SiteProPlus.com

SiteProPlus.com – Turnkey website and marketing solutions for small businesses

Archive for October, 2010

Our New Payment Security Policies

with 133 comments

Having acquired the SiteProPlus.com business, we were rather appalled at the poor security the previous owners implemented on the system and decided to rectify this immediately.

Here was the situation under the  previous owners (Click on the image at the bottom of this post to see a screenshot).

  1. All employees past and current who had access to the system admin were able to view all credit card information (this was not encrypted) including the 3 digit CVV number of all clients.  In addition the offshore software company they outsourced the software design to could have easily accessed the server, exported the database and had the credit card information for all customers which can be easily sold to buyers that print fraudulent credit cards.
  2. They never implemented encryption so the text was viewed by everybody including temporary employees and freelancers who had access t the administration system.  All details could have been easily exported.
  3. They never had any policy on who was restricted to access this information.  Properly setup the credit card details would have been encrypted and not be viewable in clear text by any employees including the staff itself.
  4. When customers entered their credit card information from their customer control panel, the input of this information was not encrypted using the https secure protocol.  It was transported as clear text which would allow even elementary hackers to steal sensitive information.
  5. CAUTION:  Please make sure that no payments from SiteProPlus LLC appear on your credit card.  If so this is a fraudulent transaction executed by them and a chargeback is necessary.

Here are the steps we have done to ensure the security of our client payment data:

  1. We have removed all credit card data from the server for ALL clients effective October 28th.
  2. We are implementing an online payment solution that accepts credit cards.  Paypal, as one of the largest payment processors in the world owned by Ebay.com,  is our preferred payment processor due to their advanced security protocols and customer protection policies.  For details on their policies click here.  This ensures that nobody in our company will EVER have access to your credit card details.  We will never accept our customer’s credit card information via telephone or online directly.  Using a 3rd party e-wallet solution like Paypal is the most secure method of making a payment transaction.

Here are a few important points on using Paypal:

  1. Currently we are implementing Paypal’s subscription payments to bill clients.  This will charge clients automatically each month or year depending upon the billing cycle.  This subscription can be canceled at anytime if you send an email to us at support@siteproplus.com or you can do it yourself from the Profiles tab of your Paypal account.
  2. You do not need a Paypal account to use Paypal.  Paypal accepts Mastercard, Visa, Amex and Discover.   When you receive your invoice by email click on the payment link which will direct you to the Paypal payment page.  From there you simply locate the link in the middle of the web form where it says  “No PayPal account? Pay using your credit or debit card“. See screen shot below where I hilite the text, it’s a bit hard to find.

Here’s how we do our colleciton

  1. All invoices will now be sent by email.  You do not need to go to your site’s admin panel and enter your credit card  information.  Invoices will be sent out 2-4 days before the end of your current billing cycle.
  2. All invoice emails will indicate the previous amount received, the date that payment was received and the expiration date of the current billing cycle (that is due to expire).  When you click on the link you will see a page that says “Web Venture Asia Inc.” at the very top.
  3. At this point you will need to setup the subscription as described above.  Paypal will provide you with a confirmation as well.
  4. Once payment is received by SiteProPlus, a confirmation receipt will be sent to you by email acknowledging the transaction.  In the receipt the subscription ID# for the Paypal subscription, the amount received and the expiration date on the new billing cycle will be indicated.  Please keep this for your records.

Our payment policy for expired accounts:

  1. Customers that are not paid up by the end of the expiration date will be given a grace period of 14 days where the site will still be active.  In this period we will first email you a reminder, then attempt to phone you personally to notify you.  At that point if we are unable to contact you we will block the site for a period of 1 month.  During this time the site will not be accessible and a “Contact SiteProPlus page will be displayed”.  If we are still unable to contact you at this point we will remove the files from our server and let the domain name registration expire (at this point the site will be nearly 2 months overdue) as we will assume the client does not want to continue with the account.

If you have any questions on this post please contact us at the information located on our website.

Information has been removed.

Written by admin

October 30th, 2010 at 5:57 am