Thursday, September 8, 11
|
|
- Claribel Chambers
- 8 years ago
- Views:
Transcription
1
2 Jonathan Davis, Ingenesis
3 E-commerce & WordPress: Navigating the Minefield Jonathan Davis, Ingenesis
4
5 $165.4 total e-commerce sales in 2010
6
7 merchant accounts payment gateways fulfillment systems e-commerce is hard! PCI compliance Security SEO SSL certificates shopping carts
8
9
10 Navigating the Minefield
11 Navigating the Minefield Offsite/Onsite payments
12 Navigating the Minefield Offsite/Onsite easy payments not so much!
13 Navigating the Minefield Offsite/Onsite easy payments not so much! Processing payments with gateways
14 Navigating the Minefield Offsite/Onsite easy payments not so much! Processing payments with gateways Merchant Account shopping tips
15 Navigating the Minefield Offsite/Onsite easy payments not so much! Encryption certificate buyers guide Processing payments with gateways Merchant Account shopping tips
16 Navigating the Minefield Offsite/Onsite easy payments not so much! Processing payments with gateways Encryption certificate buyers guide PCI Compliance Merchant Account shopping tips
17 Navigating the Minefield Offsite/Onsite easy payments not so much! Processing payments with gateways Merchant Account shopping tips Encryption certificate buyers guide PCI Compliance Security Tips for Ecommerce on WordPress
18
19 Onsite or Offsite?
20 Onsite or Offsite? Offsite Payments
21 Onsite or Offsite? Offsite Payments Extra checkout steps
22 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing
23 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate
24 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required
25 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required Examples: PayPal Standard or Google Checkout
26 Onsite or Offsite? Offsite Payments Onsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required Examples: PayPal Standard or Google Checkout
27 Onsite or Offsite? Offsite Payments Extra checkout steps Onsite Payments Extra setup steps Can be more confusing No SSL certificate No PCI-compliance certification required Examples: PayPal Standard or Google Checkout
28 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate Onsite Payments Extra setup steps Seamless (easy) checkout experience No PCI-compliance certification required Examples: PayPal Standard or Google Checkout
29 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required Onsite Payments Extra setup steps Seamless (easy) checkout experience Website requires SSL certificate Examples: PayPal Standard or Google Checkout
30 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required Examples: PayPal Standard or Google Checkout Onsite Payments Extra setup steps Seamless (easy) checkout experience Website requires SSL certificate Merchant required to certify PCI compliance
31 Onsite or Offsite? Offsite Payments Extra checkout steps Can be more confusing No SSL certificate No PCI-compliance certification required Examples: PayPal Standard or Google Checkout Onsite Payments Extra setup steps Seamless (easy) checkout experience Website requires SSL certificate Merchant required to certify PCI compliance Requires a Merchant
