Default HubSpot Blog

Current Articles | RSS Feed RSS Feed

How to set up an eCommerce Site | Protect your customers and business

Posted by Alex Neir on Fri, April 19, 2013 @ 11:13 AM
Protection From Hackers
When setting up an eCommerce site for your business, security is the most critical component. It’s well documented that selling products and service online can increase revenue. It’s also becoming imperative to have an ecommerce presence if you want to stay competitive. That being the case, how do you set it up to protect your customers and your business?

Customer credit card security is important if you want to retain customers and protect your business. The first major vulnerability for an ecommerce site is the checkout page where the customer’s credit card information is collection and transmitted. At an absolute minimum you need to have your checkout page hosted on a secure server.A secure server is evidenced with a URL that starts with HTTPS:// and not the traditional HTTP://.

Secondarily, it’s a good idea to invest in an SSL or certified secure server page. Both the secured server and certified SSL will be offered by your hosting company and can easily be set up. A certified SSL comes with a certificate that customers can validate the encryption services and security of your website. Securing your checkout page limits the risk of your customer’s credit card information being stolen by identity thieves and therefor limits your liabilty.

A second and an increasingly apparent vulnerability for ecommerce sites are credit card validation procedures. It is a good idea to validate customer credit card information on as many fields as possible. Now there is certainly a balance here as you don’t want to force your customers to enter too much data at checkout, however to few and you open yourself up to fraud. Here are the minimums suggested.

  • Name
  • Billing Address
  • Billing Zip
  • Credit Card Number
  • Expiration Date
  • CVV Code

If you do not capture the CVV code at the time of checkout you waive your rights to fight charge backs initiated by the customer. Additionally, if you do not validate the credit card credentials you open your business up to liability from credit card testing programs. A credit card testing program is a computer generated attack on your website in which credit card numbers are tested to see if an authorization can be acheived. It is not uncommon for credit card testing programs to run 100,000 credit cards on your website overnight. The unsettling part, your business is liable for the transaction charges for the attempted authorizations.  100,000 attempted authorizations at $0.08 per transaction comes out to be $8,000 in transaction charges, over night.

Next, it is a good idea to choose a trusted merchant service provider that has tools to help limit your exposure to cyber-attacks. Let’s face it, more online business means more online criminals. The most common cyber-criminals are those attempting to steal credit card numbers to then purchase items with the stolen card numbers. How can you protect against these types of attacks?

Choose a merchant service provider that offers fraud protection tools

Fraud protection tools are cheap insurance against cyber criminals. The right tools can make the difference between a successful online presence and being put out of business. Fraud attempts can be eliminated with a rules based fraud detection application that examines each transaction before it is processed. Here are some examples of the rules that can be set up.

  • If a daily, weekly or monthly number of transactions or total dollar amount is exceeded. Flag transaction for review or auto decline
  • If a user tries a credit card X number of times, flag or decline
  • If the first XXX digits of a credit card are attempted, flag or decline
  • If daily, weekly or monthly number of transactions or total dollar amount attempted from a single IP address or block of IP addresses, flag or decline
  • Ban a single IP address or blocks of IP addresses
  • Ban specific credit cards
  • Ban geographic areas

Last, make sure your customers know the effort you have made to protect them and their credit card information. By taking the appropriate steps to protect your customers you are laying the foundation for a very successful online presence.

Tags: Ecommerce, Best Practices, Fraud Protection

Merchant Account Best Practices | Simple guidelines

Posted by Alex Neir on Thu, November 29, 2012 @ 02:02 PM
Merchant Account Best Practice
Whether you are looking to start your first merchant account or you have been accepting credit cards for years, this post is intended to give you some simple and effective credit card processing guidelines. Following these simple rules will ensure you don’t experience any unnecessary headaches with your merchant account.
  1. Don’t rush into an account. The credit card processing industry has many moving parts and there are quite a few things to consider when opening an account. Give yourself enough time to do the research necessary to make a good decision. Selecting the right service provider can make the difference between a great experience and a miserable one. Make sure you understand how you intend on accepting credit cards now and in the future. There are many different account types depending on how you interact with your customers. Choosing the right account type ensures the very best rates are available to your business. Make sure you understand how interchange works. The majority of the fees paid to process credit cards come from the credit card interchange networks. Understanding how the interchange fees are calculated will help you negotiate the best deal on the account. Make sure you ask questions on items you don’t understand and develop a working relationship with a service provider before you sign up. Make sure you select a provider that has a dedicated account representative for you to work directly with.
  2. Abide by the rules. The merchant service agreement outlines the rules and regulations for the use of the account. Make sure you understand the length and term of the contract. Make sure you understand what you have been approved to sell. During the application process you indicate the products and/or services you intend to sell. The rules for a merchant account stipulate that you are only allowed to accept credit card payments for the products/services approved on the application. Selling something else with the account can lead to the account being terminated and the business placed on the MATCH list.
  3. Angry customers can hurt your business. Make sure that you respond to customer billing complaints immediately. Customers that can’t get their billing complaints resolved with the business will contact their credit card issuing bank or the credit card association and initiate a chargeback. Excessive chargebacks can also lead to the account being closed by the processor not to mention hefty fines for each occurrence. The best defense is a a good offence. Makes sure your customer service number is displayed on your customer’s credit card statement along with your business name. That way they will call you first. Make sure you answer their call and help resolve their issue.
  4. Stay within your limits. Your merchant account will have certain limits established for the high ticket amount and total monthly volume that can be processed with the account. These limits are known in the industry as soft limits. There is always a little leniency for exceeding the limits on the account but it is always a good idea to know your limits and be proactive if you intend on exceeding them. For example if you know you are going to exceed your high ticket amount with a certain sale, call in for authorization first. This demonstrates good management and will make it much easier to increase your limit amounts in the future.

Tags: Best Practices, Merchant Account Soft Limit, TMF, Merchant Account Education, Credit Card Processing