The short answer is Yes. You should always display your address on your site for several reasons. Most importantly you should show it to build credibility with your site visitors. It also helps your customers find your place of business.

If you do not have a physical address, and you need to use a PO Box address. The best way to handle a PO Box address is to show the address of the post office and use your PO Box number as a suite number.

Ask for testimonials, and then post them throughout your site. You can never have too many testimonials. Include them on your homepage, on your checkout page, on your “about us,” or any page. Be proactive and ask for testimonials. After you complete a sale, e-mail your customer and ask for a testimonial. To make it easier for them, include specific questions such as “Would you recommend us to your friends?” or “What did you like the most about working with our company”? The key is to make it easy. Three four questions will give you enough feedback. In case a customer leaves a voicemail testimonial, post the audio file on your site. Invite experts to comment on your site. Getting an expert in your field to provide a positive comment about your company might give a huge boost to your credibility.

            Don’t ignore your customers. Answer your e-mails in a timely fashion. You should never leave an e-mail unanswered for longer than 24-hours. If you have a system where customers can leave voicemail messages, respond to them in a timely manner.

            Demonstrating your philanthropy is an excellent image builder. Be careful that your motives are honest; otherwise, the negative effects could be devastating. People in general appreciate charitable organizations. Making too much about your good deeds is not advisable due the fact that your prospects might regard you as arrogant.

            To build your reputation, join credible organizations such as trade associations, chambers of commerce, the Better Business Bureau, etc. Post your portfolio of clients. Ask if it’s OK to post their company logos on your site, and see if they are willing to provide a testimonial. Share your professional experience with your customers. Volunteer at community events.

            List your credentials. If you are a professional list, your college degrees, your professional experience, the awards you have earned, your professional certifications. In case you are selling a product list, awards or reviews of your company might have received.

            Credibility is something that’s earned. You might need to give before you get. If you are a web designer, you might want to give a free consultation. A software company might offer a try before you buy promotion. Because you are prepared to give before you get, your customer has an opportunity experience your company without having to make a financial commitment.

Make your website an asset to your visitors. If you are an accountant, your website should be an educational tool. Communicate tax code changes, and explain how the changes might affect them. Provide relevant content that may be of interest to your clients. Talk less about how great you are, and more about your customers’ needs. Provide hints, articles, interviews, podcasts, or even short video clips about relevant topics.

            Write articles about your expert area. If you have a dry cleaning business, you might write articles about the benefits of the earth friendly chemicals you use. You can post the articles on your website. In addition, you can encourage other website owners to post your article on their sites. In exchange, you could post an article about their services on yours. Update your website content regularly. Your customers will appreciate a website with relevant content. A stagnant website communicates neglect.

            Have a professionally designed website. Gone are the days when any website would be acceptable. If your cousin built your website, you might make him very proud but your customers will be less amused. Amateurish websites communicate a message that you are a hobbyist, and not a real business. You wouldn’t want your cousin to do your corporate taxes, or remodel your office, so don’t ask him to build your website either. The right website will require a professional company with expert designers, programmers, and Internet marketers. Your website is your business, treat it accordingly.

            Having a website with spelling errors, bad images, and poor design is worse than having no website at all. Avoid errors of all types. Encourage your customers to bring errors to your attention. Your customers can provide you with feedback as they browse your site, and you can quickly make the necessary changes.

            Clearly, explain what security measures you take to keep client information safe. If you pay for a third party security logo such as HackerSafe or ControlScan, make sure your customers understand the benefits. I would recommend ControlScan as opposed to HackerSafe because the word, Hacker” may have more of a negative effect than positive.

Credibility is critical in order to convert website visitors into clients or customers. Consequently, website credibility is a requirement for a successful web presence. If you are a fortune 500 company building your website, you don’t have to worry about establishing credibility. You have an established brand name, most likely recognized worldwide. Unfortunately, the rest of us will have to work hard to establish credibility online.

            In the process of building a successful online business, you have to establish credibility. Take steps to establish your site as a credible business. Credibility does not guarantee sales, but, without a doubt, it will improve your sales conversion. As you consider your strategy for building credibility, think of the companies you consider credible. Think of the characteristics that make them credible. Is it their, customer service, product, quality of service, image in the community, philanthropy?

Make your site personable. Post pictures of real people. Don’t use stock photos of models. Your clients want to see the people behind your business. On your “About Us” page, take a picture of your team members and provide a brief description of their job descriptions. Posting the pictures will have a positive impact on your customers. In addition, your team will have a growing self-respect.

