When a shopper provides a merchant website with their credit card they are going to first look for the closed padlock symbol in their web browser indicating that your site is using a valid SSL Certificate.  If your site processes credit card numbers or other confidential information like social security numbers or even addresses then you should be using an SSL Certificate, which encrypts personal information into an indecipherable set of gibberish.

In fact, SSL Certificates are one of the criteria in order to be PCI Compliant.  You will need to make sure your site is utilizing PCI Compliant Hosting as well.  When shopping for a web host, this should be one of your first questions.  If they are confused or don’t understand PCI Compliance then you should move on to the next host because this can put your livelihood at jeopardy.

In order to prove that you are a reputable business you should always put a physical address of your business to prove that you actually exist.  Even if you are running your e-commerce business out of your spare bedroom, you want to make your site look as professional as possible.  It is also always good to have a phone number where customers can reach you in case they have a question or a problem.  Shoppers want to feel confident that if there is a shipping problem or other issue, you will be able to be reached and are honest.

In the e-commerce industry, the PA-DSS has been a major topic lately.  As of July 1^st, all e-commerce payment applications must be compliant with the new Data Security Standard.  Payment applications include software like shopping carts.  It is imperative that as a storeowner, you make certain that your shopping cart is compliant.

Miva Merchant Hosting provided by WebNet Hosting is fully compliant with the PA-DSS and have been premier Miva Hosts since 2004, making them experts in the e-commerce sector.

SSL (Secure Sockets Layer) Certificates have become a staple of the e-commerce industry and are required in order to be PCI Compliant.  Whenever you see a closed padlock (or an “s” following the “http” in the web address, ie “https”) in the address bar of your web browser then you know an SSL certificate is protecting you.  The function of SSL certificates is to encrypt personal and private data into an incompressible set of gibberish so that this information cannot be compromised by hackers or those with malicious intent.

When conducting business online, it is imperative that online business owners and operators protect themselves and their customers.  A security breach can be very expensive and is detrimental to all those involved.  With the burgeoning rate of identity theft and credit card scams, it is vital to protect everyone involved in online shopping.  To provide a scope of how serious a problem credit card fraud is, the five major credit card companies report over $1 billion in losses per year stemming from stolen credit card information (much of which occurs online).

When an SSL certificate is in place then data is being encrypted on all sides, meaning between the customers computer and the web servers.  SSL certificates are not only necessary for those involved in selling on the Internet.  They can apply to anyone handling sensitive information such as banks, utility companies and so forth.  With such an abundance of private information being shared across the web, it is imperative to have the proper security precautions in place so that customers as well as merchants feel safe.

To your customers – having an SSL certificate in place shows that you take their confidentiality and personal information seriously.  Currently, most e-commerce sites offer 128-bit encryption.  This ensures them that their customers will be protected no matter what browser they are using.  If a store handles payments or collects private information like addresses, social security numbers, or dates of birth then it needs to use 128-bit or better encryption.  Sites using 128-bit or better encryption are virtually immune to hackers and their customers can feel safe.

WebNet Hosting offers SSL Certificates with all of our E-commerce Hosting and Miva Merchant Hosting packages.

PCI vs. PA-DSS: What’s the Difference?
The PA-DSS applies to products distributed as applications that people can download and use however they went.  For e-commerce operators, this refers to their shopping cart and shopping cart hosting solutions.  By July 1^st 2010, all shopping carts must be compliant with the new PA-DSS.  If your website uses a cart or host that is non-compliant with PCI Security regulations then your store risks being charged higher fees and penalties for transactions, fines and even the possible cancellation of your merchant account.  If your merchant account were to be cancelled then your business could no longer accept credit cards, which could very well put you out of business.

Becoming compliant with the PA-DSS is a very costly process for developers and distributors of shopping cart software.  Many of the open-source shopping carts on the market will not be able to afford audits performed by the PCI’s Qualified Security Assessors (QSAs) and therefore will not be compliant by the deadline.  As an e-commerce merchant, it is your responsibility to ensure that your cart is PA-DSS certified.  If your cart is not compliant with the DSS then your site is not PCI Compliant and you will need to switch to a compliant cart in order to remedy this.

If you are opening a new store then you must make sure that you are signing up with a compliant cart and a PCI web host.  By the July deadline, all level 4 merchants must be hosted on DSS certified applications regardless of whether or not they store credit card data.  There are some exceptions to this rule.  For example, if you strictly use a third-party service such as PayPal, Google Checkout or Amazon Payments and credit card numbers never touch your server then you might not have to prove compliance.

