This page contains a Flash digital edition of a book.
relationship is often the first hurdle for nascent e-commerce entrepreneurs. Simply going to the bank and setting up a merchant account looks easy but then there’s the flip side. To process credit cards companies must be PCI DSS complaint, which means they must have a secure web site with a secure network and hold any financial and personal in- formation about customers in an ap- proved, secure manner. Further, the best practices that companies must adopt to comply with this standard must also be audited and confirmed.


The advantage of PayPal, as McMullin obviously sees it, is that the path to day- light is not only shorter, it is cheaper and as secure as it is going to get.


“There are no annual fees, no mini- mums, we deal with multiple currencies,” he says. The secret sauce, as McMullin puts it, is that PayPal polices the transactions. With any type of financial transaction, fraud is definitely a risk. Like Visa and Mastercard, however, PayPal analyses transactions digitally, looking for indis- cernible patterns, trends with an algo- rithm, which is a pretty good predictor of fraudulent behaviour.


That’s a two-way street because a busi- ness’s customer — regardless of whether they are consumers or businesses — needs to be assured you are who you say you are and that at the end of the trans- action there will be a delivery of a product or service according to expectations. The beauty of third-party transaction solutions like PayPal is they worry about all the back-end security and compliance issues. By taking your customer into one portal of their protected network and your information into another, they process the transaction without you ever knowing your customer’s financial data.


So, a secure transaction process is the first step, but what about ensuring the site is safe and that your reputation is bona fide?


SEAL OF APPROVAL


Having a seal of approval may seem like a frill, but as VeriSign product manager Ryan White notes, not only do 86 per cent of consumers shopping online recognize the company’s check mark logo, in tests, browsers are 24 per cent more likely to buy when the logo is present.


WWW.SECURITYMATTERSMAG.COM


Clearly, it’s about trust and for $399 a year per server per domain, it’s not a huge cost given the security and sales generate. Verisign audits a company name and do- main and ensures they are who they say they are and that’s the first step towards as- suring customers — many of whom may have just landed on the page through a search engine or aggregator shopping site — that the site is not a “lookalike” poaching customers and their money.


It also ensures the web site has at least 128-bit encryption and perhaps even the more emerging standard of 256-bit en- cryption, which means if a nefarious op- erator were to intercept data they would get nothing more than useless gibberish. Murphy’s Law dictates what can go wrong will go wrong and online it trans- lates into the reality someone is always trying to steal from a business or an un- suspecting consumer. Spotting a potential fraudulent transaction online before it happens, however, is not easy. Andre Edelbrock, co-founder and CEO of Ethoca Ltd., which provides anti-fraud services to online businesses globally with offices in Toronto, Dublin and New York, says one of the hurdles small to mid-size businesses face is that they just don’t have the depth of data like large enterprises. “Without that historical data, and if you’re a startup, there’s no way to analyze it to look for trends which would indicate possible fraud,” he says.


The key is collaboration and pooling the resources of other online merchants to create a massive database that can then be mined. Transactions, he says, can then be flagged green, yellow or red based on previous patterns of fraud.


It works, cutting online fraud up to 70 per cent, an invaluable protection for fledgling online businesses who can’t af- ford any losses.


“And it’s a lot cheaper than hiring an analyst at up to $60,000 a year or more,” he notes.


ONLINE GROWTH


Given the challenges of securing online transactions and protecting against fraud, it’s a wonder the marketplace manages to grow at all, but of course it is — exponentially. The adage for small business has


always been “do what you do best and outsource the rest” and it is especially true when it comes to taking a great idea to the next level.


Cloud computing, in which the nuts and bolts of your enterprise exist on the web rather than on your own servers, also opens the door for modular platforms. Like PayPal as an outsourced service, NetSuite, for example, has off-the-shelf op- tions that allow businesses to quickly cus- tomize their online portals, user friendly interfaces to quickly load content, such as images of products and descriptions and a plug in shopping card module, which takes the headache out of transactions. When customers click on a link to pur- chase a selected item they are taken to a secure third-party page where the trans- action — by credit card or PayPal — is processed and the funds deposited in the business’s account.


There’s an incremental transactional cost but proponents argue it is more than offset by not having to be PCI DSS com- pliant or worry about how personal infor- mation about customers is stored or if the existing security firewalls and protections are robust enough because the provider is responsible for those aspects.


They’re also likely to be more qualified and resourced around security and fraud because that’s their business and that is why it is warmly supported by the credit card companies and other security providers and auditors.


It also opens up a marketing channel for companies selling the out-of-the-box solution, positioning them as resellers of services like Ethoca’s 360 fraud preven- tion program, which customers add on to their purchase either as a value add in- cluded in the price or as an add-on upsell according to the provider's business model.


Ian Harvey is a freelance writer based in T


oronto, Ont.


SOURCES Ethoca • www.ethoca.com NetSuite • www.netsuite.com PayPal • www.paypal.ca VeriSign • www.verisign.com


JULY/AUGUST 2010 • SECURITY MATTERS 21


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32
Produced with Yudu - www.yudu.com