32
33 payment gateway
34 payment gateway a service to process payments online
35 payment gateway a service to process payments online it s a kind of PoS
36
37
38 PayPal Standard Customer leaves the website to enter payment details and does not return to the site. No setup work.
39 PayPal Standard Customer leaves the website to enter payment details and does not return to the site. No setup work. Express Checkout Customer jumps to PayPal to enter payment details, returns to complete the
40
41 Payment Gateway Providers
42
43 Credit Card Payments
44 Credit Card Payments Customer
45 Credit Card Payments Customer
46 Credit Card Payments Secure Web Server order Customer
47 Credit Card Payments authorize & capture or de r Secure Web Server Customer Payment Gateway
48 Credit Card Payments authorize & capture Customer Payment Gateway rm nfi co or de r Secure Web Server Banks
49 Credit Card Payments Secure Web Server authorize & capture e re sp on s or de r s on sp re rm nfi co response Payment Gateway e Customer Banks
50 Credit Card Payments Secure Web Server authorize & capture Payment Gateway re sp on s s on sp re or de r e rm nfi co response e Customer Merchant Banks s d n u f d e r r e f s n a tr
51
52 merchant account
53 merchant account a special type of bank account for accepting payments from debit or credit cards (payment cards)
54 merchant account a special type of bank account for accepting payments from debit or credit cards (payment cards) an agreement between the merchant, the bank and payment processor
55
56 Merchant Accounts Costs
57 Merchant Accounts Costs Discount Rates
58 Merchant Accounts Costs Discount Rates 3-Tiered pricing
59 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate
60 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate Mid-qualified rate
61 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate Mid-qualified rate Non-qualified rate
62 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate Mid-qualified rate Non-qualified rate
63 Merchant Accounts Costs Discount Rates 3-Tiered pricing 6-Tiered pricing Qualified Rate Mid-qualified rate Non-qualified rate
64 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate 6-Tiered pricing Interchange Plus Pricing Mid-qualified rate Non-qualified rate
65 Merchant Accounts Costs Discount Rates 3-Tiered pricing Qualified Rate Mid-qualified rate 6-Tiered pricing Interchange Plus Pricing Bill Backs Non-qualified rate
66 Merchant Accounts Costs
67 Merchant Accounts Costs Fees Authorization fee Statement fee Monthly minimum fee Batch fee Customer Service fee Annual fee Early termination fee Chargeback fee
68
69 Merchant Accounts Tips
70 Merchant Accounts Tips Some merchant account providers have their own payment gateways
71 Merchant Accounts Tips Some merchant account providers have their own payment gateways Plan time to get approval
72 Merchant Accounts Tips Some merchant account providers have their own payment gateways Plan time to get approval Find out about your monthly limits to prevent shutdowns
73 Merchant Accounts Tips Some merchant account providers have their own payment gateways Plan time to get approval Find out about your monthly limits to prevent shutdowns Find out about the reserve amount
74 Merchant Accounts Tips Some merchant account providers have their own payment gateways Plan time to get approval Find out about your monthly limits to prevent shutdowns Find out about the reserve amount Beware the chargeback
75
76 encryption
77 encryption the process of making information unreadable to anyone without special knowledge
78 encryption the process of making information unreadable to anyone without special knowledge special knowledge is the key
79
80 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer
81 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer Some seriously scary technical voodoo magic
82 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer Some seriously scary technical voodoo magic Garbles browser to server communication over the Internet
83 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer Some seriously scary technical voodoo magic Garbles browser to server communication over the Internet No one else can access the information
84 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer Some seriously scary technical voodoo magic Garbles browser to server communication over the Internet Browser uses the public key found in the certificate to encrypt information before sending it to the server No one else can access the information
85 TLS/SSL Encryption Transport Layer Security/Secure Sockets Layer Some seriously scary technical voodoo magic Garbles browser to server communication over the Internet No one else can access the information Browser uses the public key found in the certificate to encrypt information before sending it to the server Server uses a private key to decrypt information from the browser
86
87 Customer web browser public internet server side Secure Web Server
88 Customer web browser public internet private server side Secure Web Server
89 Customer web browser public public internet private server side Secure Web Server
90 Customer web browser public public internet private server side Secure Web Server
91 Customer web browser public public internet private server side Secure Web Server
92 Customer web browser public f37b13464e451a214b af9c9a2613fba public internet private server side Secure Web Server