PCI Compliance covers a broader spectrum than the DSS and involves the host of your website rather than only your shopping cart and applications.  Managed e-commerce hosting providers are responsible for following the guidelines laid out by the PCI Security Council in order to be fully PCI Compliant.  Web hosts must follow the rules of the PCI by making sure their anti-virus is up to date and the proper firewalls are in place.  As an e-commerce business operator, you must ensure that your host is PCI Compliant or you cannot legally process credit card transactions on your site.

Why Does the PCI Exist?
The biggest reason that the PCI was created is to protect banks from having to reissue credit cards, which is extremely costly.  When something costs banks money, it trickles down to their clients and the consumers in the form of increased fees.  One security breech can compromise hundreds or even thousands of credit cards.  One compromised card costs a bank approximately $100.  This can easily add up to millions and millions of dollars in replaced credit cards alone, not even taking into account stolen merchandise and the refunding of fraudulently spent money.

How To Prove Compliance
First, you need to understand the different merchant levels.  Online stores are rated from level 1 to 4 and your merchant level determines the rules that you must follow in order to be compliant.  Level 1 is the highest and applies to stores that process 6 million or more transactions per year.  Level 4 applies to companies that handle less than 20,000 transactions per year.  Most small online businesses will fall into the Level 4 category.

Level 4 merchants must complete a quarterly network scan and questionnaire (there are companies like ControlScan and McAfee that will help with these steps).  Merchants and their web hosts must also follow all other PCI compliance guidelines including the following basic requirements:

• The construction and maintenance of a secure network
• Having the appropriate firewalls in place
• Proper password protection
• Performing virus scans
• Making certain that anti-virus software is routinely updated
• The encryption of customer’s personal data by using SSL Certificates
• Protecting sensitive data to the fullest extent possible
• Regularly testing and monitoring of the security systems

If you store credit card information then it must be on a separate server that is not web accessible and can only be reached by certain certified members of the company.  They must also ensure that they have a PA-DSS compliant cart or any other applications.  Higher level merchants may even be required to have someone on staff to handle PCI Compliance issues.

As previously mentioned, if your website strictly uses a third party payment processor then you might not need to prove that you are compliant and can host all of your store on a single server.  However, not everyone has a PayPal, Amazon or Google account and in order for your online business to be taken seriously, you should probably be able to process credit cards.  If you can accept credit cards then you will not limit your sales and will be able to operate a truly successful e-commerce business.

The PCI questionnaires fall into two categories: SAQ-A (for those that do not store credit card data) or SAQ-D (those who do store credit card data).  Obviously, the SAQ-D is more work and if a credit card number touches your server then you will need to complete this questionnaire.

Ensure Compliance Now!
Since July 1^st is rapidly approaching then it is in the best interest of all e-commerce storeowners to ensure PCI Security Compliance for their website(s).  It is not worth jeopardizing your business and livelihood over non-compliance.  The risks are simply too great.

Miva Merchant Web Hosts and the Miva Merchant shopping cart will be fully compliant with the PA-DSS by the July deadline.  To learn more about Miva Hosting, visit http://webnethosting.net.

• Create a site search function so shoppers can easily find items or services with little effort.
• Put this search function on all pages of your site.
• Organize your site with easy to navigate categories.
• Look at your site from a shopper’s point of view and make sure that shopping from your store is simple.

2.  Give Your Products and Services Extremely Detailed Descriptions.

• Online shoppers cannot physically see your offerings so provide high quality images of each item for sale.
• Give your clients the option to zoom in on and rotate images so they get the full picture.
• If selling used items or goods with any sort of imperfections, make sure that these defects are clearly visible.
• Use videos to show your products or services whenever possible.  This will often trump your competition.
• Along with video, use audio whenever possible to describe your products or services.

3.  Guarantee Site Security.

• Ensure that your site is PCI and PA-DSS Compliant.  Remember that not all hosts or shopping carts are compliant.  Miva Merchant 5.5 will be fully compliant with the PA-DSS by the July 2010 deadline.
• Install valid SSL Certificates so that confidential information is properly encrypted.
• Create a “Contact Us” page.  Customers will trust you more if you provide a physical address and telephone number.

