PCI Guy Receives Honor!

The PCI Compliance Guy received an honor from EZINE today as an Expert Author! And this, after only submitting three articles! :) To see some of his amazing work on website security and pci scanning, go to www.pci-compliance.us.

SSL Certificates Don't Protect Your Site From Hackers!

Many people confuse SSL certificates with Payment Card Industry (PCI) approved website security scanning. Because of this misunderstanding, website owners and online consumers are not as safe as they think they are.

SSL Certificates only verify that the website is protecting transactions as they travel from the consumer to the appropriate financial institution. Any of the consumer’s personal information saved on the website’s computer (server) is still at risk of being stolen. The website itself is still at risk of being compromised. To make an analogy for you visual thinkers, think of a train station as your website and then think of a train and train tracks as credit card transactions. An active SSL protects the train and the train tracks, but the train station is still vulnerable to attacks.

PCI approved website security scans check for vulnerabilities on websites that could allow attacks from hackers. These vulnerabilities allow hackers to steal online consumer information. They also allow hackers the opportunity to damage or steal website files and even shut the site down.

Another incorrect belief is that non e-commerce websites are not in danger of outside attacks. Even sites seemingly nothing of monetary value have been compromised when hackers redirect traffic, damage files, or even close down the sites. These websites do not need an SSL certificate, but they do need PCI approved vulnerability scanning.

Trust Guard, the leader in website security and verification, performs PCI approved website security scans. According to current statistics, 73% of websites that are scanned by Trust Guard fail their initial scan, according to its president David Brandley. This includes sites that had been previously scanned by other scanning companies. The difference is that Trust Guard scans for twice as many vulnerabilities as their closest competitor.

“Honestly, I was surprised when I found out that almost three out of four websites aren’t safe from outside attacks!” confesses Brandley. “I knew that there were issues with website security, but the problem is worse than I thought it was.”

Once website owners understand that their SSL Certificate does not protect their site from hackers, and therefore purchase scanning services, the next step is to let online consumers visiting their site to know that their site is scanned for vulnerabilities against hackers.

Trust-Guard.com is a division of Global Marketing Strategies. As well as PCI website security scanning, Trust Guard currently provides website Security Scanned Seals. The seal provides peace of mind for online consumers, who know that the website safely transfers their private information, that the site is consistently scanned for vulnerabilities, and that the business will be accessible to them should problems arise.

Tests show that online consumers are more prone to purchase products and services more often from websites that display Trust Guard seals. This is because the shopper feels safe, secure, and confident in the company. To learn more about how website owners can turn more of their online visitors into valued customers with trust seals, please visit www.go.Trust.Guard.com.

Hey, Mr. Gullible, Stop Sharing Your Password!

In our never-ending attempt to keep our offline businesses and online websites free of inside and outside attacks, we must never lose sight of the benefits associated with effective passwords.

Sure, anti-viruses protect computers before they go online, and once online, SSL certificates serve their purpose. Security scanning and verification services such as Trust Guard not only keep hackers away, but also let online know sites are safe by displaying trust seals. However, effective passwords will protect most areas that online hackers and office troublemakers want to infiltrate.

Much of the “hacking” that is going on in the business world today is from people that work in the same office! The all-too-common statement: “Hey buddy, I need that file, what’s your password?” is penetrating the once-protected personal and professional documents of the gullible and trusting.

The Payment Card Industry (PCI) requires that website owners assign a unique ID to each person with computer access, then requests that they set a private password. As with any computer action, knowing who is accountable is critical when it comes to handling credit card transactions. And how can you know who is responsible if you’re sharing passwords? For more on PCI compliance requirements and the PCI’s Data Security Standard (DSS), visit www.pci-compliance.us.

The act of sharing passwords has gotten more people in more legal and financial problems than any other business issue. If an important file or folder is taken, using your password, how will you show that you didn’t take it? If something is done wrong by someone else, like compromising a document, or transferring accounts comprised of financial or monetary data, and it is done with your password, it is extremely difficult to prove that you were not involved.

Keep your password safe. Whether it is locked up in a physical or online safe, in a personal binder that never leaves you, or in your head, you should keep your password in an environment where others won’t be able to locate it.

In addition to making an individualized password and keeping it private, you should make it at least seven characters long. Shorter passwords are easy to steal from passersby. It should contain upper and lower case letters, numerals, and special characters. The more you mix up the password’s numbers, letters, and special characters, the better. One of the numbers or special characters should be in the second through sixth position (not first or last).

Change your password often – no matter how safe you think it is, and make it significantly different from prior passwords. I had a boss once who told me that he had the same password every month, but only changed the last numbers of it to reflect which month it was. I think “tootrusting11” was the password he used for November! I do not recommend using his system.

Do not use a common name or a common word as a password, and refrain from using your own name or username. Spouse, children, and pet names are also ineffective. Thousands of documents have been stolen or compromised by passwords like “password”, “business”, and “Ultimate Frisbee”. Wrongdoers have guessed passwords including the company’s name or industry – and surprisingly, their guess was right.

In short, along with keeping your website’s SSL active and performing PCI scans through Trust Guard, you should create unique passwords, change them often, and keep them private. Stop being Mr. Gullible.

Harold the Hacked is Becoming a Rock Star!

Similar to how you use an anti-virus program on your laptop or desktop like Norton, you need to use company like Trust Guard to run a vulnerability scan to keep you safe from hackers!

To read the article on Google about Harold the Hacked, go HERE.

Currently Trust Guard scans for over 30,000 vulnerabilities - more than double the vulnerabilities scanned by their closest competitor! The Payment Card Industry (PCI) requires that websites perform vulnerability scanning on a routine basis.




To read the entire article about Harold's first adventure - when his website was hacked into, click here.

Keeping Effective Passwords is an Essential Business Practice

How many of you have had your computer or website hacked into?

How many of you had passwords at the time you were hacked into that included your birth date, name, or favorite football team?

I know, we've all been there. We think it really doesn't matter until - BOOM! A break in! Why would they do that? I am just one of the little guys! Not a big company like Network Solutions who had over 500,000 credit card numbers compromised.

Well, if you want all the tips for protecting your website with effective passwords, visit the following link: EFFECTIVE PASSWORDS.

Don't make me say "I told you so" after you get hacked into from having easily accessible passwords. Take these easy steps now to save yourself from grief later on.

Online Consumers - Listen Up!

Are you tired of looking at websites that you have never seen before and wondering:

- Is this site safe from Hackers?
- Will I get 50 unwanted emails tomorrow?
- Who are these people? Can I trust them?
- Are they going to store my credit card information on their server?
- Where is this business located?
- If I had problems, could I get a hold of them?

I have one answer for all your concerns:

LOOK FOR TRUST GUARD SCANNING AND VERIFICATION SEALS!

If the website you're on displays all of their scanning and verification seals, you can be assured that it is scanned to be safe from Hackers, you can reach them if you need to, and that they have a privacy policy. If they don't use Trust Guard, send them an email discussing your concerns and suggest to them that displaying third party trust seals help online consumers feel confident - which encourages them to purchase more products and services more often!