93 Customer web browser public f37b13464e451a214b af9c9a2613fba public internet private server side Secure Web Server
94 Customer web browser public f37b13464e451a214b af9c9a2613fba public internet private server side Secure Web Server
95
96 secure (SSL)
97 secure (SSL) a specialized electronic document certifies a public encryption key to an identity
98
99 Secure Certificate Buyers Guide
100 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year
101 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types:
102 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain
103 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain Multiple sub-domains
104 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain Multiple sub-domains Wildcard sub-domains
105 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year Extended Validation (EV) 3-4 certificate types: Single-domain Multiple sub-domains Wildcard sub-domains
106 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Extended Validation (EV) Vendors Single-domain Multiple sub-domains Wildcard sub-domains
107 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain Multiple sub-domains Extended Validation (EV) Vendors Verisign (Costly) Wildcard sub-domains
108 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain Multiple sub-domains Wildcard sub-domains Extended Validation (EV) Vendors Verisign (Costly) Comodo (Moderate) instantssl.com
109 Secure Certificate Buyers Guide Ongoing costs in the range $50 $1500/year 3-4 certificate types: Single-domain Multiple sub-domains Wildcard sub-domains Extended Validation (EV) Vendors Verisign (Costly) Comodo (Moderate) instantssl.com GoDaddy (Cheap)
110
111 PCI
112 PCI PCI SSC
113 PCI PCI SSC Payment Card Industry Security Standards Council
114 PCI PCI SSC Payment Card Industry Security Standards Council The body responsible for managing the security standards for the industry
115 PCI PCI SSC Payment Card Industry Security Standards Council The body responsible for managing the security standards for the industry PCI-DSS
116 PCI PCI SSC Payment Card Industry Security Standards Council The body responsible for managing the security standards for the industry PCI-DSS The PCI Data Security Standard
117 PCI PCI SSC Payment Card Industry Security Standards Council The body responsible for managing the security standards for the industry PCI-DSS The PCI Data Security Standard The security standards merchants are required to follow and certify
118
119 PCI-DSS
120 PCI-DSS 12 requirements for any business that stores, processes or transmits cardholder payment data
121 PCI-DSS Build and Maintain a Secure Network
122 PCI-DSS Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data
123 PCI-DSS Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendorsupplied defaults for system passwords and other security parameters
124 PCI-DSS Protect Cardholder Data
125 PCI-DSS Protect Cardholder Data Requirement 3: Protect stored cardholder data
126 PCI-DSS Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks
127 PCI-DSS Maintain a Vulnerability Management
128 PCI-DSS Maintain a Vulnerability Management Requirement 5: Use and regularly update anti-virus software
129 PCI-DSS Maintain a Vulnerability Management Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications
130 PCI-DSS Implement Strong Access Control Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data
131 PCI-DSS Regularly Monitor and Test Networks
132 PCI-DSS Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data
133 PCI-DSS Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes
134 PCI-DSS Maintain an Information Security Policy
135 PCI-DSS Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security
136
137 PCI Compliance
138 PCI Compliance Assess Remediate Report
139 PCI Compliance Assess Remediate Report
140 PCI Compliance Assess Remediate Report Assess your network and IT resources for vulnerabilities. Constantly monitor access and usage of cardholder data. Log data must be available for
141 PCI Compliance Assess Remediate Report
142 PCI Compliance Assess Remediate Report Remediate (fix) vulnerabilities that threaten unauthorized access to cardholder data
143 PCI Compliance Assess Remediate Report
144 PCI Compliance Assess Remediate Report Report compliance and present evidence that data protection controls are in place
145 SAQ Self Assessment A checklist for the requirements with nice little yes/ no boxes You assess with it Get it here:
146
147 WordPress Security
148 WordPress Security in a Nutshell
149
150 Use a Strong Password
151 Use a Strong Password The first line of defense against would-be hackers
152
153 Avoid the admin account
154 Avoid the admin account Setup a different admin account with another name
155
156 Salt your keys
157 Salt your keys define('auth_key', 'el1%+7]b}r._7jj fz{xsg]yh8#>s,qjnd}%x?w~h-y99hk5+#+won7=$l8iqgm-'); define('secure_auth_key', '-)pv+c~$2[6o TBobgd+n#8H8` QcJD6`nML+vax52a+Rn9H[$e4`v8a ->1P){-'); define('logged_in_key', ']MoH-Sj+pxMk2,-]^RPr^)^i#5E}r~8Bu3AoFVbl9-WS )l-r9%or/?w!]vvp~du'); define('nonce_key', 'p2?y4<?z3nwtc>= kwv#qqx 12q~4hg?/?!`MvR+Z%pXSyj01nUBvJkm02{z0*}z'); define('auth_salt', '4{]-;WEc,fEc]10RG< YhlO(7+HP-I,BS3!7GlE_-GXwsrS*cx}e}/]tne+pX+X '); define('secure_auth_salt', v0{r:h`ti-i,shm<dfxc}7goavd?zwo!6%7xgel~^3s'); define('logged_in_salt', '&>,SOL-.7cwk*Wf define('nonce_salt',
