Make your website an asset to your visitors. If you are an accountant, your website should be an educational tool. Communicate tax code changes, and explain how the changes might affect them. Provide relevant content that may be of interest to your clients. Talk less about how great you are, and more about your customers’ needs. Provide hints, articles, interviews, podcasts, or even short video clips about relevant topics.

            Write articles about your expert area. If you have a dry cleaning business, you might write articles about the benefits of the earth friendly chemicals you use. You can post the articles on your website. In addition, you can encourage other website owners to post your article on their sites. In exchange, you could post an article about their services on yours. Update your website content regularly. Your customers will appreciate a website with relevant content. A stagnant website communicates neglect.

            Have a professionally designed website. Gone are the days when any website would be acceptable. If your cousin built your website, you might make him very proud but your customers will be less amused. Amateurish websites communicate a message that you are a hobbyist, and not a real business. You wouldn’t want your cousin to do your corporate taxes, or remodel your office, so don’t ask him to build your website either. The right website will require a professional company with expert designers, programmers, and Internet marketers. Your website is your business, treat it accordingly.

            Having a website with spelling errors, bad images, and poor design is worse than having no website at all. Avoid errors of all types. Encourage your customers to bring errors to your attention. Your customers can provide you with feedback as they browse your site, and you can quickly make the necessary changes.

            Clearly, explain what security measures you take to keep client information safe. If you pay for a third party security logo such as HackerSafe or ControlScan, make sure your customers understand the benefits. I would recommend ControlScan as opposed to HackerSafe because the word, Hacker” may have more of a negative effect than positive.

Online Payment Security

If you are new to online business, you best bet might be to outsource credit card processing. PayPal is the best example of outsourced credit card processing. Online vendors using this service don’t have to worry about buying or renting credit card processing machines. In addition, they don’t need to create a merchant account because PayPal is the gateway.

            More established businesses usually opt for an in-house credit card processing solution. There are two basic methods of accepting credit cards online, real time processing and deferred processing.

            Real Time Processing

The biggest advantage of real time credit card processing is that there is no delay in the buying process. The customer immediately knows if the order went through. This method is especially effective with companies selling downloadable products such as audio, video, or e-book. As soon as the credit card is authorized, the customer can download the product. The real time processing fulfills the need for instant gratification. If you are looking for automation, real time processing is for you. It requires more complex set up than deferred processing, but once it has been set up, credit cards are processed quickly, efficiently, and most importantly automatically.   

            Real time processing simplifies selling online because customers receive instant feedback. For example, if they enter an incorrect credit card number, the transaction will fail and the customer is notified instantly. Declined credit card transactions are immediately reported back to the buyer.

            Secure payment gateways are the most important components of real time processing because they provide a secure connection between your website and your merchant account. Some of the largest secure payment gateway providers are authorizeNet and VeriSign.

How does payment through a secure gateway work?

·        Your customer adds the product to the shopping cart.

·        The connection enters secure mode, as the customer is required to complete payment information. The customer’s browser encrypts the data between the web server and the customer computer.

·        The website forwards the encrypted payment information to the secure payment gateway.

·        The payment gateway forwards the encrypted payment information to the vendor’s acquiring bank account.

·        The acquiring bank forwards payment information to the customer’s bank account.

·        The customer’s bank responds to the payment request. It either approves or declines the charge.

·        The payment gateway received the response and forwards it to the vendor’s website.

·        Order completed or failed message is communicated to customer.

Please keep in mind that the above process is highly simplified version of the actual process. The entire transaction described above should take less that ten seconds.

Shared SSL vs. Standard SSL

Shared SSL
If you use your hosting company’s shared SSL, your checkout page’s URL will appear as follows:
https://secure.yourhostingcompanysdomain.com/andsomemorerandompathhere

Standard SSL
If you purchase your own SSL Certificate from a CA such as VeriSign, your checkout page’s URL will appear as follows:
https://www.yoursite.com/yourcheckoutpath

Social Engineering

Social engineering is a deceptive practice to manipulate people into revealing confidential information. Criminals have been known to trick people into disclosing personal information, passwords, credit card numbers and other sensitive information. Social engineering is one of the most dangerous crimes web surfers and online businesses face today. It is a low-tech crime, but it can hurt some of the most sophisticated companies.

Pretexting

This technique is commonly used to trick a consumer or business into divulging sensitive information. Individuals use this method to obtain phone and utility records, banking records, addresses, credit card numbers, user names and passwords, e-mail addresses, and other confidential information. Bases on the information collected, the criminal can establish an even greater authority. Many U.S. companies ask for a social security number, mailing address, phone number, mother’s maiden name, or date of birth to authenticate customers. All of which can be easily obtained.

Pretexting is frequently used to impersonate colleagues, authorities, bank, tax authorities or anyone who could have a right-to-know in the mind of the target. The pretexter is armed with prearranged answers to possible questions that the target may ask.

