eCommerce

What Yahoo & Bing Can Do For Your Online Business

June 5, 2012 in Business by SupremeCenterHosting  |  No Comments

Google seems to get the most attention when it comes to building an online business, but some of the other search engines offer the tools and the market to make them worth your attention. Yahoo and Bing have nowhere near the market share of Google, but the business that can be gained from their loyal users is nothing to laugh at.

Yahoo offers a variety of business tools that all e-commerce companies should research and then take advantage of. Some of the more useful offers are:

  • Advertising Solutions:  This is a hub of useful information about advertising on the web. It includes access to Yahoo advertising products such as display ads, behavioral targeting, and geo targeting solutions. There is also web news, interviews with industry professionals, and research from advertising industry leaders.
  • Package Tracking:  You can easily track your shipments from DHL, FedEx, UPS, and USPS with Yahoo’s tracking tools.
  • Web Analytics:  Google Analytics is the go-to for most online businesses, but Yahoo’s analytics can be useful as well.
  • APIs and Developer Tools:  This is a collection of over sixty of Yahoo’s APIs for business, social networking, mobile devices, media players, and other web services
  • Developer Network:  The Developer Network has personalized dashboards for developers to manage their projects, technical guides and tutorials for developing apps, language and code libraries, and news for developers.
  • Yahoo! Messenger:  You may not know that Yahoo! Messenger has added quite a few new applications. It still offers instant messaging, but now you can take it with you on your mobile phone, make free video chats, and if you combine with Yahoo! Voice, you can make free PC-to-PC calls or even low-rate PC-to-phone calls worldwide. Great features for all e-commerce platforms.

Bing is also working hard to keep up with and compete with Google in the e-commerce support arena. Here are some of Bing’s more useful business tools:

  • Webmaster Tools:  Help to improve your e-commerce site’s SEO by submitting your site URLs to be sure they are indexed by Bing. It also tracks data on inbound and outbound links to and from your site, shows you keyword performance, and more. This is useful for improving your sites rankings on all search engines.
  • Developer Tools:  Similar to what Yahoo offers, Bing provides useful tools for web and app developers. The standout service is the ability to build customized search engines for your apps and e-commerce websites.
  • Site Submission:  Allows you to submit your site’s URL to Bing to make sure you can be found on the web. All online businesses should do this with all the search engines.
  • Microsoft Ad Network:  Microsoft’s ad network is ranked in the top ten for U.S. ad-network reach, with an average 44 million daily visitors and a total of 149 million unique visitors. By utilizing Bing, you can advertise to this user group directly.
  • Social Search:  Social marketing is critical for all e-commerce businesses. Bing’s Social Search allows you to quickly search out the latest trending topics on Twitter and Facebook so your marketing group can produce content with keywords matching current user searches.
  • Bing Translator:  In order to compete with Google, Microsoft developed its own language translator that can translate a word or phrase into any of the thirty-two supported major world languages. This can help you move your enterprise ecommerce platform onto the global stage.

Starting your e-commerce company with Google tools and targeting Google search is a wise decision for most businesses. However, it is important to not forget about the large number of web users that utilize Yahoo and Bing on a daily basis. Competition breeds innovation and this has led to a large number of tools being created by Yahoo and Bing to attract more online businesses. Most of these tools are free and can make a large positive impact on your e-commerce business’ bottom line.

Brent Carlson is a prolific Internet writer dedicated to improving small business enterprise online.

eCommerce Hosting Manager Denver Prophit Shares Inaccurate Information

February 9, 2010 in SSL Certificates by SupremeCenterHosting  |  No Comments

In a recent post on his blog, Denver Prophit made some insinuations that I felt needed addressed. As many of those who are, or have been associated with CRE Loaded, Denver feels the lack of truth is the best way to profit off those who are Internet Illiterate.

Denver Prophit said; “If you request identity information such as billing address, name and telephone number, you need a secure encrypted channel to send it. You also need good P3P in place.

Fact is, CRE Loaded, osCommerce and 99% of all open source eCommerce applications never considered SSL important, that is until a couple years ago. Furthermore, an article on the InformationWeek website, ["Black Hat: Security Pro Shows How To Bypass SSL,"] suggests that MITM attacks are not impossible:

…Marlinspike explained that he obtained such data by placing proxy software he’d written, called ‘sslstrip,’ on a node of a Tor network, to conduct what’s known as a man-in-the-middle attack. The proxy software intercepts HTTPS traffic, generates and signs security certificates, and mediates data passing between the client and server, capturing everything in the process.

Martinspike captured 16 credit card numbers, seven PayPal logins, and 300 other miscellaneous secure login sessions in only 24 hours.

Marlinspike went on to say that:

Lots of times the security of HTTPS comes down to the security of HTTP, and HTTP is not secure…

Denver Prophit said; “The PCI standard requires Internet retailers to complete a 12-step security audit that must be certified annually and checked every three months.

That may be true IF you accept credit cards on your website. However, if you use a payment processor, such as Authorize.net, Google Checkout or PayPal for example, PCI compliance is not your responsibility.