4.  Supply Customer Reviews and Testimonials.

• Put a review system in place on your site.  There are review modules for Miva Merchant 5.5 on the market.
• Positive reviews of your products and service are perhaps the most important tool in establishing a successful online business.
• If a client sees that their opinions matter to you then there is a greater chance that they will become a repeat customer.
• Taking your customers’ ideas and opinions into consideration can greatly aid you in your marketing campaigns.

5.  Increase Your Site’s Speed and Page Load Times.

• People shop online to save time. They will generally be turned off by a site with slow load times.
• Use a qualified and knowledgeable business web hosting provider that has fast servers and an uptime guarantee.
• Ensure that your hosting plan provides adequate bandwidth for the amount of traffic your site receives
• Make sure that your host is willing and able to grow with you as your business grows and generates more traffic.

6.  Perform Proper Market Research.

• Study in-depth what your competition is doing including their marketing, pricing and basically all aspects of your business.
• Institute price-matching programs to keep up with the pricing your competitors are offering.
• Conduct research to find your target demographic and market accordingly.

7.  Properly Promote Your Business.

• Make sure you are reaching your target audience by listing your site in respective directories.
• Utilize site statistics tools such as the free Google Analytics to develop proper marketing plans.
• Conduct smart Search Engine Optimization (SEO) campaigns to get to the top of the Search Engine Results Page (SERP) for targeted keywords including link building, directory marketing, social networking, article marketing, forum and blog posts and many other techniques.
• Properly use meta descriptions and tags to guarantee the correct indexing and ranking in the search engines.

8.  Clearly State Your Shipping and Return Policies.

• No one likes any kind of hidden fees so be upfront about these policies.
• Offer shipping discounts for the purchase of multiple items.
• Offer free shipping whenever possible for customers that spend a certain amount of money with you.
• Be frank about who is paying for shipping when it comes to returns.

9.  Make Plainly Visible What Methods You Accept For Payment.

• Put accepted methods of payment on your home page.
• For smaller merchants, services like PayPal and Google Checkout may be sufficient.
• In order to be widely successful, realistically you will need to be able to accept major credit cards.
• The more payment options you offer the better.

10.  Devote a Page to Sale and Discounted Items.

• An abundance of online shoppers will jump straight to the clearance section just like many customers do in brick and mortar establishments.  People are drawn to bargains.  Simple as that.  Especially in today’s economy.
• Highlight your discounted goods as much as you can.

Properly following these steps will help any e-commerce merchant be on their way to running a successful online business.  Good luck!

For example, often times when a new web hosting account is created, the client will be provided with a generic log-in and password that can be easily ascertained by unauthorized users or programs.  It is imperative that the first thing a new client does is change this log-in information to something unique that no one else is aware of or can easily guess.

For online business owners – even if your site is secured by an SSL Certificate and is following the PCI Compliance guidelines, your customers’ confidential information such as credit card data, email and billing addresses can be compromised by a hacker that gains access to your databases.  This can all be avoided by simply changing your password to something that someone will have a serious problem trying to figure out.

The number one rule when choosing a password is to not choose the word “password” itself in any way (not even password1245).  Believe it or not, this is one of the top most careless mistakes made.  The second most common careless error is having your username and password be the same.  Even the most inexperienced hackers can figure these things out.

Also, passwords should never include the name of your site or business, your birthday or any other words commonly associated with you or your business.  For Miva Merchant storeowners, passwords should never be “miva,” “mivamerchant,” or the like.

When creating a password, it is important to use both upper and lowercase letters combined with numbers and symbols if allowed.  A strong username and password combination will keep you and your business safe!  Be smart!

SSL has had a major impact on the world of e-commerce and online shopping by establishing a sense of trust between the consumer and the online business.  When you see a closed padlock in the address bar of your web browser, you can feel safe knowing that the site is secure, trustworthy and using a valid SSL Certificate.  In fact, in order to process credit card payments according to the PCI (Payment Card Industry) guidelines, a store must possess and use an SSL Certificate.  E-Commerce sites must be PCI compliant or they will face severe fines and could even be shutdown.

For online storeowners it is imperative to have an SSL Certificate to not only ensure your customers that your store is honorable but to protect your business as well.  Miva Merchant stores use SSL Certificates that are installed on the server to provide you with a secure shopping cart program so that you and your customers can feel safe.

WebNet Hosting provides a free, shared SSL Certificate on all of its Miva Hosting accounts while a dedicated Certificate can be purchased for an additional $150.  SSL Certificates are a necessary tool to have in order for your online store to be taken seriously in the e-commerce arena.