158
159 Hide your database tables
160 Hide your database tables Change the table prefix:
161 Hide your database tables Change the table prefix: $table_prefix = wp_ ;
162 Hide your database tables Change the table prefix: $table_prefix = wp_ ; $table_prefix = g5a21r_ ;
163
164 Update Everything
165 Update Everything Keep WordPress, your theme and plugins up-todate
166 Update Everything Keep WordPress, your theme and plugins up-todate
167
168 Backup Everything
169 Backup Everything Always, always, always make regular backups: files & db
170 Backup Everything Always, always, always make regular backups: files & db
171 E-commerce Tools for WordPress What s out there?
172 WP ecommerce getshopped.org The oldest & most widely used Physical & digital products A variety of payment options Several shipping options
173 Cart66 cart66.com Newest solution Uses [shortcodes] 7 payment solutions Subscriptions & Membership Free Lite Version or
174 Shopp shopplugin.net A popular solution 18 payment gateways 10 shipping options 200+ template tags $55 or $299 $25 add-ons
175
176 Jonathan Davis
177 Jonathan Davis
178 Jonathan Davis
179 Jonathan Davis
180 Jonathan Davis shopplugin.net
181 Jonathan Davis shopplugin.net
182 Jonathan Davis shopplugin.net slides
PCI COMPLIANCE GUIDE For Merchants and Service Members
PCI SAQ C-VT PCI COMPLIANCE GUIDE For Merchants and Service Members PCI DSS v2.0 SAQ CVT Merchant Guide 1 Contents Contents... 2 Introduction... 3 Defining an SAQ C Merchant... 3 REQUIREMENTS FOR SAQ-VT...
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationIntroduction to Online Payment Processing and PayPal Payment Solutions
Introduction to Online Payment Processing and PayPal Payment Solutions PayPal Helps Bring You New Customers Drivers of Consumer Demand for PayPal Opportunities for Merchants PayPal is: Secure Simple Fast
More informationPCI Compliance Updates
PCI Compliance Updates E-Commerce / Cloud Security Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance Google: PCI e-commerce guidance https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_ecommerce_guidelines.pdf
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationBest Practices (Top Security Tips)
Best Practices (Top Security Tips) For use with all versions of PDshop Revised: 10/1/2015 PageDown Technology, LLC / Copyright 2002-2015 All Rights Reserved. 1 Table of Contents Table of Contents... 2
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationPayment Gateways: Value and Security
Payment Gateways: Value and Security Presented by: Dmitriy Lerman, Dir. of Marketing 2009 CHARGE Anywhere, LLC. All trademarks, service marks, and trade names referenced in this material are the property
More informationBusiness Link Presentation E-Commerce Payment Processors. 25 January 2010
Business Link Presentation E-Commerce Payment Processors 25 January 2010 Payment Processors Update Overview of Xanthos PCI Compliance 3d secure Payment Processors Xanthos -7 Key Benefits Performance: an
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationHow to Create a Simple WordPress Store Online for Free
How to Create a Simple WordPress Store Online for Free The Internet is one of the most fertile grounds on which you can build a business to sell your products or services. This is because of the fact that
More informationCSU, Chico Credit Card PCI-DSS Risk Assessment
CSU, Chico Credit Card PCI-DSS Risk Assessment Division/ Department Name: Merchant ID Financial Account Location (University, Auxiliary Organization) Business unit functional contact: : Title: Telephone:
More informationCart66 Lite Overview! 3. Managing Products! 3. Digital Products! 4. Digital Products Folder! 4. Product Variations! 4. Custom Fields! 5. Promotions!
