Paypal has a built in shopping cart function that allows paypal users to easily add products to their website. The cart works by letting users paste an html form on their website, and when a visitor clicks on the form button, the specific product is added to their cart as they are redirected to paypal. It is a very simple, easy to use shopping cart system.

Lack of proper security:
The problem with the paypal shopping cart, is that is has a major flaw. The seller’s email address is publicly displayed in the product form on their website. This makes is easy for spammers to search for paypal product forms, and harvest the email addresses from them. What makes the problem even worse is that the email address are all but guaranteed to be good and used. They are also the same email addresses of active paypal users. This opens these users up to massive spam, and opens them up to phishing attempts of their paypal addresses. Every website that uses the paypal shopping cart, has their paypal email address displayed in the html code of their website.

If you use the paypal cart:
If you use the paypal shopping cart setup a separate email address for your product forms. This way at least you can cut down on some spam to your general email inbox. Otherwise, I would suggest finding a separate shopping cart for your website. It may take a little extra work, but you are the only one that will pay for Paypal’s lack of security.

Fixing the problem:
It wouldn’t take a lot of work for paypal to fix the problem. They would need to integrate a program that stores your email address, and replaces that space in the form with an encrypted code that links a visitor to your account. Are they going to implement something like this? Highly unlikely.

I wish that I could say that Paypal is going to take a proactive approach in resolving this simple problem, but I just cant see them going out of their way for that. Whatever the case, paypal’s system is an example of completely irresponsible programming, and their customer are the ones that are affected by it.

I completely missed this blatant disregard for customer privacy until a commenter on the blog let me know about it. Here is his original press release: http://www.riverpages.com/paypal-spam-risk.html

Online marketing and website production are two very common things that I deal with. Often I come across situations where the dificulty of a task at hand exceeds anyone’s ability or time that works for my company. So, where do you go when you need to get work done, and you dont want to do it yourself. You can hire a freelancer to do it.

Why freelancers are great:
Hiring a freelance programmer / designer / marketer to do work for you can be a great method of getting things done. Most programmers, business owners, and project managers don’t have the time or resources to get everything that they need to get done. By using a freelancer to outsource some work to, you can get a highly professional product, and often at a lower cost than doing it yourself. Freelancers are professionals, sometimes with degrees, that can get just about anything done, and always at a good price. You can always have your local web deisnger, or design firm do something for you, but it normally comes at a higher price than a freelancer.

Where to hire freelancers:
There are a variety of freelance marketplaces on the internet where you can posts your specific project, and receive bids from the thousands of freelancers that watch those website’s. Freelance marketplaces work much like ebay. You post your project with specific details, a price range, and a deadline for completion of the project. A freelancer will see your project and bid on it if they have the skills to complete it, and the price is in their range for the specific work that needs to be done. When their work is complete, you pay them the agreed upon fee, and they deliver to you the finished product. After the entire transaction is complete, you rate your experience with the freelancer and they rate you as a buyer.

Just about any project imanigable can be outsourced at a freelance marketplace. Anything from search engine optimization, a basic or complex complete website, ecommerce design, graphic design, traditional marketing and advertising, advanced programming, if you can think of something, it can proably be outsourced.

About the prices:
Since you are receiving bids on your project from multiple providers, the price on your project is very fair. There is feirce competition for projects between freelancers which helps drive down the price. Prices on freelance marketplaces tend to be very reasonable. But, quality work always demands a fair price. You should be wary of providers with low or no feedback, or if their price is substancially lower than everyone else’s.

Keep in mind that while prices are low, nothing comes free. Highly complex projects are very expensive no matter who does them. Also keep in mind that if you are trying to integrate your website, or ecommerce system across to another platform, it will be expensive. Same thing goes for any type of ‘web services’ or advanced XML / SOAP / AJAX / CUSTOM DATABASE / API integration and managerment etc.

