The short answer is Yes. You should always display your address on your site for several reasons. Most importantly you should show it to build credibility with your site visitors. It also helps your customers find your place of business.

If you do not have a physical address, and you need to use a PO Box address. The best way to handle a PO Box address is to show the address of the post office and use your PO Box number as a suite number.

Ask for testimonials, and then post them throughout your site. You can never have too many testimonials. Include them on your homepage, on your checkout page, on your “about us,” or any page. Be proactive and ask for testimonials. After you complete a sale, e-mail your customer and ask for a testimonial. To make it easier for them, include specific questions such as “Would you recommend us to your friends?” or “What did you like the most about working with our company”? The key is to make it easy. Three four questions will give you enough feedback. In case a customer leaves a voicemail testimonial, post the audio file on your site. Invite experts to comment on your site. Getting an expert in your field to provide a positive comment about your company might give a huge boost to your credibility.

            Don’t ignore your customers. Answer your e-mails in a timely fashion. You should never leave an e-mail unanswered for longer than 24-hours. If you have a system where customers can leave voicemail messages, respond to them in a timely manner.

            Demonstrating your philanthropy is an excellent image builder. Be careful that your motives are honest; otherwise, the negative effects could be devastating. People in general appreciate charitable organizations. Making too much about your good deeds is not advisable due the fact that your prospects might regard you as arrogant.

            To build your reputation, join credible organizations such as trade associations, chambers of commerce, the Better Business Bureau, etc. Post your portfolio of clients. Ask if it’s OK to post their company logos on your site, and see if they are willing to provide a testimonial. Share your professional experience with your customers. Volunteer at community events.

            List your credentials. If you are a professional list, your college degrees, your professional experience, the awards you have earned, your professional certifications. In case you are selling a product list, awards or reviews of your company might have received.

            Credibility is something that’s earned. You might need to give before you get. If you are a web designer, you might want to give a free consultation. A software company might offer a try before you buy promotion. Because you are prepared to give before you get, your customer has an opportunity experience your company without having to make a financial commitment.

Make your website an asset to your visitors. If you are an accountant, your website should be an educational tool. Communicate tax code changes, and explain how the changes might affect them. Provide relevant content that may be of interest to your clients. Talk less about how great you are, and more about your customers’ needs. Provide hints, articles, interviews, podcasts, or even short video clips about relevant topics.

            Write articles about your expert area. If you have a dry cleaning business, you might write articles about the benefits of the earth friendly chemicals you use. You can post the articles on your website. In addition, you can encourage other website owners to post your article on their sites. In exchange, you could post an article about their services on yours. Update your website content regularly. Your customers will appreciate a website with relevant content. A stagnant website communicates neglect.

            Have a professionally designed website. Gone are the days when any website would be acceptable. If your cousin built your website, you might make him very proud but your customers will be less amused. Amateurish websites communicate a message that you are a hobbyist, and not a real business. You wouldn’t want your cousin to do your corporate taxes, or remodel your office, so don’t ask him to build your website either. The right website will require a professional company with expert designers, programmers, and Internet marketers. Your website is your business, treat it accordingly.

            Having a website with spelling errors, bad images, and poor design is worse than having no website at all. Avoid errors of all types. Encourage your customers to bring errors to your attention. Your customers can provide you with feedback as they browse your site, and you can quickly make the necessary changes.

            Clearly, explain what security measures you take to keep client information safe. If you pay for a third party security logo such as HackerSafe or ControlScan, make sure your customers understand the benefits. I would recommend ControlScan as opposed to HackerSafe because the word, Hacker” may have more of a negative effect than positive.

Deferred Processing

Deferred processing is the less expensive alternative to real time credit card processing. It is simpler to implement than real time processing, and it doesn’t require a secure gateway. The lack of a secure gateway in your payment processing system doesn’t mean that it is unsafe.  Most customers won’t know whether you have real time or deferred card processing.

            Deferred processing enables you to process credit cards manually. This processing method lacks automation. It is a slow manual process. Processing dozens of orders on a credit card terminal is mundane task. In addition to the added labor, potential for errors is high. It is easy to mistype a number that could result in a failed transaction.

            How does deferred payment processing work?

·        Customer adds product to shopping cart.