            Make your contact information highly visible. Don’t hide your phone number if you want your customers to call. If your business is unable to support phone calls, don’t list your number. Instead, implement an easy to use “Contact Us” form. Your physical address should be listed on your site. If you are a home-based business and you don’t feel comfortable listing your address, get a PO Box. It is an inexpensive solution. Real businesses have real addresses.

            Do not use auto responders. Ten years ago, when people were receiving ten percent of the e-mail they are receiving today, it would have been a great idea. Today, auto responders are the sign of amateurs. With a few exceptions, you should not use them. Don’t ever send an auto responder to an e-mail. Your customers don’t care that you have received their e-mail. They want an answer to their query, and if your response doesn’t include the answer, you have no business sending the e-mail.

Deferred Processing

Deferred processing is the less expensive alternative to real time credit card processing. It is simpler to implement than real time processing, and it doesn’t require a secure gateway. The lack of a secure gateway in your payment processing system doesn’t mean that it is unsafe.  Most customers won’t know whether you have real time or deferred card processing.

            Deferred processing enables you to process credit cards manually. This processing method lacks automation. It is a slow manual process. Processing dozens of orders on a credit card terminal is mundane task. In addition to the added labor, potential for errors is high. It is easy to mistype a number that could result in a failed transaction.

            How does deferred payment processing work?

·        Customer adds product to shopping cart.

·        The connection enters secure mode, as the customer is required to complete payment information. The customer’s browser encrypts the data between the web server and the customer computer.

·        Customer will complete order and leave vendor site.

·        The vendor at a later time processes orders through credit card terminal.

·        The terminal provides feedback to vendor whether or not the transaction failed or succeeded.

International Credit Card Processing

For security and fraud protective reasons, do not accept international credit cards. Offer payment alternatives such as international money orders, or wire transfers. Accepting international cards is risky business for several reasons. Most importantly, you will not be able to perform address verification. If a foreign customer pays with a stolen credit card, you will be stuck with the bill. In addition to the charge back, the bank will charge you additional fees. To add insult to injury, you’ll have to pay a charge back fee. On top of everything, you will be stuck with the shipping charges.

International Orders

Accepting international orders can complicate your business immensely. Primarily, there is the above described payment concern. Second, shipping internationally is much more expensive than shipping within the U.S. International orders require a lot of extra work that will increase your expenses and reduce your profit margins.

Online Payment Security

If you are new to online business, you best bet might be to outsource credit card processing. PayPal is the best example of outsourced credit card processing. Online vendors using this service don’t have to worry about buying or renting credit card processing machines. In addition, they don’t need to create a merchant account because PayPal is the gateway.

            More established businesses usually opt for an in-house credit card processing solution. There are two basic methods of accepting credit cards online, real time processing and deferred processing.

            Real Time Processing

The biggest advantage of real time credit card processing is that there is no delay in the buying process. The customer immediately knows if the order went through. This method is especially effective with companies selling downloadable products such as audio, video, or e-book. As soon as the credit card is authorized, the customer can download the product. The real time processing fulfills the need for instant gratification. If you are looking for automation, real time processing is for you. It requires more complex set up than deferred processing, but once it has been set up, credit cards are processed quickly, efficiently, and most importantly automatically.   

            Real time processing simplifies selling online because customers receive instant feedback. For example, if they enter an incorrect credit card number, the transaction will fail and the customer is notified instantly. Declined credit card transactions are immediately reported back to the buyer.

            Secure payment gateways are the most important components of real time processing because they provide a secure connection between your website and your merchant account. Some of the largest secure payment gateway providers are authorizeNet and VeriSign.

How does payment through a secure gateway work?

·        Your customer adds the product to the shopping cart.

·        The connection enters secure mode, as the customer is required to complete payment information. The customer’s browser encrypts the data between the web server and the customer computer.

·        The website forwards the encrypted payment information to the secure payment gateway.

·        The payment gateway forwards the encrypted payment information to the vendor’s acquiring bank account.

·        The acquiring bank forwards payment information to the customer’s bank account.

·        The customer’s bank responds to the payment request. It either approves or declines the charge.

·        The payment gateway received the response and forwards it to the vendor’s website.

·        Order completed or failed message is communicated to customer.

Please keep in mind that the above process is highly simplified version of the actual process. The entire transaction described above should take less that ten seconds.

Shared SSL vs. Standard SSL

Shared SSL
If you use your hosting company’s shared SSL, your checkout page’s URL will appear as follows:
https://secure.yourhostingcompanysdomain.com/andsomemorerandompathhere

Standard SSL
If you purchase your own SSL Certificate from a CA such as VeriSign, your checkout page’s URL will appear as follows:
https://www.yoursite.com/yourcheckoutpath

Social Engineering

Social engineering is a deceptive practice to manipulate people into revealing confidential information. Criminals have been known to trick people into disclosing personal information, passwords, credit card numbers and other sensitive information. Social engineering is one of the most dangerous crimes web surfers and online businesses face today. It is a low-tech crime, but it can hurt some of the most sophisticated companies.

