×

Posted on

Your Helpful PCI-DSS Audit Checklist

Category: Guest Posts

PayTabs
Mohab Guest Posts, Super Merchants 0

Your-Helpful-PCI-DSS-Audit-Checklist

In 2019, global retail sales grew by 3.4% from the previous year to hit $21 trillion. Global eCommerce accounted for 16.4% of total retail sales at $3.46 billion. Ecommerce sales continue to grow, thanks to globalization and the internet. 

This growth also comes with a few challenges, among which is payment card fraud. In 2018, payment card fraud amounted to $27.85 billion and was expected to hit $35.67 billion in the next five years.

If you intend to pursue the e-commerce route, you’ll need to consider a few things, one of which is the payment method. How many payment alternatives will you offer your customers? Are the payment methods secure?

Your customers will offer you their financial data on a silver plate; they expect that it’s secure and confidential. To guarantee this, you need to prove that you’re PCI-DSS compliant.

What is PCI-DSS?

This is a set of standards formulated by the PCI Security Standards Council. This council is made up of major credit card companies who joined forces to create security standards that protect credit card data.

As a merchant, your compliance guidelines are dictated by the number of annual transactions. Merchants are grouped into four levels:

  • Level 1

This covers merchants who handle over 6 million transactions every year or have experienced a data breach.

  •  Level 2

Merchants who handle 1-6 million transactions annually.

  •  Level 3

Merchants with less than a million transactions but more than 20,000 annual transactions.

  •  Level 4

Merchants with less than 20,000 annual transactions.

Each of these levels has different compliance requirements. The more the transactions you process every year, the tougher the compliance requirements become.

PCI DSS Compliance Checklist

PCI has six control objectives that constitute twelve compliance requirements. These requirements are not subject to merchant levels; thus, all merchants are required to adhere to the compliance requirements regardless of transaction volume.

These control objectives include:

  1. Secure Network and Systems

This control objective has two requirements:

  • Protect cardholder data by installing and maintaining a firewall

Firewalls are barriers that protect your network by preventing security threats from accessing or spreading through your network. Firewalls act as filters that determine whether information passing from one computer to another is safe or not.

  • Limit the use of vendor-supplied passwords

Every system comes with security parameters, among which are passwords. These passwords are often easy to hack; thus, you should change them before you deploy the systems. Ensure that you update system configurations and security measures as you identify new threats.

  1. Protect Cardholder Data

Cardholder data refers to personally identifiable information that’s associated with a credit or debit cardholder. According to PCI DSS, cardholder data includes PAN, which is the unique payment card number used to identify the cardholder’s account and the issuer. The standards require that merchants encrypt the transmission of cardholder data and protect stored cardholder data as stipulated in the guidelines.

  1. Implement vulnerability protection programs 

Create a program to help you identify weaknesses in your payment card infrastructure system. Hackers will exploit these vulnerabilities to access your cardholder which you can mitigate by:

  • Implementing measures to protect your systems against cyberattacks such as malware.
  • Maintain secure systems

  1. Access control measures

Limit access to cardholder data by vetting everyone who needs access to this data. This is achieved by:

  • Restricting access to cardholder data

Only authorized personnel should have access to this data. Limit the privileges of everyone to a need-to-know basis and deny all other access unless authorized.

  • Authenticate access

Employees that have access to cardholder data should be assigned unique identification. They will use these identifications to access the data, thus making it easy to track how data is handled. Do not use group IDs; every member with access needs unique identification.

  • Restrict physical access to the data

Your onsite systems are also vulnerable to attacks or internal leaks; thus, you need to put measures in place to limit physical access to cardholder data.

  1. Monitoring and testing networks

Monitor your physical and wireless networks to identify vulnerabilities that cybercriminals can exploit to gain unauthorized access to your systems and data. To prevent cybercriminals from exploiting these vulnerabilities, you are required to:

  • Thoroughly track, analyze, and monitor cardholder environments in search of weakness.
  • Frequently test your system components, processes, etc. to ensure that you maintain security over time. 

  1. Information security

Your business needs a strong security policy that details the responsibilities of your employees towards protecting cardholder data.

Conclusion

PCI compliance isn’t a guarantee that your systems and data are safe; hundreds of companies have experienced data breaches despite being PCI-DSS compliant. Achieving compliance is merely a baseline. You need to meet the requirements as stipulated by the governing body and implement extra measures that protect your systems from emerging threats. You can never be too sure when dealing with cybersecurity, going the extra mile helps prevent cyber attacks.

About the author

Jordan MacAvoy is the Vice President of Marketing at Reciprocity Labs and manages the company’s go-to-market strategy and execution. Prior to joining Reciprocity, Mr. MacAvoy served in executive roles at Fundbox, a Forbes Next Billion Dollar Company, and Intuit, via their acquisition of the SaaS marketing and communications solution, Demandforce.