·        The connection enters secure mode, as the customer is required to complete payment information. The customer’s browser encrypts the data between the web server and the customer computer.

·        Customer will complete order and leave vendor site.

·        The vendor at a later time processes orders through credit card terminal.

·        The terminal provides feedback to vendor whether or not the transaction failed or succeeded.

International Credit Card Processing

For security and fraud protective reasons, do not accept international credit cards. Offer payment alternatives such as international money orders, or wire transfers. Accepting international cards is risky business for several reasons. Most importantly, you will not be able to perform address verification. If a foreign customer pays with a stolen credit card, you will be stuck with the bill. In addition to the charge back, the bank will charge you additional fees. To add insult to injury, you’ll have to pay a charge back fee. On top of everything, you will be stuck with the shipping charges.

International Orders

Accepting international orders can complicate your business immensely. Primarily, there is the above described payment concern. Second, shipping internationally is much more expensive than shipping within the U.S. International orders require a lot of extra work that will increase your expenses and reduce your profit margins.

Phishing is a subcategory of social engineering where attackers deceptively obtain sensitive information, such as credit card numbers, usernames, and password, by camouflaged as a trustworthy entity in an electronic communication. It is likely that you have received phishing e-mails in the recent past. Some of the most common phishing attacks involve recognized names such as PayPal, eBay, Amazon, and various banks.

            Phishing is normally carried out through e-mail. Instant messaging is another common vehicle for attacks. The key to deceiving people through phishing is to make a link in an email appear to belong to a legitimate company while the link really points to the site controlled by the criminal. A common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the phishers’ site.

Phone phishing is the same principal with a low-tech twist. Instead of e-mail, attackers use the phone to contact their victims. They might leave a message pretending to be calling from a legitimate business such as a bank or long distance provider, leaving a phone number that terminates at the phisher location.

Shared SSL vs. Standard SSL

Shared SSL
If you use your hosting company’s shared SSL, your checkout page’s URL will appear as follows:
https://secure.yourhostingcompanysdomain.com/andsomemorerandompathhere

Standard SSL
If you purchase your own SSL Certificate from a CA such as VeriSign, your checkout page’s URL will appear as follows:
https://www.yoursite.com/yourcheckoutpath

Social Engineering

Social engineering is a deceptive practice to manipulate people into revealing confidential information. Criminals have been known to trick people into disclosing personal information, passwords, credit card numbers and other sensitive information. Social engineering is one of the most dangerous crimes web surfers and online businesses face today. It is a low-tech crime, but it can hurt some of the most sophisticated companies.

Pretexting

This technique is commonly used to trick a consumer or business into divulging sensitive information. Individuals use this method to obtain phone and utility records, banking records, addresses, credit card numbers, user names and passwords, e-mail addresses, and other confidential information. Bases on the information collected, the criminal can establish an even greater authority. Many U.S. companies ask for a social security number, mailing address, phone number, mother’s maiden name, or date of birth to authenticate customers. All of which can be easily obtained.

Pretexting is frequently used to impersonate colleagues, authorities, bank, tax authorities or anyone who could have a right-to-know in the mind of the target. The pretexter is armed with prearranged answers to possible questions that the target may ask.

Voices over IP programs are popular among pretexters because they provide an easy platform for untraceable phone calls. The lack of a traceable phone number makes the pretexter less vulnerable to being caught.

Encryption

All data exchange between your website and your website visitors must be encrypted. Encryption is the technology that scrambles data before transmission. It ensures that only authorized parties can read the data. Encryption is what keeps credit card numbers, addresses, social security numbers, and other sensitive information secure during online transactions. Be sure that you explain your customers about encryption. The checkout page is a great place to include brief information about what encryption technology your site uses. The key here is not to scare your customers with too much information, but to explain the security measures your company takes to provide a same shopping experience.

            California passed a law in 2003 requiring businesses to notify consumers in the state if their unencrypted data have been compromised. Several other states have passed similar laws. Several major credit card companies such as Visa and MasterCard require businesses operating online to verify that they have taken a number of steps, including encryption, to protect customers who use credit cards.