Freelance Marketplaces:
http://www.getafreelancer.com (recommended)
http://www.rentacoder.com (recommended)
http://www.elance.com
http://www.scriptlance.com
http://www.codelance.com
http://www.freelancersdirect.com
http://www.thecentralmall.com/index.html
http://www.scriptjobs.com
http://www.radlance.com
http://www.smartbids.co.uk
http://www.nasnap.com
http://www.looksurf.com
http://www.ecknowledge.com
http://www.contractedwork.com

Original Article

Here is a very significant story regarding banks making consumers liable for fraud if the cause was their own computer. While I think that businesses would appreciate any removal of liability on their behalf, I think it is presumptuous to assume that the average consumer has the time or resources to ensure that their computer is secure.

“HSBC has already been considering it,” Murtagh said. “There is the potential that the banks will go back to the consumer and say, ‘We’ve offered you good practice guidelines online and 12 months free antivirus. If you don’t [make use of these] we refuse to pay out.'”

If something like this occurs in the UK, I think that it could become the standard. Considering that banks are planning on offering free subscriptions to anti-virus and anti-spyware software, it seems that these consumers have no excuse.

I have stumbled upon several sites that sell equipment and supplies designed to steal people’s credit card information. These products are normally small stand-alone portable magnetic card readers that store credit card information. These readers are battery powered, and some can store the information from thousands of credit cards.

A brief overview of skimming:
Credit card skimming is when a person records the information on a credit or debit card without the owner knowing about it with the intention of using that credit card information illegally. Skimming most commonly occurs in restaurants, where the card owner looses contact with the card and a purchase is made. It takes about two seconds to scan a card through a portable reader, and the reader records all of the information on the credit card. Portable card readers are small enough that someone could easily conceal one in the pocket, sleeve, and even in their hand. Occasionally thieves will setup more complex skimming devices at ATM machines, or gas stations, but restaurants are statistically the highest risk for skimming.

What bothers me about these devices in general is that they carry almost no logical, legal purpose, and they are still sold as if they do. There is virtually no practical use for portable card scanners that record the credit card information. Portable magnetic readers like this, depending on how complex, can read not only credit cards, but drivers licenses and any other card that uses a standard magnetic stripe. It is a direct Visa and Mastercard violation (PCI / SDP Regulation) to store any track date, so there is literally no legal use for these devices.

What is on your magnetic stripe:
Magnetic strips on credit cards are actually made up of three strips that contain information. These strips, called tracks, contain all of the information needed for a business to process your credit card through their merchant account. Credit cards normally have information stored on track 1 and 2, and this information contains the card holders name, account number, expiration date, and an encrypted PIN number.

Skimming control:
The government and media have been looking closely at credit card fraud, including the skimming that is done with portable readers like these. But, there hasn’t been any significant laws or legislation placed against actual devices that are created only for the purpose of recording magnetic strips. It is illegal in some states to posses portable card reading devices, but there’s nothing stopping the website’s from selling to people in those states. Website’s that sell these devices enable anyone to order a personal skimming device, without any clarification of their intended use. Portable skimmers can cost as little as a few hundred dollars, and can go up to about a thousand dollars for a high-end reader. There is also a guide located at http://camelspit.org/handyswipe/ that explains how to make low-cost portable card reader.

Once card information has been obtained there are a few options that the thief has. They can attempt to make counterfeit credit cards, sell the credit card numbers, or attempt to make purchases for merchandise online. Often the card numbers are sold to persons with the capabilities to make counterfeit cards. This equipment, which can also be easily purchased, can make a believable replica of a real credit card with the magnetic information from a stolen card can be encoded on it. That card can be used just like a normal credit card. Since only a small percentage of businesses actually check customer Id’s it is very easy for a thief to make purchases with the fake card. Thieves will also commonly try to make online purchases, but the success of this is greatly reduced with the use of Card Verification Codes, since this information is not encoded on the magnetic stripe.

Why should business care about this:
Besides the obvious negatives regarding fraud in general, it is businesses who lose the most from credit card skimming. A card holder has no liability for purchases made fraudulently on their credit card, therefore all liability falls in the hands of the business that accepted that skimmed credit card. A business cannot win a chargeback due to a fraudulent transaction, even if the card was swiped and the receipt was signed. For this reason, businesses need to check the Id of the card holder, and check the signature on the back of the card against the Id. Online businesses need to use card verification, and should always require AVS.

