Web Site Owners, If Selling Online, You MUST Be PCI Compliant
By jdoepro | February 4, 2010
If you’re an online marketer and accept credit cards, should you care about PCI DSS?
YES. You’re responsible for fulfilling the requirements, EVEN if you’re a small business that processes few transactions. Penalties can be huge if you’re not in compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements created to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Regardless of the number of transactions you do, or your company size, if any customer ever pays you directly using a credit or debit card, whether by phone or online, the PCI DSS requirements apply.
WHAT DO YOU DO?
Check with your merchant account provider, if they’ve not already contacted you. You’ll need to fill out a Self-Assessment Questionnaire. After completing the form, they’ll advise you whether you need to take security scans of your computer system or not.
If you do not store your customer’s information, be sure to confirm this in the Privacy Policy/terms and conditions statement on your web site.
Topics: Legal, Reference/Resources, Uncategorized, e-commerce | No Comments »
Website Repair-What to Expect
By jdoepro | January 28, 2010
I’ve been comparing companies on the web that do web site repair. One stood out because they advertise an emergency web site restore service for $479. They claim:
Restoration of Crashed Websites
Restoring Hacked Websites
Fixing Security Breaches
Restoration of Functionality
Broken Shopping Carts
For only $479? I’m thinking they must first have a copy of your initial working site, because its impossible to guarantee a fully fixed site without finding out what’s broken first, and that takes time. You can spend hours sifting through pages looking for errors. Programmers will tell you that most of their work is figuring out where everything is; it’s even more difficult without any documentation from the original site designer.
Then I read the small print:
NOTE: . . will only restore your site to its prior state and functionality, any site improvements will be considered new work and billed accordingly.
Well, there you go. They’re simply asking your host to revert back to a previous working version of your site, if there is one. This you can do yourself. Many hosts will restore your site from a previous date for no charge, and they can help to identify any security breaches.
There are plenty of web site repair firms, especially offshore, that promise repairs and maintenance at a cheap price. If it’s a hobby or personal site, go for it.
You also get what you pay for. For a business or e-commerce site that will be your company’s presence for the long-term, it’s ideal to establish a relationship with a reputable web support person or company. There are several firms to be found (I like to think we’re one); and I’ve worked with a few myself.
When hiring someone to repair or update your site, 3 things to expect
1. A diagnostic fee (usually). Like any service industry, for the repairman to give an estimate, he first needs to make a house call, and that generally involves a service fee. It does take time to look over your system. Although, if it’s a very simple, obvious repair, the webmaster may let you slide on this.
Besides, I’d rather pay a smaller charge for an analysis than risk say, $479 on a “maybe we can fix it” type of service. At the very least you can take that diagnosis and shop around for other webmasters.
2. Allow access to your server. They really do need it to give a fair analysis. If you’re worried about security, change your passwords ahead of time and again AFTER they’ve looked at your files. You might also ask your host to do a back up of your site first, as a precaution.
I once mistakenly worked for a client who wouldn’t allow me to log into the site server. Understandably, he was worried about security, but after repairing the files (which he had e-mailed), he insisted on uploading them himself. Yikes. Naturally, things did not behave the same online as they did offline. There can be many reasons for that. For example, if:
- the files were saved incorrectly to begin with
- the files were uploaded in ascii rather than binary mode
- the permissions were not set correctly
- files were placed into the wrong folders
- the host didn’t support the coding language
At any rate, we couldn’t test online and guarantee the result, so he went away disappointed.
There has to be a certain level of trust between your webmaster and yourself.
3. Communicating by e-mail. It’s not the only way, but since webmaster tasks are done online, most of the communication is done digitally, too. Webmasters prefer to receive instructions in written form, so they can be sure of your requirements (some will ONLY communicate this way).
However, if you’re a customer who really needs to explain your requests face-to-face or by phone, be sure your web person understands and can accommodate that. Check to see if they have an online chat system, too, which is another way to quickly send your messages.
Topics: Reference/Resources, Site design/usability, Uncategorized | 1 Comment »
Free Legal Documents
By jdoepro | December 21, 2009
This site offers free legal forms. While you might still need to consult a professional for certain issues, this may be a good starting point in developing your own legal contracts or agreements.
Topics: Legal, Reference/Resources, free | No Comments »
« Previous Entries Next Entries »