SSL (Secure Socket Layer)

You need SSL is you have an online store and accept credit cards. Anytime sensitive data is transmitted between your website and your customer’s computer, you are using SSL. Without SSL, all data transferred would be an open book, leaving consumers vulnerable. Data sent without SSL is the equivalent of sending a letter in a see through envelop.

SSL Certificates 

Digital certificates are the lifeblood of SSL technology. SSL certificates are issued by CAs (Certificates of Authority) such as VeriSign Corporation. VeriSign digitally signs each certificate it issues. Each browser contains a list of CAs to be trusted. During the SSL handshake, the browser confirms that a trusted Certificate of Authority has issued the certificate. If the CA is not trusted, a warning will show. As browsers recognize an SSL Certificate, they display the name of the CA next to the browser bar.

Practical Example: If you are using a shared hosting account for your site. The host will provide you with a shared SSL certificate. The shared certificate should be included in your hosting fee. It is an inexpensive solution to keep your website secure.

Ideally, you would never write down your passwords, but it is becoming difficult to do with so many accounts. If you have to write them down, keep them locked in a safe or some other secure environment. Passwords on Post It notes are a recipe for disaster. Don’t do it!

            Don’t share your passwords with other, not even friends or family members. If someone has to use one of your accounts, log them in instead of sharing your password. Don’t give out your password over the phone unless you have initiated the phone call. For example, you may receive a phone call from your Internet Service Provider asking for your password. Ask for their phone number, cal them back, then give out your password. Telephone conversations are not considered secure. Neither are online chat, email, or instant messaging.

            Change your passwords regularly. A new password every 45 days is a good practice. Having the same passwords for years is a weak security practice. Set yourself reminders in your calendar. Make it a routine procedure. You’ll see that after a few months, it becomes a habit.

            Avoid typing your password on public computers. Unfortunately, many public computers have been compromised, making their users vulnerable for malicious keystroke logging scripts.

It all starts with a strong password. We all have more passwords we care to have. It might sound simplistic, but strong passwords are a must for good security. Strong passwords to your web, ftp, and data servers are the easiest first step toward a secure web presence.

            What Makes A Strong Password?

• A three-character password is much weaker than a six or eight character password. A good rule of thumb is never to use password shorter than eight characters.
• In no way should you use the default password
• Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
• Include numbers and special characters
• Avoid repeated numbers, characters or sequences such as 12345678, bbbbbbbb, or 33333333
• Never use the user name, or any combination of it, as your password. Don’t use your domain name as your password either.
• Don’t use look alike substitutions like “4ufromme”, or n0t@home”
• Use the entire keyboard, and try to use the less common keys
• Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
• Never, ever use a blank password.

Examples of strong passwords are:

A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)

A word with digits of a memorable date sprinkled inside it
(e.g., vacation -> 0vac2a0t9io19ln99)

Consumers and businesses agree that security remains a primary concern in the development of e-commerce. Identity theft, stolen credit card information, credit card fraud, hackers are among the most common threats. The dangers are real. As your online business matures, you have to make a real effort to secure your web presence.

Failure to secure your web presence can result in a variety of complications such as financial loss, loss of customers, damage to your credibility, and data loss. Worst of all, it can potentially cost you your business. You have many options to build a secure online business. In the past few years, the number of security related services have grown exponentially. Arming your business with hardware and software is less expensive than you think. The challenge is to stay one step ahead of the bad guys.

Hackers, frauds, and other criminals are constantly searching for the weakest link. Keep in mind that you are not only protecting your business, but your customers. It is common for customers to arrive to websites with their computers already compromised. Your job is to ensure that the shopping experience is safe.

Fortune 500 corporations are frequently reporting security breaches. While it is alarming to read about security violations, many security breaches are never reported. The larger your business the more someone has to gain from breaking into your system. Small companies are just as vulnerable to break in, denial of service attacks, social engineering, and more.

            As a business owner you should concentrate on preventative measures as opposed to reactive measures. It may take you days or months to realize your system has been compromised. The resulting damage could have devastating effects on you and your customers. Damaging, sharing, selling user information is a real security threat.

            Equally important to providing a secure shopping experience is communicating it to your customers. If your customers don’t trust your site, all the security in the world won’t close the sale for you. Explain it load and clear throughout your website the measures you took to create a secure environment. Explain what industry standards you use to help keep their information secure.