Pretexting

This technique is commonly used to trick a consumer or business into divulging sensitive information. Individuals use this method to obtain phone and utility records, banking records, addresses, credit card numbers, user names and passwords, e-mail addresses, and other confidential information. Bases on the information collected, the criminal can establish an even greater authority. Many U.S. companies ask for a social security number, mailing address, phone number, mother’s maiden name, or date of birth to authenticate customers. All of which can be easily obtained.

Pretexting is frequently used to impersonate colleagues, authorities, bank, tax authorities or anyone who could have a right-to-know in the mind of the target. The pretexter is armed with prearranged answers to possible questions that the target may ask.

Voices over IP programs are popular among pretexters because they provide an easy platform for untraceable phone calls. The lack of a traceable phone number makes the pretexter less vulnerable to being caught.

Encryption

All data exchange between your website and your website visitors must be encrypted. Encryption is the technology that scrambles data before transmission. It ensures that only authorized parties can read the data. Encryption is what keeps credit card numbers, addresses, social security numbers, and other sensitive information secure during online transactions. Be sure that you explain your customers about encryption. The checkout page is a great place to include brief information about what encryption technology your site uses. The key here is not to scare your customers with too much information, but to explain the security measures your company takes to provide a same shopping experience.

            California passed a law in 2003 requiring businesses to notify consumers in the state if their unencrypted data have been compromised. Several other states have passed similar laws. Several major credit card companies such as Visa and MasterCard require businesses operating online to verify that they have taken a number of steps, including encryption, to protect customers who use credit cards.

SSL (Secure Socket Layer)

You need SSL is you have an online store and accept credit cards. Anytime sensitive data is transmitted between your website and your customer’s computer, you are using SSL. Without SSL, all data transferred would be an open book, leaving consumers vulnerable. Data sent without SSL is the equivalent of sending a letter in a see through envelop.

SSL Certificates 

Digital certificates are the lifeblood of SSL technology. SSL certificates are issued by CAs (Certificates of Authority) such as VeriSign Corporation. VeriSign digitally signs each certificate it issues. Each browser contains a list of CAs to be trusted. During the SSL handshake, the browser confirms that a trusted Certificate of Authority has issued the certificate. If the CA is not trusted, a warning will show. As browsers recognize an SSL Certificate, they display the name of the CA next to the browser bar.

Practical Example: If you are using a shared hosting account for your site. The host will provide you with a shared SSL certificate. The shared certificate should be included in your hosting fee. It is an inexpensive solution to keep your website secure.

Ideally, you would never write down your passwords, but it is becoming difficult to do with so many accounts. If you have to write them down, keep them locked in a safe or some other secure environment. Passwords on Post It notes are a recipe for disaster. Don’t do it!

            Don’t share your passwords with other, not even friends or family members. If someone has to use one of your accounts, log them in instead of sharing your password. Don’t give out your password over the phone unless you have initiated the phone call. For example, you may receive a phone call from your Internet Service Provider asking for your password. Ask for their phone number, cal them back, then give out your password. Telephone conversations are not considered secure. Neither are online chat, email, or instant messaging.

            Change your passwords regularly. A new password every 45 days is a good practice. Having the same passwords for years is a weak security practice. Set yourself reminders in your calendar. Make it a routine procedure. You’ll see that after a few months, it becomes a habit.

            Avoid typing your password on public computers. Unfortunately, many public computers have been compromised, making their users vulnerable for malicious keystroke logging scripts.

It all starts with a strong password. We all have more passwords we care to have. It might sound simplistic, but strong passwords are a must for good security. Strong passwords to your web, ftp, and data servers are the easiest first step toward a secure web presence.

            What Makes A Strong Password?

• A three-character password is much weaker than a six or eight character password. A good rule of thumb is never to use password shorter than eight characters.
• In no way should you use the default password
• Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
• Include numbers and special characters
• Avoid repeated numbers, characters or sequences such as 12345678, bbbbbbbb, or 33333333
• Never use the user name, or any combination of it, as your password. Don’t use your domain name as your password either.
• Don’t use look alike substitutions like “4ufromme”, or n0t@home”
• Use the entire keyboard, and try to use the less common keys
• Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
• Never, ever use a blank password.

Examples of strong passwords are:

A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)

A word with digits of a memorable date sprinkled inside it
(e.g., vacation -> 0vac2a0t9io19ln99)