When processing credit card and other electronic forms of payment over the internet, security is a major concern. A SSL (Secure Socket Layer) certificate enables your website to maintain a secure connection between the user and your website. To access a web page over a secure connection, all you need to do is replace the ‘http://’ with ‘https://’ in the address bar. The extra ‘s’ denotes that you would like the connection to be secure. When a secure connection is established, a small padlock will appear in the lower right corner of the web browser window.

A secure certificate can be obtained in 1 of 2 ways…

Generating your own certificate:
You can generate your own certificate through your web server or web host if they allow it. This method is easy and theoretically perfectly secure, but when you do this, your visitors will be prompted with an ugly error message, as seen in the picture on the right, if they try to access your website through a secure connection.

Buying a certificate from a trusted issuer:
By purchasing a certificate from a trusted issuer, you will eliminate the ugly error message associated with generating your own certificate, but you will also be showing your visitors that you care enough about their security, that you site is secured by a trusted 3rd party organization. When you setup a certificate with a trusted company, they will normally do some sort of business verification to ensure you are who you claim to be. Once approved by the issuer, you will generate a document called a CSR (Certificate Signing Request) with your web server. This document contains pertained information to your business and website, and is encrypted. The issuer will then verify that the encrypted data is correct and matches to the data that they have about your company. Once verified, they will issue a secure certificate, and you can copy and past the encrypted code into the correct file on your web server.

Now when you type https://yourwebsite.com, instead of http://yourwebsite.com, a small lock will appear in the lower right corner of the site indicating the site is secure.

Common Problems:
The most common problems when getting setup with a SSL certificate are not specifying the correct sub domain when your certificate is issued, and having non-secure elements on a web page.

Incorrect Sub Domain:
When you setup your certificate you must specify the exact url the SSL is going to be applied to. https://www.mysite.com is not the same as https://mysite.com. If you setup a SSL certificate for the www version, it will not work for the non-www version, and vice-versa. Make sure you do this right from the start, as most issuers will not give you a second chance if you mess this up.

Non-secure elements on a web page:
Sometimes your certificate is setup and installed, and you get an error message about a page containing insecure items on it. This is normally caused by images or javascript that are linked from a non-secure version of the website.

For images Use:
<img src="./images/thispict.jpg"/>
and not:
<img src="http://www.mysite.com/images.thispict.jpg"/>


The second image will create an error message, because it is not hosted on a secure domain as denoted by the address (http://).

Where to get a SSL Certificate:
SSL certificates vary in price from one trusted issuer to another, even though they do the exact same thing. When you get a SSL from a 3rd party, you are paying for the endorsement of their name as well as the security. A very well trusted organization like Verisign charges more for a secure certificate than a less know issuer. You are also paying for the verification process. The more in depth the verification process, the more expensive the certificate is, and the more trusted the name of the issuer is.

Recommended certificate issuers by price (L to H):
Godaddy SSL: http://www.godaddy.com/gdshop/ssl/ssl.asp
Geotrust: http://www.geotrust.com/
Thwate: http://www.thawte.com/
Verisign: http://www.verisign.com/

Free Credit Card Terminal Merchant Accounts

The big craze in the merchant account industry is the new free credit card machine offers that many providers are offering.

About 20 years ago up until about 6 years ago, free credit card terminals were a fairly common practice in the payment processing industry. It was standard for banks and merchant service providers to offer a Tranz 330 or Zon Jr. to their customers, especially for the larger ones. Until last year, the free credit card terminal offers had all but disappeared. Brought back again in full force by a company called United BankCard, the free terminal offers have become very popular over the past year. Many merchant service providers have followed suite and are now offering free terminals to their new customers.

(more…)

The blog has been redesigned. It is plain, but very clean and it now utilizes the whole page. I am hoping to post more in the coming months. I have been so busy that the blog has been neglected a bit. Things should smooth out in a couple of weeks.

In the meantime, let me know any topics that you would like to see here.

Building a proper website is the foundation of any ecommerce business. Failure in creating a proper website can guaranty the failure of the online business itself.

There are several options for creating a website. Depending on how new the business owner is to web programming, and the planned budget, the options are either creating a website personally, or outsource your ecommerce website.

View the entire, Guide to setting up an ecommerce website.

Often overlooked, gift cards are one of the most effective customer retention and marketing methods available to businesses.

There are 2 types of commonly used gift cards. The first is the Visa or MasterCard branded gift cards that work just like a credit or debit card. While convenient, these gift cards don’t offer much benefit to most businesses. The second type of gift card is a proprietary self branded gift card, that is essentially an electronic gift certificate. These gift cards also work just like a standard credit or debit card, but are limited to being spent at your own company. For many businesses, these are one of the most effective customer retention and marketing mediums available.

(more…)

Hospital ID theft: How to protect yourself – The Red Tape Chronicles – MSNBC.com

Identity theft is a huge risk in the credit card industry but the credit card industry is by no means the only target for identity theft.

Smart Cards looked like they were going to be the next big thing for credit card processing, for about 30 seconds.

A smart card is a small microchip that is implanted in a plastic card or a credit card. It is able to store a large amount of information in a very small space, and is not affected by magnetic fields, weather or really anything. Smart cards also have encryption capabilities that a magnetic strip could never have.

So, why aren’t Smart Cards more popular?

(more…)

We just published an area devoted to information about credit card machines on the Merchant Store website. I will be putting up answers to general question about credit card machines there, and there are already some great pages geared toward people who are new to the processing industry.

Information about credit card processing equipment.

ATM FEE FOR GETTING NOTHING

I had never heard of this charge before. It doesn’t come as a surprise, as banks now make more from fees than they do from interest. Just another way to add money to the bottom line at the expense of their customers.

MSN Money – How to dispute a credit card purchase

Here is a great article about the responsible way to dispute a credit card charge. Many consumers don’t know that if they make a chargeback, the merchant will most likely have to pay a considerable fee just as a result of them charging it back. A responsible merchant would try to right their customer as best they can.

I have long thought that consumers should have some negative action against them if they charge back merchandise and lose. This would help to stop the few free-loaders who abuse the credit card system to get free stuff at the expense of the merchant.