of visits to the site. Though that is a factor, the real impact is back links. Back links are links from other sites to yours. If the site that has a back link to your homepage on it is high ranking, your page rank will likely go up quicker. The trick here is to find very popular sites and offer to trade links with them, or even leave comments on their sites regarding their products or subjects with a back link to your site. It takes a little time, but very little to no technical know-how.

Another way to market your site via back links is write small articles regarding the same type of products that you are selling on your site and submit them to free article sites. These sites will then post your articles on their website and others can come, read them, take them and post them on their own sites. Each article should have a back link to your site at the bottom of it. This will open up a world of potential back links for you.

There are many other very effective forms of marketing your sites, such as networking websites, i.e. Twitter, Facebook,  and MySpace. These networking portals receive thousands of visitors per day giving you plenty of promotional opportunities. As a last tip, try to keep whatever product you are selling either equal to or more affordable than other similar products found on the web. People will go a long way to save a few cents.

PCI Compliance – Requirement 2


Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These Passwords and settings are well known in hacker communities and easily determined via public information.

This may seem like common sense, but you would be surprised. There are many  manufacturers that set very easy default passwords on their products before shipping. Some as easy as the word PASSWORD.

We have a very stringent password protocol here that includes weekly password changes. This is a practice that each and every one of us should adhere to.

Password Basics:

  • Use at least eight characters, the more characters the better really, but most people will find anything more than about 15 characters difficult to remember.
  • Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
  • Don’t use a word found in a dictionary, English or foreign.
  • Never use the same password twice.

Things To Avoid

  • Don’t just add a single digit or symbol before or after a word. e.g. “apple1”
  • Don’t double up a single word. e.g. “appleapple”
  • Don’t simply reverse a word. e.g. “elppa”
  • Don’t just remove the vowels. e.g. “ppl”
  • Key sequences that can easily be repeated. e.g. “qwerty”,”asdf” etc.
  • Don’t just garble letters, e.g. converting e to 3, L or i to 1, o to 0. as in “z3r0-10v3”

Bad Passwords

  • Don’t use passwords based on personal information such as: name, nickname, birthdate, wife’s name, pet’s name, friends name, home town, phone number, social security number, car registration number, address etc. This includes using just part of your name, or part of your birthdate.
  • Don’t use passwords based on things located near you. Passwords such as “computer”, “monitor”, “keyboard”, “telephone”, “printer”, etc. are useless.
  • Don’t ever be tempted to use one of those oh so common passwords that are easy to remember but offer no security at all. e.g. “password”, “letmein”.
  • Never use a password based on your username, account name, computer name or email address.
Check out more great password tips at Lockdown

Writing Better Web Page Titles

What is a web page title?
Web page titles are the words that are displayed at the top of the window for each web page that is opened. Usually people do not pay too much attention to the title of a web page unless it is minimized. The title is how people tell which web page they want to return to before they maximize the window.

That is not the only reason for titles, however. Web page titles are also used in web search engines. They are often what is displayed in a search result for a particular key word. The web page title is usually the bolded term that is clicked on to bring up that particular web page. Titles usually are named according to the subject of the site. Sometimes the name of the site is used, but other times the titles usually just list what the page is about.

Why is the page title important?

As can be imagined, the web page titles can be quite important. This is due to the fact that a lot of web traffic is dependent on the web page title. People usually choose clear, short, and relevant titles to the keyword that they are searching for. Web page titles that are confusing or that look nothing like the chosen keyword are much less likely to be clicked on. This means that that site is receiving much less visitors that a site with better web page titles.

Creating web page titles
It is easy to come up with relevant, short titles. The first thing to do is create the page. It is hard to name a page that does not exist. Once the content is created then the next step is to create the title. The title should reflect what that particular page is about. A page about how to clean a pool could be titled, “Easy pool cleaning.” The idea is to use as many keywords as possible to get the site higher up in the search engine rankings. The actual content of the site has a lot to do with the rankings, but a good title helps as well.

One of the best things to do when creating titles is to eliminate filler words. Anything that is not directly related to the content of the page should be eliminated. A title like “A discussion on the quality of different hotel chains,” could be shortened to “Hotel chain quality review” or something similar. The least amount of filler words possible should be the goal of any title. The web site name can be included in the title sometimes, but only if it flows well with the rest of the title.

These tips should help with the creation of web page titles. It is important to never underestimate the power of small things to make a big difference in the ratings of a web page. A good title combined with good content should be well on the way to topping the charts of any search engine.

What is PCI Compliance?


Many customers hear about PCI compliance and wonder what it is. To shed some light on the largest change to E-Commerce in the last few years, we’ll discuss each requirement and how it affects you.

The PCI  (Payment Card Industry) security standards are a blanket of regulations set in place to safeguard payment account data security.  The council that develops and monitors these regulations are comprised of the leading providers in the payment industry:  American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International.  Essentially, they define the best practices for storing, transmitting, and handling of sensitive information over the internet.

In order for a vendor to be PCI compliant, they will need to meet 6 main requirements.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Firewalls are computer devices that control computer traffic allowed into and out of a company’s network, as well as traffic into more sensitive areas within a company’s
internal network. A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria.

All systems must be protected from unauthorized access from the Internet, whether entering the system as e-commerce, employees’ Internet-based access through desktop browsers, or employees’ email access. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.