4 years ago
Go Beyond the Zoom
Mohab Guest Posts, Super Merchants 0

4 Ways to Add Something Extra to Your Product Visualization

While online shopping comes with the pro of being anytime, anywhere, and wearing anything (hello, 2 a.m. shopping sprees in your Ninja Turtle pajamas), it carries with it the con of not being able to see the product up close and in person. Companies often try to compensate for this by taking a handful of shots of the product from a few angles — and of course, the viewer can always zoom in.

I’ve got news: It’s time to go beyond the zoom.

Ecommerce has been trending toward more sophisticated technological adoption, and product imaging is certainly at the forefront of this movement. Having the zoom option on product images is something that has unsurprisingly been popular in online shopping since it first appeared — we all love to look at the details of a product before we buy it! Also unsurprisingly, technology has adapted quite a bit since then, and it’s time to look into new ways to give your customers the in-person experience of the product without ever having to change out of their PJs.

1. Give them the full 360-degree experience
There’s something amazing about being able to turn a product around and view it from every angle just like you would if it was right in front of you — and that’s what a 360-degree view gives your customer. It can provide a lot more detail than a still photo and descriptive text can, and is far more interactive and immersive than a slideshow from a few different angles.

The best part about this is that you probably don’t need to invest much more than you already are. If you’re doing standard photography, you likely already have a camera, tripod, and backdrop. All you need to transform your plain Jane setup to a 360-degree extravaganza is a turntable and a remote shutter release. It does take more time than a standard few shots, but the payoff can be worth it!

2. Record it in action

If you’re looking for more bang for your buck, consider shooting some videos of your product in action, preferably with someone interacting with it. If you do it right, it can act as both a video marketing tool and a product description. It doesn’t need to cost a million dollars, either; take this simple but effective video of a guy using a Kelly side table. What it lacks in budget it makes up for in humor, and comes across as more endearing and genuine than a fancy schmancy ad campaign ever could.

If you want to produce something higher-quality, try focusing on just a few products, like a new line you’re launching or your best sellers. Then you can go the route of Glory Cycles (get it?) and shoot a really nice video starring your best stuff. The best part about that promotion is how simple and well-executed it is, showing just how effective that visual experience is.

3. Artificial Reality

We’re getting into the cooler (and more expensive) stuff now. You may have heard artificial reality and virtual reality used interchangeably, but they are quite different: Artificial reality is computer-generated imagery overlaid onto the real world (think Pokemon Go). This is perfect for a lot of products, because it can literally show the customer how the product will look on them, in their home, or in their world.

Go Beyond the Zoom

Sephora is quite a pioneer in the beauty world, so it’s no surprise that it has a virtual makeup artist. Using its AR, you can try on different makeup products without ever having to put them on your face — and of course, buy what you like.

Another great application of AR comes from IKEA, which has an app that lets customers hold up their phone and see realistic images of IKEA furniture overlaid onto their room. Far from a badly photoshopped insert, the furniture is accurately placed and measured to look as realistic as possible.

4. Virtual Reality

Finally, the really high-level stuff. Virtual reality is different from artificial reality in that it is a complete view of your surroundings through some sort of lens or goggles, like the Oculus. People call it the way of the future, but it’s still got a ways to go. Due to the cost and complexity, it’s no surprise that most companies have not embraced VR, but it can still spark your creativity and make you think about applications of your products that are a little outside the box.

A few companies have taken the plunge, though. EBay launched the world’s first virtual reality department store, in which customers could view eBay products as if they were in a department store. Shopify hasn’t come out with any VR experiences as of yet, but it has heavily invested in both AR and VR, and hopes to be used in the future as a place to host virtual reality experiences. It’s likely not within reach in the very near future, but it’s an exciting space to keep your eye on.

It’s all about the experience

As technology improves, your customers will expect you to take advantage of it to provide the best online shopping experience you can. How are you wowing your customers?

About the author

Jake Rheude is the Director of Marketing for Red Stag Fulfillment, an ecommerce fulfillment warehouse that was born out of ecommerce. He has years of experience in ecommerce and business development. In his free time, Jake enjoys reading about business and sharing his own experience with others.

5 years ago
Startups living in uncertain times?
Mohab Ecommerce, Guest Posts 0

Startups living in uncertain times?It goes without saying that startups have transformed how we interact with the world around us in the past few years. If you’ve traveled to any of the world’s major cities in, say, 2010, you would have likely checked into a hotel and hailed a taxi cab to take you there. Today, you can expect greater convenience, value for money and, possibly, a chance to meet locals at a click of a button through Airbnb and Uber.

