Category Archives: Website Security

Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and the site it hosts present your most serious sources of security risk.

{Video} Cyber Squatting – What is it and what to do about it!

Ever heard of cyber squatting?

In this month’s video installment, Dave McEvoy explores the lucrative world of cyber squatting, which can and has proved costly for many small business in Ireland.

Cyber Squatting is the term given to the purchasing of a domain name with the sole purpose of reselling it to an individual or business who really want it, or really need it at a higher price. For most business domain names can be purchased for up to €50 however, if a cyber squatter purchases a domain name ahead of you, they tend to command thousands in order to turn over ownership of the name itself.

Check out the video below to learn how to avoid paying exorbitant prices for a domain name

Choosing the right payment partner for your website

According to research carried out by RBR Online Card payments increased by 28% in 2016 and is set to increase by 100% by 2022

More on that here: https://www.rbrlondon.com/wp-content/uploads/2018/02/GC22_Press_Release_280218.pdf

Traditionally online payment was only considered by ecommerce operators, but more and more business owners are providing simple online payment options for their customers. Customers now expect to be able to pay online for everything from utility bills to automobiles. It has become a norm. More importantly in a world where consumers demand choice, they now expect to pay with their preferred method.

If you have payment options on your website or are thinking about offering them then you will be looking to partner with payment processors. This blog gives you a little insight into the types of processors as well as some pros and cons for each.

Let’s talk about the two broad categories for payment processors:

Dependant processors

Dependant processors are providers that require a separate Merchant bank account to receive funds from credit card transactions. This is separate to your standard business bank account.

All major banks provide merchant account services. Setting up a merchant bank account can be time consuming and the bank will apply its own charges over and above the payment processor charges. Typically, they will charge between 1-2% commission on your transactions and may have a minimum administration fee if your transaction volume is low. These additional charges should be factored in when selecting a provider.

Dependant processors will also apply standard monthly fees for processing. Normally starting around €25 per month (as at August 2018) This covers you for a set volume of transactions with additional costs for transactions over the limit.

Two of the more popular processors are Global Payments (formerly Realex) & Sage Pay Both have very high standards of customer support and have a proven track record for stability in card processing.

If your business happens to use Sage accounting software Sage Pay offers options for automatically integrating with your accounts.

If you are selecting this type payment processor then you should be aware of the tendency for many of these to be white label version of other processors. This won’t impact on the day to day management but if technical issues arise during the website integration it can cause delays as you do not have direct access to the processor technicians.

Aggregated processors

Aggregated processors provide both payment processing and merchant services. They do not need a separate account. This makes it a lot easier for start up business to manage. Their charging is usually commission based and can range from 3-5% based on volume. The aggregated providers tend to be web based with low levels of human contact for troubleshooting. The logic being that their system is so easy you don’t need hand holding.

Two of the more popular aggregated providers are PayPal or more recently Stripe. With both providers you are required to provide the normal personal information for creating a bank account (proof of identity, etc.)

PayPal has a distinct advantage of both processing transactions and giving you the ability to pay out with the same account either from funds received or via linked credit cards. Speaking of linked cards lets have a quick chat about digital wallets.

A quick note on Apple Pay & Google

You can be forgiven for thinking that these providers fit into the categories above, however they offer a digital wallet facility for storing your real-world card details rather than a payment processor. Your card details are secured, and transaction details passed to the vendors processor. While you should offer the ability to your website visitors to pay using these methods you will still need a valid processor to link these to.

Watch out for charge back

For any real-world retailer the concept of chargeback may be all too familiar but if credit card management is new to you then you need to watch out for this. All payment processors and card vendors insure the card holder against fraud. This gives them the ability to dispute any card transaction within a six-month period. Online purchases are particularly susceptible to this as it can be very difficult to prove the card owner was the recipient of the goods. In short if a customer disputes, they can order the payment processor or merchant bank to withdraw funds from your account for the customer disputing the payment. There is very little come back for the retailer in this scenario and they are rarely able to recover funds. Unless…

3D Secure

This is a scheme offered by most merchant bank accounts (not aggregated payment options) that allows the retailer to shift the liability for the charge backs from themselves to their bank. I have seen this save tens of thousands for online retailers and it is seriously worth considering. The down side is to qualify for 3D secure your checkout needs to allow your payment processor to bring your customer through additional security checks. This can have a big impact on your conversion rate and you need to weigh up pros and cons carefully.

The short version

Hopefully the breakdown above will illuminate which option is right for you but if you are the type to skip to the end of the book let me give you a very quick summary.

Aggregated payment processors (like Stripe) are great for beginners or start-ups. Fast and cheap to get going. They get more expensive as you grow.

Dependent processors (like Realex) are more expensive but for large volumes of transactions they work out more competitive. They also offer greater fraud protection. If you have built a regular volume of orders on your site then dependent processor is the option for you.

{Video} What is Cyber Squatting and how to avoid it

Have you ever heard of Cyber Squatting?

We’re going to guess the term cyber squatting is relatively new to you, but the practice of cyber squatting has been around for many years and the victims of such practice are far and wide. To learn more about Cyber Squatting and to save your business from paying exorbitant sums for a relatively cheap domain name watch the video below where Dave McEvoy sheds some light on the practice. And more importantly how to avoid it.

