What can you do to protect your e-commerce site from fraud?
Forget about the dotcom bust-e-commerce is actually looking pretty healthy these days. Entrepreneurs who are either starting their own e-commerce projects or looking to add e-commerce capabilities to an existing site will have to deal with accepting credit cards. But online shoppers are warier than ever about security, and business owners should be, too. In 2002, 45 percent of fraud complaints made to the FTC were Internet related. Online auctions are the most notorious source of fraud, but credit and debit card fraud take up their share.
When Justin Souter, co-founder of personal Web-publishing service InkNoise Inc., set up an e-commerce solution, he made sure it was secure. "It was pretty straightforward. The hardest part is to understand what all the pieces are and how they interrelate," he says. Some entrepreneurs will choose to let someone else handle their credit card transactions. Services like Yahoo! Stores do the work for you. Just be sure your provider is reputable and has secure credit card technologies built in.
Souter, 40, wasn't satisfied with the looks and user experiences offered elsewhere, so he decided to tackle e-commerce for his Sherman Oaks, California-based company in-house. Research is the key for entrepreneurs looking for a good services match. InkNoise settled on using online bank National InterBank Banking Centerfor its business account, Charge.com for processing, and GeoTrustfor its Secure Socket Layer (SSL) certificate. That last step is important: SSL is what encrypts and secures the sensitive data sent from your customers to you.
For Souter, who's also a founder of Web site development and content management company Art+ Logic Interactive, setting up InkNoise for secure e-commerce wasn't a major deal. But for less IT-savvy entrepreneurs, he recommends bringing in someone who's familiar with coding and setting up servers to handle the task. -A.C.K.
Protecting companies against hackers and other security threats is big business for entrepreneurs like this one.
Conqwest Inc.'s technical expertise is tested on an almost daily basis. A specialist in fighting viruses and spam, the firm distributes computer security alerts to more than 2,000 subscribers. Conqwest founder and CEO Michelle Drolet, 42, thrives on the busy pace at the Holliston, Massachusetts, firm. When interviewed in late January 2004, she was busy assessing how her clients' defenses stood up against MyDoom, then considered the fastest-spreading virus to date.
Conqwest customer Gary L. Lee, director of global IT infrastructure at $2 billion health-care equipment provider PerkinElmer in Wellesley, Massachusetts, says one of Conqwest's key strengths is its proactive approach to security. To wit: Conqwest began testing anti-spam technologies more than two years ago, long before the issue was the headline grabber it is today.
"Michelle really takes a lot of the weight off my shoulders, if you will, by staying more on top of things in the security marketplace than I could," Lee says. "I think [the Conqwest team] actually believes that their first objective is to do right by customers. And that, in fact, does lead to happy customers."
Conqwest, which will have its fifth birthday in its current incarnation this month, is growing at a pace of 35 per-cent year-over-year and maintains 420 to 450 active customers. Drolet won't disclose exact sales figures for the fiscal year ended March 31, 2004, except to say revenue will be between $5 million and $10 million. Conqwest employs 12 full-time staffers and works with another eight to 10 contract engineers. To extend its sales reach, the self-funded firm provides security services for customers of other local IT consultants. Conqwest also donated more than 400 hours last year in security training and other community service.
Drolet suggests that smaller companies with fewer than 20 employees can expect to pay a security consultant $1,500 to $2,000 for an assessment, and another $1,000 to $1,500 for a firewall. It will cost another few hundred dollars per month to keep the firewall updated with the latest antivirus software. "You need to look at everything once a year," Drolet says. "We talk about getting secure; we also talk about staying secure." -H.C.
1. Make sure there's top-down support. Installing security technology won't work unless it has the support of your top managers, who can ensure it's a priority throughout the company.
2. Remember it's a continual process. Just because you're safe today doesn't mean you'll be safe tomorrow. It's wise to invest in a schedule of ongoing maintenance and management of security processes.
3. Get references, then take a chance. Because IT security is still relatively new, many companies selling security products aren't yet household names. Make sure to do your due diligence before opting for an unknown, even though these vendors are selling some of the most innovative solutions this year. -H.C.