Big Ideas for Small Business » Security & Fraud http://meridiandesign.net/wordpress Start Today --> Plan for Tomorrow Sat, 31 Jul 2010 18:00:04 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Security & Fraud with MIVA Merchant http://meridiandesign.net/wordpress/archives/10 http://meridiandesign.net/wordpress/archives/10#comments Thu, 02 Oct 2008 20:03:24 +0000 meridiandesign http://meridiandesign.net/wordpress/archives/10 security and fraud with miva merchantI got a question today from Joyce over at Waechter’s Silk Shop asking about security for her MIVA Merchant store. She wanted to know if the host company, Hostasaurus, would notify her if her site was hacked. Since all of my MIVA Merchant clients use Hostasaurus as their hosting company, I thought it might be nice to post their answer here for all to see:

Only if a bug in software on the website was exploited remotely via a script.  If someone obtained their username and password for FTP or the store admin, we wouldn’t know that a particular successful login to the site wasn’t from an authorized person. If they have Encryption turned on in the store admin, the only way the credit card numbers could be obtained via the website would be if that person had the Encryption passphrase, as the card numbers are stored encrypted in the raw store databases.

If there was a PC infected with a virus that was sending keystroke information to a third party, then that party could have also obtained the passphrase and the login information. They should make sure antivirus is up to date and do a full scan of any computers that access the account.

]]> http://meridiandesign.net/wordpress/archives/10/feed 0 Tips for Identifying Fraudulent Orders http://meridiandesign.net/wordpress/archives/6 http://meridiandesign.net/wordpress/archives/6#comments Mon, 10 Mar 2008 20:28:19 +0000 meridiandesign http://meridiandesign.net/wordpress/archives/6 Identifying FraudI got an email today from a client running a MIVA Merchant store at http://www.petitepluspatterns.com. She is an independent pattern designer living in BC, Canada. She got two orders she suspected of being fraudulent. Both orders were placed using free web-based email accounts (yahoo and gmail). Most people I know use these free email accounts these days, so simply disallowing orders from free email providers is not proof enough of fraud.

Here’s some tips for identifying and avoiding fraudulent orders:

  1. Don’t accept a credit card order unless complete information is provided including full address and phone numbers.
  2. Be wary of any order originating from a free, web-based email address. The customer must provide an ISP or domain based address. One that can be traced back to a “real” person. Since the list of free email addresses is growing, check every email address by going to a browser and putting a www. in front of the domain. Don’t accept orders unless the email/domain is a legitimate website or ISP — something that can provide definitive identification of the email address in question.
  3. Call the phone number listed on the order. Many cardholders find that their card information was being used without their knowledge by making this phone call. On the other hand, the party on the other end may have never heard of the “customer.” This results in a call to the issuing bank of the credit card to alert their fraud department.

IC3If you’d like to report criminal cyber activity, you may do so with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov/. This government website offers information about how to protect yourself against internet fraud, spoof email and common crime schemes.

]]> http://meridiandesign.net/wordpress/archives/6/feed 0