I emailed PCI Security Standards and received this reply:

As described in PCI Data Security Standard Requirements and Security Assessment Procedures (available at https://www.pcisecuritystandards.org) the PCI Data Security Standard is intended to protect cardholder data and sensitive authentication data. As described on page 4 of that document cardholder data includes the primary account number, cardholder name, service code and expiration date, while sensitive authentication data includes full magnetic stripe data, CAV2/CVC2/CVV2/CID, and the PIN/PIN Block.”

You’ll notice that although cardholder name is mentioned, billing address and telephone number are not mentioned. Why? That is Not the information they [the card issuer] wants to protect. So, why would a small business owner need a “secure encrypted channel” if they are not accepting credit cards on their website?

Denver Prophit mentioned RSA in his post; “The point I stress, here, is * Encrypting transmission of cardholder data and sensitive information across public networks. your admin pages HAVE to be encrypted because it stores sensitive information and is required by federal law. See RSA.com 2005 A Corporate Minefield: FTC Demands “Reasonable & Appropriate” Measures to Protect Digital Assets (August 04) http://www.rsa.com/press_release.aspx?id=5991 (accessed January 14, 2009)

I am glad you mentioned RSA. Taking the time to read that press release, one would find that Art Coviello, president and CEO at RSA Security Inc. stated; “The question that many organizations are now asking is ‘what constitutes reasonable and appropriate action?’ In an increasingly complex regulatory environment, finding a comprehensive answer to that question can be a laborious task.

Who deceides what is “reasonable & appropriate?” One definition of reasonable is “Not excessive or extreme; fair.” The legal definition of reasonable is “Suitable; just; proper; ordinary; fair; usual. The term reasonable is a generic and relative one and applies to that which is appropriate for a particular situation.” (West’s Encyclopedia of American Law, edition 2. Copyright 2008 The Gale Group, Inc. All rights reserved.)

Based on Denver’s analysis, a small business owner, which would account for 90% of EOS Online Merchant’s user base, would be unable to do business on the Internet, if all that Denver claims is absolute. And, its is not.

Do the developers of CRE Loaded understand PCI Compliance?

August 19, 2009 in eCommerce by SupremeCenterHosting  |  2 Comments

The CRE developers recently released their CRE Loaded 6.4 PCI edition, touting full compliance with the Payment Card Industry (PCI) security rules. I won’t discuss the fact that v6.4 was released unfinished with bugs, and in fact, security issues. I do however want to focus on their lack of knowledge of the PCI security rules, or their inability to properly educate their customers on compliance.

A customer recently spoke with Michael Miller, head of CRE Developement, and was told that she needed to be PCI compliant and suggested she use CRE Secure. He also stated that she needed to use a host that was also PCI Compliant and recommended that she use their PCI compliant hosting partner – at a cost of $500/month. This customer explained to Mr. Miller that she does not collect credit cardholder data on her site and uses third-party payment gateway Authorize.Net to process payments. Mr. Miller stated that Authorize.Net is Not PCI compliant. Six days later, CRE made an about face and released a newsletter titled “CRE Loaded Announces PCI Compliance Connection to Authorize.Net.” Within the newsletter, CRE writes:

“CRE now connects directly to Chase Orbital and Authorize.Net If your current gateway is not listed above, ask your current merchant bank provider how you can easily make the switch over to Authorize.Net.”

I’m confused. CRE is creating a “PCI Compliance Connection” with, according to Michael Miller of CRE, a third-party payment gateway that is Not PCI Compliant? It is clear to me that Mr. Miller wanted my customer to use their CRE Secure for credit card processing. Suggesting that Authorize.Net is not PCI Compliant is a disingenuous way of drumming up business for the “Evil Overlord.” Fact is, Authorize.Net is PCI Compliant:

“Authorize.Net also complies with payment industry-specific requirements known as the Payment Card Industry Data Security Standard (PCI DSS v1.1). Our Qualified Security Assessor is Trustwave and we completed our most recent audit in May 2008.”

Visiting the Authorize.Net website and verifying their compliance is so easy, even a money can do it.

PCI Compliance Myths

One myth about PCI Compliance is that every merchant must be PCI Compliant. Fact is, if you use a third-party payment gateway such as Authorize.Net or PayPal, then you are not required to be PCI Compliant – the third-party processor is.

Another myth is you, not only are you required to be be PCI Compliant, but you must also use a PCI Compliant hosting provider. Again, if you use a third-party payment gateway such as Authorize.Net or PayPal then you, and your hosting provider, are not required to be PCI Compliant.

What is required?

As described in PCI Data Security Standard Requirements and Security Assessment Procedures (available at https://www.pcisecuritystandards.org), the PCI Data Security Standard is intended to protect cardholder data and sensitive authentication data. As described on page 4 of that document, cardholder data includes the primary account number, cardholder name, service code and expiration date, while sensitive authentication data includes full magnetic stripe data, CAV2/CVC2/CVV2/CID, and the PIN/PIN Block.

In short, if you and your hosting provider collect, store, process and transmit cardholder data and sensitive authentication data, then you and your hosting provider are must be PCI Compliant.

