Forrester Research, an independent technology and market research company that provides advice about technology’s impact on business and consumers, recently released estimates on ecommerce growth over the next four years. As we see and read about traditional sales dropping all across the nation, ecommerce will continue to grab the lost market share. Forrester said, “When we asked where consumers would shift their retail dollars, the channels with the greatest shifts were the mass merchants, warehouse clubs, and web retailers.”

There are still some advantages to retail shopping, such as many people like the ability to see and touch what they are buying. However, that will not stop online sales from reaching as high as $176.9 Billion in 2010. Amazon.com and eBay have significantly discounted their merchandise over the past year to compete with retail stores. The National Retail Foundation forecasts that traditional retail sales will drop .5% in 2009.

Continue reading "Ecommerce Sales Grow as Retail Stores Shrink"

Every day more businesses are going out of business and layoffs continue to plague the nation. The traditional brick-and mortar merchant may slowly become a thing of the past. Many are trying their hand at home based businesses and internet ventures. Over the past year we have seen a significant rise in companies like mortgage restructuring, debt consolidation, and various classified offerings online. Although these types of businesses are lucrative, they come with great risk to their owners and the acquirers that take on the challenge of processing credit cards for them.

Most may think that banks are not taking on these types of credit card accounts because of the financial state of our banks. There is a big difference between the acquiring side of banking and the issuing side. In fact the acquiring side that handles credit card processing in the banking industry seems to be the only piece still making money and I predict they will continue to generate revenue. There are acquirers out there that are designed to specifically cater to high risk types of online businesses and have flourished in these industries. To make sure your new venture does not turn out to be a big loss, it is important to look for more than just a card processor to partner with.

Some important items to look for when starting a high risk business online:

Continue reading "Does High Risk Mean Big Opportunity or More Losses?"

The Payment Card Industry Security Standards Council is always creating new and effective versions of PCI DSS. The most recent of such compliance standards is version 1.2 which has 12 requirements for enhancing payment account security. These requirements are designed to address a broad range of data security, from software design to policies and procedures. Version 1.2 is not intended to change the existing DSS, but only to provide added security in a time when many feel it is most needed.

There are two notable changes, one requires that off-site data storage locations be visited and validated as compliant with PCI DSS. The other imposes a sunset date on wired equivalency privacy (WEP) use. For those of us who don’t speak techie, WEP is a software application intended to protect data as it travels across wireless networks. In previous posts, I have talked about WEP having to be upgraded by June 30^th, 2010 to Wi-Fi protected access (WPA).

Here are the 12 core requirements as outlined by the card associations:

Continue reading "The Payment Card Industry Security Standard Dozen"

Password security is important and knowing the different types of identity theft is great, but what are the best ways to prevent identity theft? Many believe that PCI compliance does not affect them because they are not a payment processor or don’t run a gateway. This is a common mistake and can cost online businesses a lot of money. This doesn’t mean you need to be paranoid about being a company that is going to be the victim of identity theft. Use common sense and ask yourself if strangers are able to access your personal information.

Here are some tips to help prevent identity theft:

Continue reading "Online Network Security Must Haves – Part 3"

Part one of this series talked about identity thieves wanting your password, and we discussed ways to protect against having your passwords compromised. Securing your password seems to be only 25 percent of the battle these days. Many network security breaches, like the Heartland Breach, occurred from within. So it is important to be PCI Compliant internally and know who is working for you.

I wish there were a specific set of characteristics I could post to detect an identity thief, but unfortunately they are as broad as the criminal population itself.  I like to divide attacks by criminals into two categories: internal attacks and external attacks.

Internal attacks are usually traced back to disgruntled, dishonest, and/or careless employees. Some common characteristics of an internal attack are:

Continue reading "Online & Network Security Must Haves – Part 2"

The word “hacker” is often associated with the terms crime and fraud. However, hackers can be a good defense against online fraud, such as the “white hat” hackers that work to prevent fraud and fight identity theft. Unfortunately, white hat hackers aren’t as common as criminal hackers. 

It is important to first understand what different types of identity theft occur, and then you can find out how to get protection.

The easiest item for a criminal or hacker to obtain is your password. Some common mistakes made when setting up passwords is using names of kids, birthdates, or hometowns. Spelling your child’s name backwards is another frequent mistake. I have even seen people write their passwords on a sticky note, in a notebook or in your PDA. Do not give office assistants your passwords. Remember passwords are used in more than 90 percent of all online network security practices. People use passwords for online banking, shopping, stock trading, and network logons. It is imperative to create a strong password. 

Continue reading "Online & Network Security Must Haves – Part 1"