The trend carries on as I type this blog entry. Uber, an established company by now, is being made to tweak its operations to keep newcomers like Bird, which now rent scooters as an affordable, convenient and reliable means of transportation, from eating into their market share. Also consider how corporate giants such as HBO, Amazon and Disney are being compelled to launch their own streaming services to reclaim their market shares from the likes of Netflix and Hulu.

But the truth is that startups can only flourish in healthy economies. Successful startup enterprises, after all, reflect harmonious matchmaking between entrepreneurial creativity and innovation and an optimistic outlook by investors. Perhaps it’s within our nature as humans to be creative and problem-solve, so the entrepreneurial spirit will probably never flag. But access to capital can be a problem. Even the most revolutionary business ideas of our time couldn’t have seen the light of day without funding.

There are many scenarios that can affect access to capital. How business-friendly is the economy? Are investors and lenders bogged down with red tape? Are they optimistic about the prospects of yielding a profit? Might they be concerned about consumer purchasing power if it’s not rising? Or maybe regard the market as saturated in a given sector? Endless possibilities can influence the outlook of investors and lenders.

One scenario that can surely affect startups’ access to capital is a financial crisis. Despite the inspiring success stories I’ve mentioned above, there is evidence that shows that potential for startups to succeed in the US has not yet fully recovered to its former pre-crisis levels in terms of births and deaths of startups, job creation and, perhaps most importantly, commercial lending. Fast-forward to 2018, and you’ll find the business press making noise about an upcoming and potentially deeper recession. Gloomy headlines such as “another economic downturn is just a matter of time” and “monetary policy for the next recession” can be found in the Economist and the Financial Times. JPMorgan Chase has even put a date on when it expects the bad news: 2020.

If the recession of 2008 is any guide, we know that we can’t underestimate how connected the GCC markets are to the fortunes of Wall Street: the US market, as the world’s biggest and most important, had a direct impact on commodity markets globally, which in turn affected GCC financial markets and government revenues. So the question for us becomes: how will we cope if a new crisis befalls us? Can we prepare any contingencies to keep new startups connected to their lifeline? Crisis or not, a lot can be said about the ability of startups to address all sorts of challenges, including the problem of access to capital. Just ask the people behind Kickstarter and Indiegogo. Beyond that, the role of pro-business institutions like Bahrain’s Tamkeen will be key in helping startups to rise and, if the doomsayers are correct, survive the winter of another recession on Wall Street.

About the author

Mahmood Almahmood is a translator and editor at a national news service. Trained in the social sciences and the arts, he enjoys staying abreast of the business press and analyzing its trends.

5 years ago
All the Traffic but No Sales: 5 Things You Might Be Doing Wrong
Mohab Growth Hacks, Guest Posts 0

All the Traffic but No Sales: 5 Things You Might Be Doing Wrong

Your e-commerce website site is shiny, ready, and that fresh marketing campaign is driving traffic like gangbusters. Newsletters are flying out, and your tweets are picking up tons of action. But, you do not see any pickup in sales.

All that marketing spending is just going in smoke, and it’s got you down.

We get it, and nearly every e-commerce store has been there. Driving traffic was supposed to be the hard part, so what’s gone wrong? Where’s the breakdown?

The bad news is that there are hurdles throughout the process that you might not be clearing. The good news is that you can definitely overcome them. Let’s look at five of the biggest to get you started in matching sales with the new traffic boom.

Getting the Wrong Traffic

Most e-commerce stores believe that traffic is the key. As long as they’re driving eyeballs, then they’re golden. Unfortunately, that’s often not the case because you have to drive the right eyeballs to make a sale. Your traffic must match the content of the site and the offer you provide.

Here are three of the most common disconnects in this space:

  • Targeting the wrong people for your product (right product, wrong people)
  • Sending your target audience to pages or content they aren’t interested in (right people, wrong product)
  • Targeting people not interested in your core offer and sending them to landing pages that don’t focus on your core offer (wrong people, wrong product)

You’ll need to do some customer research to find out who is most likely interested in your products. Start with this data and get as much demographic information as possible. Use that to build your ad campaigns and your social targeting.

Next, review your messaging and sales funnel to ensure that this new audience of people who need your core products are being sent to pages highlighting those products. If you’re sending someone to the wrong stuff, they’re more likely to click back to the page they came from instead of browsing around your site.

Having a Complicated Site

Another big sales killer is a website that’s hard to use. Most office this means it is too complex for the visitor. Complexity hurts in a few ways.

First, it can make your site load slowly. More than one-third of visitors will leave a site if its images don’t load quickly and about half of your audience thinks your site should load in two seconds or less. Second, complicated sites can impact how they display on mobiles. This can harm you if you’re in one of the categories where mobile accounts for at least half of total ecommerce spending.

And the final note about web design is that 75% of your audience will judge your credibility and trustworthiness based on your web design.