Cart66 Lite 1.0 Cart66 Lite Overview! 3 Managing Products! 3 Digital Products! 4 Digital Products Folder! 4 Product Variations! 4 Custom Fields! 5 Promotions! 6 Shipping! 6 Shipping Methods And Default
More informationAccepting Ecommerce Payments & Taking Online Transactions
Accepting Ecommerce Payments & Taking Online Transactions Accepting credit and debit cards is mandatory for Ecommerce websites. This method is fast and efficient for you and your customers and with the
More informationPCI Security Compliance
E N T E R P R I S E Enterprise Security Solutions PCI Security Compliance : What PCI security means for your business The Facts Comodo HackerGuardian TM PCI and the Online Merchant Overview The Payment
More information$920+ GST Paid Annually. e-commerce Website Hosting Service HOSTING:: WHAT YOU GET WORDPRESS:: THEME + PLUG-IN UPDATES
e-commerce Website Hosting Service HOSTING:: WHAT YOU GET Where you host your website is an extremely important decision to make, if you choose simply on price, you may be making a huge mistake. We encourage
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationWordPress 2.9 e-commerce
WordPress 2.9 e-commerce Build a proficient online store to sell and services products Brian Bondari Table of Contents Preface 1 Chapter 1: Getting Started with WordPress and e-commerce 7 Why WordPress
More informationIT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER
July 9 th, 2012 Prepared By: Mark Akins PCI QSA, CISSP, CISA WHITE PAPER IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD PCI DSS for Merchants The Payment
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationPCI Standards: A Banking Perspective
Slide 1 PCI Standards: A Banking Perspective Bob Brown, CISSP Wachovia Corporate Information Security Slide 2 Agenda 1. Payment Card Initiative History 2. Description of the Industry 3. PCI-DSS Control
More informationCyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance
Cyber Security: Secure Credit Card Payment Process Payment Card Industry Standard Compliance A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Compliant? Bank Name
More informationComodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business
Comodo HackerGuardian PCI Security Compliance The Facts What PCI security means for your business Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements intended
More informationDartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
More informationHow To Protect Your Business From A Hacker Attack
Payment Card Industry Data Security Standards The payment card industry data security standard PCI DSS Visa and MasterCard have developed the Payment Card Industry Data Security Standard or PCI DSS as
More informationPDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)
PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationE-commerce Shopping Carts Digital Cert. Merchants
E-commerce Shopping Carts Digital Cert. Merchants What is E-commerce? In its simplest form ecommerce is the buying and selling of products and services by businesses and consumers over the Internet. People
More informationThe Comprehensive, Yet Concise Guide to Credit Card Processing
The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment
More informationThis appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected
This appendix is a supplement to the Local Government Information Security: Getting Started Guide, a non-technical reference essential for elected officials, administrative officials and business managers.
More informationE-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com
E-Commerce SOLUTIONS In this report, MONEXgroup examines various types of online payment processing and E-Commerce Solutions. The tremendous transition towards online shopping stores in Canada has opened
More informationCommon Mistakes to Avoid When Selecting a Payment Processor
7 Common Mistakes to Avoid When Selecting a Payment Processor Introduction Selecting a payment processor is one of the most important steps to getting paid online. But comparing solutions for accepting
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationEcommerce 101. @nathaningram
Ecommerce 101 Nathan Ingram! Who is this guy? Nathan Ingram Freelance Web Developer Brilliant Web Media WebDesign.com Coupon Code wpyall25! Good for 25% off anything you want to buy at! ithemes, PluginBuddy,
More informationUniversity Policy Accepting Credit Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance
More informationTrends in Merchant Payment Acceptance
Trends in Merchant Payment Acceptance December 6, 2007 Credit approval required. Merchant accounts are issued through BB&T Bankcard Corporation, a Georgia Corporation, Member FDIC. 2007 BB&T. All rights
More informationPC-DSS Compliance Strategies. 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA
PC-DSS Compliance Strategies 2011 NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA True or False Now that my institution has outsourced credit card processing, I don t have to worry about compliance?
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationPCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc.