Website’s that sell equipment that could be used to steal credit cards:
http://www.tyner.com/magnetic/compare.htm
http://www.incodenet.com/magnetic/miniport-comparison.htm
http://www.hackershomepage.com/
http://bcdata.com/portablemsr.html
http://www.mag-stripe.com/portable.htm

Conveniently Coincidentally, many of these sites that sell portable card readers, also sell equipment used to make counterfeit credit cards.

Where to report fraud:
If you think that you credit card has been stolen, immediately contact your credit card issuer. They will cancel your current card, send you a new one, and stop any further transactions that may be fraudulent. Also check your credit card and/or bank account statements for signs that of unauthorized use of your account.

If you feel that your identity may have been stolen, contact the three major credit bureaus. Request a fraud alert be placed on your credit file, asking creditors to request your permission by phone before any new accounts are opened.
Equifax – (800) 525 6285 – http://www.equifax.com
Transunion – (800) 680 7289 – http://www.transunion.com
Experian – (888) 397 3742 – http://www.experian.com/

You can also report credit card fraud to the FTC, but it is rare that any formal investigation would take place unless your fraud is part of a larger group of similar frauds.
FTC – (877) 438 4338 – http://www.ftc.gov/

If your credit card, wallet, or purse was stolen, you should file a police report with a local police department as well as cancel your current credit cards.

Additional information related to credit card skimming:
Bankrate – On the dark side of credit card fraud
ICMA – Hypercom Launches Attack on Credit Card Skimming
Microsoft – What to do if you’re a victim of credit card fraud
Transaction World – Credit Card Skimming Growing Trend or Media Hype?

**Disclaimer, there is no implication to any website listed as to whether they do sell equipment to thieves, only that the equipment that they sell could potentially be used for credit card skimming.**

Other blog posts related to skimming:
Fraud Alert: Credit card skimming

When I hear the word ebook, I normally cringe with the thought of thousands of worthless, poorly written, scams that don’t deserve the bandwidth that it takes to download them. I was asked to review an e-publication created by a company called MindValley. The publication called “40 Ecommerce Tactics” is essentially a guide to successfully operating, and marketing a website. MindValley authors are made up of professionals with different ecommerce related backgrounds, and include an Ebay senior executive, Microsoft web developer, and numerous other web professionals. 40 Ecommerce Tactics is written by professionals that have been directly involved in every aspect of running an online business. That direct involvement is apparent in each writer’s knowledge and expertise throughout the guide.

40 Ecommerce Tactics is a very thorough guide to operating and marketing an ecommerce website. The guide is organized in a way that the reader can skip to whichever chapter they are interested in, if they don’t want to read the entire guide start to finish. The guide itself is over three hundred pages long, but these three hundred pages are completely void of filler content. The guide is clearly written and edited, and the only thing that stopped me from reading it all the way through was my own lack of time.

Topics Covered:

• Product creation
• Setting up a website
• Email marketing
• Pay per click (PPC) advertising
• Increasing customer conversion
• Closing a sale on a website
• Untapped marketing channels
• and the Overall growing of a business

Each topic contains a series of sub-chapters which cover the detailed areas within each topic. Everything from usability, search engine optimization, alternative marketing strategies, writing copy that sells, web analytics programs and anything else that is necessary for a website to be successful is covered in detail in the guide. Specific examples and recommendations are also linked throughout the guide, which can help to give real uses of the ideas covered in the guide. The guide is complete enough, that I would be comfortable saying that it is the only resource someone would need to jump, successfully, into ecommerce.

Unlike many other guides out there, 40 Ecommerce Tactics actually guides the reader. One thing that I really like about it is that it tells the reader exactly what works, what doesn’t, what to do, and how to do it. This is especially important as many less-savvy website owners struggle with actually figuring out how to implement much of the advice that is out there.