PCI Compliance does not mean Breach-Free. “It’s a mistake for anyone to equate compliant with impossible to breach,” says David Taylor, CISSP and founder of the PCI Knowledge Base. “There is no way that a committee that has to consider what is “reasonable” and “affordable” to its members and the industry as a whole can possibly design a set of standards that can prevent one clever hacker from figuring out a way to break in, then sharing his/her hack with millions via the Internet,” Taylor says.

If a hosting provider, and merchant using that hosting provider, does not collect, store, process, and transmit any data that falls under the requirements of PCI, then neither host or merchant must comply with the PCI Data Security Standard Requirements and Security Assessment Procedures.

Don’t let anyone sell you on the idea of PCI Compliance. If you use a third-party payment gateway, and are happy with the service they provide, then you do not need to do anything. That being said, there is no reason why you should not ask your hosting provider if they collect, store, process, and transmit any data that falls under the requirements of PCI, and if they do, are they PCI Compliant? There is always that chance that a hacker can break in and steal credit card data. If the hosting provider is not PCI Compliant, the hosting provider could be fined – causing the provider to shut down, leaving you and your business in limbo.

The majority of our customers prefer to use PayPal as their preferred payment processor. Therefore, we do not collect, store, process, or transmit cardholder data or sensitive authentication data. All merchants using our shared hosting services also use third-party payment gateways. What does this mean? Our shared hosting services will continue to be affordable. Within the next 30-days or so, we will start offering PCI Compliant dedicated solutions. However, we will continue to offer affordable dedicated solutions to those customers who prefer to use a third-party payment gateway. Hosting your eCommerce website does not have to be an expensive process. Shelling out $500/month for a PCI compliant hosting provider is unnecessary.

It's all in a name

October 26, 2008 in Domains by SupremeCenterHosting  |  No Comments

To do business on the Web, you will need at least one domain name. You may want to use your business name as your domain name, or you might pick a new domain name that you think will attract people to your website to purchase your products or services.

What to consider when choosing a domain name:

* Descriptiveness – The ability for the domain to be associated with content
* Length of Domain – Length in terms of characters in the domain; a long domain name can actually hurt your chances to resell the domain for a good price should you choose to later on. It also increases the chance that an Internet user will have a hard time remembering that domain
* Number of words in domain – Try to keep the domain name to one or two words. Again, this can actually hurt your chances of reselling the domain for a good price and increases the chance that an Internet user will have a hard time remembering that domain
* Applicability – Is the name generic (can it be applied to a variety of institutions, individuals and businesses)?
* Trademarking & Brand – Does it serves as a strong trademark & brand?
* Dot Value – What is the extension – .biz, .com, .info, .net, .org, .cc?
* Hyphenation – Does the name contain hyphens, such as e-Domain.com? Once again, a hyphen might be a great idea to you at the time you register the domain however, you limit the ability to resell the domain and the chances the site visitor will remember the domain, and
* Abbreviation – Is anything abbreviated, such as eDomain.com? Tyr to choose a domain that does not contain any abbreviations

One thing to consider is that the best domain names are short, unforgettable, ingenious, and easy to spell and pronounce. Also, simple domain names that describe a business’s products or services are easier to market. Choosing a domain name such as EasySoftware.com to describe your software business is much better then a unique name such as xanji.com, bamzu.com, or google.com. These unique names require extensive marketing efforts to attract customers since the domain names have nothing to do with their principal products or services.

One good approach is to choose a domain name that suggests a websites product or service, but isn’t too commonplace, such as ink.com or inc.com. Domain names like these are suitable for trademark protection and customers should be able to easily remember and correlate the name with your business.

Another good strategy may be to use one distinctive domain name, such as cream.com, and one basic domain name, such as soda.com, to represent a site that makes or sells cream soda.

Finding a Name That Hasn’t Been Taken

The hard job when picking a domain name is finding a name that is available as millions of domain names have been registered already. For example, if your business name is Fragrance Direct, you will find that FragranceDirect.com has already been registered. In that case, you will have to choose a different domain name or pursue other options for securing the domain name you want. You can see if the domain is actually in use and, if not, you can request that the name be transfered to you. This sometimes requires that you purchase the domain name from the domain owner. Whenever possible, get a domain appraisal prior to inquiring about purchasing a domain.

The best way to find out whether your business name is available is to do a domain name search. Type the name you want, select an extension and click search. You will then get a message alerting you to whether or not the name is available. If it is unavailable, you will be presented with a few suggestions that can be registered. Do not get discouraged. As I stated earlier, many millions of domains have been registered and you may not find the one you want at first.

Creating a domain name to brand your site

If you are creating a site that does not need to have a targeted name, and you can not think of a unique name yourself, a good source for brand-able domain names is Namevo. They have a slew of domains that are registered and available for sale. You can pick up a great brand-able domain for as little as $100. These type of domains are great for portals, search sites, an entertainment site and even perfect for eCommerce websites.

Creating a name for your website can be tedious. Use your head, do not rush into things, consider my suggestions and get a domain appraisal prior to registering or purchasing a domain name.

  • Authorize.Net Reseller

    Authorize.Net Logo