Big Ideas for Small Business » MIVA Merchant http://meridiandesign.net/wordpress Start Today --> Plan for Tomorrow Tue, 21 Sep 2010 13:24:47 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Security & Fraud with MIVA Merchant http://meridiandesign.net/wordpress/archives/10 http://meridiandesign.net/wordpress/archives/10#comments Thu, 02 Oct 2008 20:03:24 +0000 meridiandesign http://meridiandesign.net/wordpress/archives/10 security and fraud with miva merchantI got a question today from Joyce over at Waechter’s Silk Shop asking about security for her MIVA Merchant store. She wanted to know if the host company, Hostasaurus, would notify her if her site was hacked. Since all of my MIVA Merchant clients use Hostasaurus as their hosting company, I thought it might be nice to post their answer here for all to see:

Only if a bug in software on the website was exploited remotely via a script.  If someone obtained their username and password for FTP or the store admin, we wouldn’t know that a particular successful login to the site wasn’t from an authorized person. If they have Encryption turned on in the store admin, the only way the credit card numbers could be obtained via the website would be if that person had the Encryption passphrase, as the card numbers are stored encrypted in the raw store databases.

If there was a PC infected with a virus that was sending keystroke information to a third party, then that party could have also obtained the passphrase and the login information. They should make sure antivirus is up to date and do a full scan of any computers that access the account.

]]> http://meridiandesign.net/wordpress/archives/10/feed 0