When sites get too complicated to use easily, they cut against the engagement and trust required for a sale. Address this by simplifying your website, working to reduce load times, and keeping your product images and “buy” buttons clearly visible toward the top of each page.

Missing Pertinent Product Details

If you were buying a product you’ve never tried before, would you get a small, medium, or large?

We know what you’re thinking: “It depends. Tell me more about the product.”

That’s exactly right. You need a wide range of details to understand any product. Plus, you also need information about why it is a right fit for you and, often in the e-commerce space, if this product is the right style for you too.

Customers who don’t understand your offer or get these details aren’t going to buy.

Approach each one of your products and the pages that host them to see if you’re providing the right details. Here are some of the bases to cover:

  • What problem does the audience have?
  • How does this product solve that?
  • Are the available options able to do that for this particular visitor?
  • What do they need to narrow down the options? (Think size charts, how much liquid a cup holds, etc.)
  • What does it look like? What will this visitor look like or feel like using the product?
  • Why do they want to look/feel like that?
  • How can they easily buy it from you?

These questions will give you the structure to present the customer with an idea about their problem and how you solve it, convincing them that you have the right solution based on how they want to look or feel after the purchase. Everything else is designed to help them make their choice.

The faster you can do this, the better.

No Clear Differentiation

Many e-commerce stores offer a similar selection of products — this is even more true if you’re drop shipping.

Do a quick online search of your business area and specific products to see how your competitors are describing the products and how close their offers are to yours. If you’re one of many talking about products in the same way, or are using the same stock photos, you won’t be creating a clear reason for a visitor to make a purchase from you.

Tell a story that highlights what you like best about the products and match it to your overall personality. Align that with your target market, because it may create a personal connection with a site visitor who would then be more willing to buy.

You need to show brand and product personality to stand out. It can be difficult in the e-commerce space to do that because you’re often working with limited products. However, the design you give your site and the way you talk about your products can go a long way. If you need inspiration on how to feel different, look at websites from the brands themselves. Don’t copy their style but find things you can emulate while adding your own flavor.

No one needs just another bland catalog on the Internet.

Problems at Checkout

The final place to check is your purchase process. Messy, complex, or broken checkout systems are often a cause of failed sales. Again, you want to be as simple and straightforward as possible.

Show users the price of the goods and have their cart follow them throughout. You can indicate expected costs like taxes or add a note to the cart overlay text that says, “plus shipping and handling.” This way there is less of a surprise jump in price when checkout time comes.

If you offer free shipping or have a partner who guarantees speedy ecommerce delivery, then note this information on the page to help customers feel more comfortable with the purchase.

Breaking the process into multiple steps also helps people stick with it, instead of getting overwhelmed by long forms. You can see this practice on most leading e-commerce sites, especially Amazon. Another trick to grab from Amazon is to show product detail summaries on your checkout pages, including things like size, color, and quantity.

One final note to consider is that you might not want to force customers to create an account. Ask for an email to send the receipt, but wait on making them choose a password. You can use the receipt or “thank you” email as a place to ask them to create an account. It reduces the burden and can increase your overall subscription volume too.

Here’s hoping these 5 tips will help you onto the path of greater sales.

All the Traffic but No Sales: 5 Things You Might Be Doing Wrong

About the author

Jake Rheude is the Director of Marketing for Red Stag Fulfillment, an ecommerce fulfillment warehouse that was born out of ecommerce. He has years of experience in ecommerce and business development. In his free time, Jake enjoys reading about business and sharing his own experience with others.

6 years ago
A Guide On How You Can Bring Automation To Your Online Business Part II
Mohab Ecommerce, Guest Posts 0

A Guide On How You Can Bring Automation To Your Online Business Part II

Image credit: Flickr

It doesn’t matter whether you sell services, products, or even just share content with your online audience: any online business is ripe for automation — including yours.

Set out an automation framework to help you scale and manage your automation operations — find out how to do so in part II of our automation series. 

Create an appropriate framework

The main challenge with automation is having the right framework to support your new processes. This means having an all-informed business with robust documentation. Without it, your automation drive will be lost.

You need to embrace:

  • Bots
  • Smart integrated systems
  • Cross-platform and cross-device formats
  • Workflows, processes and tasks — not individual ability
  • Zapier
  • Inventory management automation

Part of successful automation is process management. You can always automate a process.

This is really the crux of the matter when it comes to automation. Do you fancy staying up all night, packing the latest orders of your store? Or manually having to schedule every single blog promo piece for the next 6 months?

I’m guessing the answer is no…

So create a process, automate it, and move on to the more important stuff instead.

A Guide On How You Can Bring Automation To Your Online Business Part II

About the author

Victoria Greene is a branding consultant and freelance writer. Big fan of automation when it comes to content marketing. Helping ecommerce brands and startups scale faster and better.

6 years ago