PCI Compliance at The University of South Carolina Failure is not an option Rick Lambert PMP University of South Carolina ricklambert@sc.edu Payment Card Industry Data Security Standard (PCI DSS) Who Must
More informationFor a full comparison of Magento Enterprise and Magento Community, visit http://www.magentocommerce.com/product/compare. Magento Feature List
Magento is a feature-rich, professional Open Source ecommerce platform solution that offers merchants complete flexibility and control over the user experience, content, and functionality of their online
More informationFOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION
FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions PAYMENTS IN-STORE PAYMENTS ON-THE-GO PAYMENTS ONLINE Accept
More informationHow To Protect Visa Account Information
Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document
More informationLa règlementation VisaCard, MasterCard PCI-DSS
La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security
More informationHow Online Payments Really Work
Insights for Businesses How Online Payments Really Work If you re thinking about setting up an online store, you re in good company. Shoppers are increasingly turning to online options, as their access
More informationHow to complete the Secure Internet Site Declaration (SISD) form
1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,
More informationTokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism
Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI
More informationCREDIT CARD PROCESSING GLOSSARY OF TERMS
CREDIT CARD PROCESSING GLOSSARY OF TERMS 3DES A highly secure encryption system that encrypts data 3 times, using 3 64-bit keys, for an overall encryption key length of 192 bits. Also called triple DES.
More informationPCI DSS i mindre miljøer
PCI DSS i mindre miljøer Kåre Presttun kaare@mnemonic.no PCI DSS Standarden er inndelt i 6 hovedområder med 12 underområder: Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall
More informationCOLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6
1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationDartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
More informationInformation for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)
Postbank P.O.S. Transact GmbH (now EVO Kartenakzeptanz GmbH) has recently been purchased by EVO Payments International Group Program implementation details for merchants Payment Card Industry Data Security
More informationPCI Overview. PCI-DSS: Payment Card Industry Data Security Standard
PCI-DSS: Payment Card Industry Data Security Standard Why is this important? Cardholder data and personally identifying information are easy money That we work with this information makes us a target That
More informationSite Management Abandoned Shopping Cart Report Best Viewed Products Report Control multiple websites and stores from one
Site Management Abandoned Shopping Cart Report Best Viewed Products Report Control multiple websites and stores from one Best Purchased Products Report Administration Panel with ability to share as much
More informationPCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz
PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card
More information05.118 Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
More informationFOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION
FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions IN-STORE ON-THE-GO ONLINE Accept secure debit and credit card
More informationPlease note that in VISA s vernacular this security program for merchants is sometimes called CISP (cardholder information security program).
Introduction This document serves as a guide for TCS Retail users who are credit card merchants. It is written to help them become compliant with the PCI (payment card industry) security requirements.
More informationFor a full comparison of Magento Enterprise and Magento Community, visit http://www.magentocommerce.com/product/compare. Magento Feature List
Magento is a feature-rich, professional Open Source ecommerce platform solution that offers merchants complete flexibility and control over the user experience, content, and functionality of their online
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Electronic Payment Works
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Electronic Payment Works How Electronic Payment Works By Jennifer Hord When it comes to payment options, nothing is more convenient
More informationIntroduction to PCI DSS Compliance. May 18, 2009 1:15 p.m. 2:15 p.m.
Introduction to PCI DSS Compliance May 18, 2009 1:15 p.m. 2:15 p.m. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of
More informationSwedbank Payment Portal Implementation Overview
Swedbank Payment Portal Implementation Overview Product: Hosted Pages Region: Baltics September 2015 Version 1.0 Contents 1. Introduction 1 1.1. Audience 1 1.2. Hosted Page Service Features 1 1.3. Key
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationHow To Comply With The Pci Ds.S.A.S
PCI Compliance and the Data Security Standards Introduction The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationSecurity. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities
One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes
More informationPCI Data Security Standards
PCI Data Security Standards An Introduction to Bankcard Data Security Why should we worry? Since 2005, over 500 million customer records have been reported as lost or stolen 1 In 2010 alone, over 134 million
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationMistake #1: Assuming that lowest rate means lowest overall cost.
Introduction Congratulations you ve selected a top-notch e-commerce website solution. But you re not done yet. In fact, the next choice you make will be one of the most important in the process of setting
More informationPayment Card Industry Data Security Standards.