Voices over IP programs are popular among pretexters because they provide an easy platform for untraceable phone calls. The lack of a traceable phone number makes the pretexter less vulnerable to being caught.

It all starts with a strong password. We all have more passwords we care to have. It might sound simplistic, but strong passwords are a must for good security. Strong passwords to your web, ftp, and data servers are the easiest first step toward a secure web presence.

            What Makes A Strong Password?

• A three-character password is much weaker than a six or eight character password. A good rule of thumb is never to use password shorter than eight characters.
• In no way should you use the default password
• Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
• Include numbers and special characters
• Avoid repeated numbers, characters or sequences such as 12345678, bbbbbbbb, or 33333333
• Never use the user name, or any combination of it, as your password. Don’t use your domain name as your password either.
• Don’t use look alike substitutions like “4ufromme”, or n0t@home”
• Use the entire keyboard, and try to use the less common keys
• Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
• Never, ever use a blank password.

Examples of strong passwords are:

A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)

A word with digits of a memorable date sprinkled inside it
(e.g., vacation -> 0vac2a0t9io19ln99)

Consumers and businesses agree that security remains a primary concern in the development of e-commerce. Identity theft, stolen credit card information, credit card fraud, hackers are among the most common threats. The dangers are real. As your online business matures, you have to make a real effort to secure your web presence.

Failure to secure your web presence can result in a variety of complications such as financial loss, loss of customers, damage to your credibility, and data loss. Worst of all, it can potentially cost you your business. You have many options to build a secure online business. In the past few years, the number of security related services have grown exponentially. Arming your business with hardware and software is less expensive than you think. The challenge is to stay one step ahead of the bad guys.

Hackers, frauds, and other criminals are constantly searching for the weakest link. Keep in mind that you are not only protecting your business, but your customers. It is common for customers to arrive to websites with their computers already compromised. Your job is to ensure that the shopping experience is safe.

Fortune 500 corporations are frequently reporting security breaches. While it is alarming to read about security violations, many security breaches are never reported. The larger your business the more someone has to gain from breaking into your system. Small companies are just as vulnerable to break in, denial of service attacks, social engineering, and more.

            As a business owner you should concentrate on preventative measures as opposed to reactive measures. It may take you days or months to realize your system has been compromised. The resulting damage could have devastating effects on you and your customers. Damaging, sharing, selling user information is a real security threat.

            Equally important to providing a secure shopping experience is communicating it to your customers. If your customers don’t trust your site, all the security in the world won’t close the sale for you. Explain it load and clear throughout your website the measures you took to create a secure environment. Explain what industry standards you use to help keep their information secure.

It requires a significant time commitment, publishing a newsletter may be one of the most effective ways to keep in touch with your clients. The newsletter can help you, generate trust, develop brand awareness, produce leads, and build future business. In addition, it helps you build a list of e-mail addresses from those who visit your site but aren’t yet ready to make a purchase. Always, ask for an e-mail address and first name so you can personalize each newsletter. The key to an effective newsletter is quality not quantity. If you cannot produce enough quality content each month, release your newsletters less frequently. Provide quality and your readers will thank you for it.

Providing free information to your site visitors could lead to sales. You might have a new book for sale, and making the first chapter freely available might help you close more sales. Letting your customers try some of your product before buying reduces buying stress, and it can lead to higher conversions. If you are a consultant, you could give away free online reports.

Traditional media advertising can be a great compliment to your online advertising efforts. You can drive significant amount of traffic to your site through print advertising. Because it is so expensive constantly, monitor its effectiveness. Your online business can succeed without traditional media, but don’t write it off as an option.

  Always include your Web address in any display or classified ads you purchase in trade journals, newspapers, yellow pages, etc. View your website as an information accessory to your print ads. Refer readers to your website and let it close the sale for you. You have a limited space in print advertising, so use it to drive traffic to your site. Once in your site you will have an opportunity to provide detailed information about the benefits of your product.

It is obvious but sometimes overlooked. Be sure that all reprints of cards, stationery, catalogs, brochures, and literature contain your company’s web address. Always double check that the syntax for your website address is correct.

Issue Press Releases

Announce newsworthy events to the world though press releases. Unlike articles, press releases should be about your business. The key to effective press releases is to create a sense of excitement. If you have a boring press release, nobody will read it. Use stimulating language. Similarly to articles and press releases will result in links pointing to your website.

The links to your site in online news databases may remain for years and have significant weight with link popularity. Don’t bother stuffing your press release with insignificant content. Make sure you offer newsworthy information. There are several reputable press release services available to you.  One of them is PR Web. PR Web can help you to distribute your press release to a wide audience. Placing your website URL in online copies of your press release showed increase your site’s link popularity.