This guide is very successful in its purpose of providing the reader with the foundations for a successful ecommerce website. In this age, just about any information needed can be found on the internet. What the guide does that sets it apart from any other resource like it, is that is puts everything needed together in a easy to read, and very accurate guide. The guide completely avoids filler content, and although long, doesn’t contain any unnecessary information. The reason that the guide is long, is that it is thorough, and there is simply that much important information. The only improvement that I can think of, would be the ability to download the entire guide as a single file. The information in this guide would take the average website owner years to find on their own.

The Most Benefit:
I highly recommend this guide to website owners and entrepreneurs that are just getting into ecommerce. This guide although not free, will easily save you the money it costs, in time you would otherwise spend over the years figuring all of this out on your own. It will unquestionably give a new website a huge jump-start.

What you get when you purchase the guide:

• 40 Ecommerce Tactics Guide
• Lifetime access to the guide, including future updates
• 90 Day risk free, money back guarantee
• A best ecommerce guide book, money back guarantee
• A 1 hour consulting for your website with a MindValley professional

Conclusion:
This is a great guide for anyone in the ecommerce field. I’m not being paid to write this. I have no affiliation with Mind Valley in any way. I highly recommend this guide as a jump-start to making a well planned, successful website. In truth, this guide probably could have saved me a solid year of research time, if I had it when I entered into ecommerce.

Download the 7 free tactics and see for yourself.

Selling merchant accounts can be a very profitable venture. Selling merchant accounts is not an easy task by any means. It takes hours of work, a strong knowledge of the payment processing industry, dedication, and the ability to be told ‘NO’ many times and still keeping at it.

Selling merchant accounts is often first done successfully as a part time job, because it takes a long time to build up a residual stream large enough to live off of. In truth, more that 50% of all people that start out to sell merchant accounts, never make it, and maybe 10% are profitable enough to stick with it. Once a person has found the ability to sell merchant accounts, they can make a very good living from it.

How much can be made:
Statistically, an average merchant account will give a sales agent about $30 per month in residual income. If that sales agent can sign 10 accounts per month, they will be making $3600 per month at the end of the first year, or $36,000 per year. At the end of the second year, $72,000 per year, and at the end of the third year, $108,000 per year.

$108,000 per year is a very decent salary. As long as the agent keeps signing accounts, their income will keep growing. But, 10 accounts per month is not an easy task especially for someone new to the merchant services industry. Also, over time attrition shows up and the average number of accounts a person can setup goes down.

A simple overview of how a merchant account sales agent works:
A sales agent signs a contract with an ISO (Independent Service Operator) who is registered with Visa and MasterCard. The agent signs up businesses for merchant accounts, and the ISO provides the business with the merchant account, technical support, and some customer support depending on what the agent is capable of themselves. The ISO splits any processing fees with the sales agent above their cost. The more a business processes credit cards, the more the ISO and agent make.

Common pitfalls of selling merchant accounts:

1. High Pressure Sales: While the merchant services industry has cleaned up a lot in the past five years, there are still many ISO’s that use high pressure sales, and other ‘gray area’ tactics to gain more business. These ISO’s are becoming extinct and simply are not doing good business. Watch the movie ‘boiler room’. If the ISO acts similar to the company in that movie, stay away. Find an ISO with a good reputation that is willing to work to meet your needs.
2. Not signing a contract: If a sales agent doesn’t sign a legal contract with the ISO, they are at the risk of getting their income cut off with no recourse. Always make sure to sign and agree on a contract with an ISO before sending them a single account.
3. Free Terminals: Free terminal programs often sound like the instant fix to selling merchant accounts, but they aren’t. Free terminal programs are OK for signing existing businesses, but they often come with many strings, and can cost an agent a lot of money if things don’t go as planned.
4. Upfront Cash Programs: Upfront cash programs can be a great way to get some instant return on a merchant account. But, like free terminal programs, make sure you understand the conditions of getting the upfront cash. Normally you are exchanging upfront money for future residuals.
5. Price Wars: One of the biggest mistakes an agent or ISO can make is getting into price wars with other companies. The problem is that by getting into a bidding war the service quality is devalued. Agents should set a competitive price, and should hold steady at that price. While it may be necessary to lower the price for an occasional larger business, constantly getting into the lowest price game gets nothing but customers that will leave as soon as another lower price comes along. Agents should provide personal service to their customers making a value that far exceeds any price.
6. Going after the big fish: Naturally, most new sales agents think that the bigger the business, the more that can be made from them. While the idea is on track, the execution never plays out like that. In truth, the larger the business, the lower the margin above cost, making it much more difficult to make any profit. Large businesses shop fiercely, and most often have the lowest margins to make any profit from. While a businesses that processes $20,000 per month, may make an agent $30 per month, a business that processes $5,000,000 per month may only make the agent $2 – $3 per month. This combined with the huge amount of work and trust needed to sign a large company makes it un-profitable and generally a waste of time for most independent agents.