Payment Card Industry Data Security Standards. Your guide to protecting cardholder data Helping you manage the risk. Credit Card fraud and data compromises are an increasingly serious problem, costing
More informationworldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.
worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected. The 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS) by type Build
More informationData Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association
Data Security, Fraud Prevention, and Cost Control Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association Michigan Retailers Association Incorporated in 1940 Represent retail
More informationPLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
More informationWorldNet TPS. Guide to Integration Methods
WorldNet TPS Guide to Integration Methods Page 2 Table of Contents 1 Scope...3 2 A brief description of different integration methods...3 2.1 Hosted Payment Page...3 2.2 XML Gateway...4 3 Costs...5 3.1
More informationA: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:
1 ANZ egate FAQ s Contents Section 1 General information: page 1 Section 2 Technical information for ANZ egate Merchants: page 5 November 2010 Section 1 General information Q: What is ANZ egate? A: ANZ
More informationPCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com
PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard rking@campusguard.com Whoops!...3.1 Changes 3.1 PCI DSS Responsibility Information Technology Business Office PCI DSS Work Information
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission
More informationIntroduction to Clarity Connect s Standard E-Commerce/Store Manager Solution
Introduction to Clarity Connect s Standard E-Commerce/Store Manager Solution This document contains a detailed description of the functionality provided in a standard e commerce implementation with Clarity
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationINFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST
INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST 2 CONTENTS SERVICE LEVELS 3 SERVICE AND SUPPORT 4 CERTIFICATIONS 4 MANAGED HOSTING 7 BILLING 8 SERVICE MANAGEMENT 8 TECHNOLOGY 9 GLOBAL, REGIONAL, LOCAL 10
More informationAchieving PCI Compliance for Your Site in Acquia Cloud
Achieving PCI Compliance for Your Site in Acquia Cloud Introduction PCI Compliance applies to any organization that stores, transmits, or transacts credit card data. PCI Compliance is important; failure
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationCredit Card Processing 101
Credit Card Processing 101 Customers have come to expect credit cards as a payment option. With ATM fees continuing to rise, some consumers may even exclusively choose to take their purchasing power to
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationPCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates
PCI-DSS Compliance Ron Dinwiddie Chief Technology Officer J. Spargo & Associates Agenda What is PCI Compliance Why is PCI Important How does this impact me? Becoming PCI Compliant JSA PCI Strategy Risk
More informationStrategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008
Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Matthew T. Davis SecureState, LLC mdavis@securestate.com SecureState Founded in 2001, Based on Cleveland Specialized
More informationSensible Development. Payment integration. Date: May 2012 Version: 1.1
Sensible Development Payment integration Date: May 2012 Version: 1.1 1 Payment Systems For many reasons, your auction website needs to be able to take payments. Most importantly, winning bidders will need
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More informationQualified Integrators and Resellers (QIR) Implementation Statement
Qualified Integrators and Resellers (QIR) Implementation Statement For each Qualified Installation performed, the QIR Employee must complete this document and confirm whether the validated payment application
More informationWordPress ecommerce & Membership Systems Starts at 7pm EST / EDT (New York time)
WordPress ecommerce & Membership Systems Starts at 7pm EST / EDT (New York time) Send a message to presenters introducing yourself (name and location)! Slides: http://wpacademy.tv/ecommerce2.pdf WordPress
More informationIntro to PCI Compliance
Intro to PCI Compliance And the role Stone Edge V7.1 plays in helping you achieve that goal Monsoon Commerce. All rights reserved. What is PCI? PCI stands for Payment Card Industry In 2006, major financial
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationDalPay Internet Billing. Technical Integration Overview
DalPay Internet Billing Technical Integration Overview Version 1.3 Last revision: 01/07/2011 Page 1 of 10 Version 1.3 Last revision: 01/07/2011 Page 2 of 10 REVISION HISTORY... 4 INTRODUCTION... 5 DALPAY
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More information