Next up – Protect Cardholder Data

3Dcart Announces New Partnership with Wishpot.com


3DCart Shopping Cart is now fully compatible with Wishpot Wishlist and Registry Tools.

Add Wishpot Wishlist or Registry functionality on your website to increase online sales

Wishpot is a free social shopping service where members save all the things they are shopping for, from anywhere; in one place. Our members love our service as they can easily share their finds with friends and family. The Wishpot button makes it easy to scour the web and add anything to Wishpot. Wishpot is unique in that our members use Wishpot for both their personal shopping and for major life events. It also offers the ability to request cash and charity donations, combined with the hottest products and newest trends. As a Wishpot enabled merchant you can offer up the Wishpot Wishlist and Registry tools to your customers.


• Increased transactions – Wishpot provides many services to users that increase the likelihood that a user will actually purchase from their wish list: price and coupon alerts, cash contributions, birthday reminders, friend activities and much more.
• Customers remember your site – The Wishpot button makes it easy for your customers to save items from your site to their lists. Long after customers leave your site they remember it. And can easily link back to it.
• Increased exposure for your products – customers not only remember but share your products. Wishpot has widgets and a Facebook application. Your products get increased exposure through feeds and blogs.
• Continual engagement with your product – Wishpot is a social shopping network – once your product is added to a public list, other Wishpot members comment on it, share it, and add it to their own lists.

Getting Started

As a user of 3DCart you can also utilize our other features like price alerts, chip-in, and wishlist user statistics. Feel free to contact us at [email protected] and we can help you get the most out of the Wishlist and Registry experience.

For more information, visit our merchant page for more details.

3dCart is now on Youtube


We’ve taken all of our training videos and transfered them to Youtube.

Bookmark it: youtube.com/3dcart

Training videos can help you get the most out of your online store!

3DCart Training Videos cover many important features of 3DCart that can help you grow your online business.

3dCarts easy to use shopping cart software allows users with little or no programming knowledge to be up and running within minutes, yet provides the robust features that webmasters need.

If you have an iPhone, you’ll now be able to watch our videos on the go!

Your Business Card is Crap!

Say what you want about the presentation, but he speaks the truth. I have business cards for my 3dCart store and they’re from moo.com. Not only are they fantastic quality, but they’re memorable and easy to carry. Regardless of what you use, make sure you use something. You never know when you’ll need to hand one out.

Check out these innovative business card designs

Top 10 Reasons Your Chargeback Will Be Denied

2273635564_840c696667_b A reader of Consumerist.com has posted an article detailing 10 reasons why consumers fail chargeback requests. As a store owner, a chargeback can be very frustrating and it would serve you well to know what your customer has to do in order to file a successful chargeback against you.

Originally posted here

Remember, the merchant does have a chance to rebut these things. If you tell us that you ordered widget A but received widget B but have no proof, and the merchant sends proof that you actually ordered widget B, you’ll probably be getting rebilled!

Please, please check your statement every month. We work within very limited timeframes, and, technically, you are required to notify us of a dispute (in writing! Just calling in doesn’t obligate us to do anything), within 60 days of the statement date the charge appears on. Visa gives some extensions: non-receipt and quality. With quality, you have to show you’ve been working with the merchant consistently to resolve the problem. MasterCard pretty much only gives extensions on non-receipt.

If you’re disputing the quality of something over $100.00 or so, it pays to get a second opinion letter. Within reason, of course. If you’re disputing the quality of a repair, on the other hand, you pretty much have to have one. These need to be on a merchant’s letterhead and have actual details about your dispute. “Car still broken,” will get you started, but if the merchant sends a rebuttal it’s probably not going to fly.

The lovely consumer protections we enjoy in the U.S. do not follow you across our borders. If you buy something overseas, the burden is on you to return the item and prove it the merchant accepted the return before we can do anything. International quality disputes? Forget it. Strangely enough, this is the one category that MasterCard is better in as it does not differentiate between domestic and foreign merchants.

If you go to a hotel and the room is filthy, leave within 20 minutes and get proof of your checkout, if possible. If you stay the night, you accept the room.

When you return something by mail, GET PROOF OF RETURN. This can not be emphasized enough. Tracking numbers work best, return receipts work as well. When you return something you have the same burden of proof to show the merchant gets it back as they do to show you have it in the first place.

When asked for dates, please provide them and be as specific as possible. It doesn’t have to be exact, but if you called around the middle of the month, April 15, 2009 is better than April 2009, especially since we’re going to have to call you to get a more specific range and do the same thing anyway. “Don’t remember” is not a valid option.

Get in touch with them before you get in touch with us. Believe it or not, most merchants are actually on the up and up! If the merchant offers to try to fix whatever problem you have without charging more, you have to give them the chance. If you’re from New York and got your car repaired in Florida, you get back home and the repair isn’t working right, still have to give them a chance.

It makes things more difficult and makes it more likely that you will lose. Don’t dispute things as unauthorized unless you never gave the merchant your credit card number. Don’t dispute things as non-receipt if the merchant did do something but you didn’t get the results you wanted.

With Mastercard (MC) the burden of proof lies on you. If you buy something face-to-face, get home and realize that it’s not as described, you’re out of luck entirely as you had a chance to examine the merchandise. Also, with MC it’s entirely up to you to know the merchant’s cancellation/return policy, even if they don’t disclose it. They didn’t tell you that you couldn’t cancel after three days? Too bad.