3 Important things your small business needs to know about GDPR

There is a growing buzz in the business community about the upcoming General Data Protection Regulation (GDPR) and what it will mean for small business. In this blog we are boiling things down to basic principals.

We are not going to cover every single aspect of GDPR, but we will give you a breakdown on the three most important aspects of the General Data Protection Regulation for your business.

Let’s start with a brief definition and deadline.

What: The General Data Protection Regulation is a change in EU legislation governing the way we manage personal information of our customers.

When: It was actually agreed and adopted by all member states in April 2017 but more importantly it is scheduled to come into enforcement on May 25th 2018. This is the point where compliance becomes mandatory and fines can be applied to companies or persons found in breach.

The 3 most important things for you to know are:

Communication

As a business you will be required to tell your customers what information (data) you are collecting about them. You will have to inform clients what you are going to do with that data and how long you are going to hold onto the information.

It is a good idea to carry out an audit of the data which you currently hold on your customers and update your practices to match the new guidelines.

Generally speaking, terms of business, terms and conditions of sale and, most importantly, your privacy policy documents must be updated to fall inline with the new regulations. In particular, you should pay attention to which third party services you share your customers data with.

Consent

Customers must now give specific consent to the use of their data. You can no longer collect it for one purpose and use it for another without express permission.

If you operate an online store or website that collects personal information you may well use the, all-too-familiar, tick-box, “Add me to your mailing list”. Most websites have this box ticked by default. From May onward this is no longer acceptable. Customers must give consent by actions rather than inaction. They must tick the box themselves. This will force you as a business to create better incentives for your customers to join your marketing efforts.

Another consequence of this regulation is that all existing data must be brought in line with the regulations. If you all ready have a mailing list you must have specific consent for each person on the list. Many larger companies are already running re-commitment campaigns to get their lists up to scratch. This type of campaign can decimate the volume of emails addresses or mobile numbers you can communicate with, so it is important to plan carefully, we can help with this.

You can expect to see a growing number of these Re-Commitment campaigns as the deadline for compliance approaches, so best not leave it too late.

Control

Your customers will have much greater control of how you handle their information. They have the right to be forgotten, and If they ask you to destroy information you hold on them, you will need to comply with that request within a 30-day period.

They have the right to access, you have to be able to show the information you hold on them within a 30-day period.

You must also make the data you have on that customer portable and if they want to move to an alternate provider you have to facilitate that.

To recap, you have to communicate in a transparent fashion with your customers. Your customers must give you specific consent and they have much greater control of the data you hold.

For more details or pop over to the data protection commissioners own website gdprandyou.ie/ for the whole story or if you want help in getting your marketing efforts in line then just get in touch

SSL Certificate –Why your website needs one

Want to make your website secure but not really sure how to go about it? This blog will help you answer some of your questions regarding your websites security.

Why do I need a SSL certificate?

Typically, information sent between a browser and a web server is sent as plain text, which can leave you vulnerable to hackers. SSL certificates utilise a public and a private key, which work together to establish an encrypted connection.

This certificate does a couple of things.

One, it enables your site to communicate with users using encrypted, non-corruptible data.

Two, the certificate also acts as a stamp of approval from a trusted party that says your site is legitimate and secure to use.

Three, HTTPS sites also load faster. In a test on HTTP vs HTTPS.com, the unsecure version of the page loads slower than HTTPS – try the test on your own device and see it for yourself. Fast loading time is also discussed here as part of upgrading your website blog.

Back in 2014, Google tried to persuade webmasters to make the switch to HTTPS and made the secure protocol a stronger ranking signal as motivation. Google flat-out said they would start giving preference to sites with an SSL. Since that time, encrypted sites have earned a boost in rankings over their unsecured counterparts.

What is a SSL certificate?

Let’s start with the basics, SSL stands for Secure Sockets Layer, this is a security method which allows data to be transferred over a server securely. SSL certificates help to protect the transfer of private information such as payment or bank details, usernames, passwords and more. A website is secure if the URL begins with HTTPS, and it is important to note that it will also display that it is secure.

An SSL Certificate contains the company’s domain name, company name, company address, and the country of origin, for the website. It also contains the expiration date of the Certificate and the name of the Certification Authority responsible for issuing the Certificate. The certificate also includes the public key of the server which is used for the encryption of data. It is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private.

What is HTTPS?

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are protocols, or languages, for passing information between web servers and clients. All you need to know is that HTTPS is a secure connection, whereas HTTP is unsecure. With a standard HTTP unsecure connection, it is possible for unauthorized parties to observe the conversation between your device and the site.

So, what will happen if I don’t have one?

Historically, Google Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017, they began marking HTTP pages that collect passwords or credit card details as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure. Recent figures from Google now indicate that over 50% of all websites are now secure.

Google has stated in their blog that in future releases, they will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode. Eventually, they will label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS. As shown here:

Your SSL cert will need to be updated yearly to avoid things like this happening:

OK, so how do I get a SSL certificate?

With prices starting from €100, contact our team at Dmac media and we will be happy to assist you in setting up your SSL certificate and leading you on your way to secure happy browsing.