If you’re interested in learning more about becoming an independent sales agent, we invite you to take a look at our merchant account sales program. We offer a program with a variety or upfront and residual options, as well as wholesale pricing on equipment and ancillary services.

The July 1st deadline for credit card truncation has come. Now, any businesses that isn’t properly truncating their credit card receipts is standing to lose a lot of money, and can have their merchant account shut down.

A word to business owners:
Now, it is my belief that most businesses that aren’t truncating right now, are probably not going to find this website. But, one of the most often questions that I am asked, is how to report a business that is not truncating.

If you don’t think that your customers notice or care that you are not truncating, you are dead wrong.

Again, the penalties:
1st Violation – $5,000
2nd Violation – $10,000
3rd Violation – $25,000
4th Violation – $50,000
Willful or Egregious Violation – $500,000/month

Everyone has had a long time to get the problem fixed, and truncating receipts has been an active topic in the news for the past two years. Get it fixed, if you aren’t doing it. Its just not worth the money or the potential loss.

Google Checkout is finally released.

You can sign-up at: https://checkout.google.com/

As expected, it is only for US businesses right now. I would expect that some other select countries will be joining the list shortly.

Google payments is the talk of ecommerce and yesterday google let out a little about their pricing.

It looks like google is going to be charging a fee of 2.2% and a transaction fee of $.30 per transaction. This is more expensive than paypal for higher volume businesses, but is about the same as paypal for smaller businesses. Additionally google has stated that they may be discounting customers that participate in their adwords program.

What google is going to be lacking is the single thing that has made paypal so popular, Ebay. While google is the only company that I think would have a chance going against paypal with a new service, they don’t have the current 100 million current customers that paypal has. They also don’t have Ebay, and google base which is their ebay competitor isn’t going anywhere very quickly. It is going to take a long time to lure even a fraction of Paypal’s user base despite paypal’s very poor customer service history. I think google is going o have to find a new use to get a running start against paypal.

Maybe they can buy craigslist…

Seth Godin posted a great blog today referring to how something that appears to be free isn’t always without strings.

This reminded me of the free credit card terminal programs that are going on now. These programs have been catching the attention of businesses and reselling agents across the country for a little over a year now. Now, like the situation in Seth’s blog, these programs always come with strings, for both the business that receive the terminal, and for the agent that the business signs with.

Free terminal programs are not for ownership of the terminal, they are more of a free rental. The business that gets the terminal, does not own it.

Business Owners:
Business owners can expect a hefty early termination fee, and are required to return the terminal in perfect condition if they ever close their account. If the terminal is not returned or is returned damaged, the provider automatically takes the money out of their bank account. The programs almost always come with yearly fees, that are unnecessary almost everywhere else. Also, the merchant account fees that the business pays are always higher than what the business could get in order to cover the cost of the terminal.

Reselling Agents:
Reselling agents stand to lose the most with free terminal programs. At first the idea of giving a free credit card terminal to every customer, sounds great. But, in the even that the business doesn’t return the terminal when they close their account, the cost of that terminal can fall back on the agent. I recently surveyed about 50 reselling agents, and not one of them said that they would be willing to take on the risk of having to pay for an un-returned credit card terminal. How many agents would like a nice $400 deduction from their monthly residuals, because one of their accounts closed and didn’t return their terminal?

The point is that it is rare to find something truly free, and Credit card terminals are far from being an exception.