When to Require Proof that a Shopper is Human

Posted on April 24, 2012, 2:50 pm, by David Hills and received No Comments ».

Are we human or are we dancer?

My sign is vital, my hands are cold

And I’m on my knees looking for the answer

Are we human or are we dancer?

–        From the song “Human” by the Killers

You may not know what a CAPTCHA is or what the acronym stands for, but you’ve used it if you’ve ever had to view an image of some text and then type it into a form.  Usually, it is required before submitting a comment, sending a message, or registering for a site.  CAPTCHA is used to prove you are a human and not a program/robot (bot) trying to send spam or register malicious accounts to send or post spam.

Many people hate CAPTCHAs.  At best it is an annoyance and at worst it prevents legitimate users from accessing your site due to the increased complexity of deciphering the text in an image.  There are sites that tell you Why you should never use a CAPTCHA.  I, however, can think of at least one scenario where CAPTCHA is very useful.

Recently, we had a merchant report that his payment gateway was going to terminate his service unless he stopped inundating it with bad credit card submissions.  Apparently, a bot was constantly feeding credit cards to his checkout in hopes of finding one that worked.  CAPTCHA can prevent bots from submitting credit card numbers as in the example above.  However, CAPTCHA may also drive away your legitimate customers by distracting them from paying with images to decipher.

Fortunately, the ShopSite shopping cart allows the merchant to specify that a CAPTCHA is to be displayed only after a certain number of failed attempts.  In ShopSite, go to Commerce Setup, then Payment Setup.  At the bottom of the screen, enable the Human Validation feature and indicate the number of failures before the CAPTCHA is activated.  This allows legitimate “human” shoppers to have several attempts to input a valid credit card before CAPTCHA is displayed.

Unfortunately, there is no perfect solution for stopping all bots.  But in this case, CAPTCHA is a perfectly viable solution.

 

Protect Your Email Passwords

Posted on February 17, 2012, 1:34 pm, by David Hills and received No Comments ».

Recently I went on a cruise with my wife and her siblings and had a great time.  Near the end of the cruise, one of her sisters mentioned that their e-mail account had been hacked.  Being in the computer industry, this announcement caught my interest and I attempted to learn how this had happened.  Apparently, just before she left their hotel to board the ship, she checked her e-mail from a public computer.  Two days later, while in the middle of the cruise and not reachable via cell phone or e-mail, this message was sent from her account:

Subject:            I need your help
Hi,
   Sorry to disturb with this email but I’m out of the country in Madrid Spain and I found myself in a
situation which I really need to take care of now. Can I get a loan of $1000? I will explain better and
refund the money to you immediately I get back. Please email back as soon as you get this and please
keep this between us.
 Thanks,

Apparently, some keylogging spyware was on the hotel’s public computer, which then relayed the login info to another party.  They then logged in as her and immediately changed her password, then sent the above e-mail to all of her contacts.  Not only was someone now impersonating her and asking for money, but she was also locked out of her own e-mail account!

Those of us that are savvy would never use a public computer to log into any account with our regular password.  It is just too risky.  It would be like entering your PIN at an ATM machine while strangers looked over your shoulder!

With the proliferation of cellphones and personal tablet computers, you should only use your own devices to log on to any system.  The frustrating part of what happened to her was that she could have used the public computer if she had registered her mobile number with Hotmail.  Hotmail has a sign on option to text you a one-time password for use in precisely this kind of situation.  In fact, all major e-mail providers have security options that take advantage of cell phones.

I used to think that the e-mail accounts that I occasionally use did not need super secure passwords and alternate security mechanisms set up.  But that naïve thought was removed when it was pointed out that when you forget a password to, say, your backing account, you can click the link to send a temporary password to the e-mail account they have on file.  If that e-mail account is compromised, someone else can now get into other accounts.

And what is your backup for your e-mail account password?  Often it is sending the temporary password to yet another (less secure perhaps) e-mail account!  So take the few minutes it takes to set up your accounts with more security.  It is much better to do this than trying to recover a hacked account or your reputation.  And whether you are logging into e-mail, Facebook, or your ShopSite store, only do it from your own trusted devices.

Here are some links for best practices for some of the major accounts that people use:

Hotmail: http://maketecheasier.com/4-best-practices-to-secure-your-hotmail-account/2011/06/07

Gmail: http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-gmail-account-being-hacked/

Yahoo: http://www.ymailblog.com/blog/2011/12/yahoo-introduces-stronger-user-authentication-%E2%80%93-second-sign-in-verification/

Facebook: http://www.itworld.com/it-managementstrategy/239973/how-keep-your-facebook-account-being-hacked-really

As for my sister-in-law, I don’t believe that any of her contacts fell for the scam since 1) anyone that knew about the vacation knew she was going to Cozumel, Mexico (not Madrid, Spain) and 2) this same thing had previously happened with her Facebook account!  Yes, she previously had another account hacked, and one of her relatives did attempt to send money to those posing as her.  Luckily, they were able to cancel the fund transfer before it was too late.

Is It Time For A Google+ Page?

Posted on December 22, 2011, 12:42 pm, by David Hills and received No Comments ».

Recently, Google decided it was time to open up Google+ to business pages.  So, is it time to create and maintain a Google+ business page similar to what you are now doing with your Facebook Fan page?

In October, Google+ crossed 40 million users.  While that is a large number, it is much less than Facebook’s 800 million users.  That being said, Google is growing and with the leading smartphone OS – Android – you can be sure that Google will take advantage of its mobile market share to push Google+ as much as possible.

My impression has been that techie folks, early adopters, and those with privacy concerns use Google+.   Personal experience with social media shows that I have many more friends and way more news feeds on Facebook than on Google+.  Likewise, there is no comparison between the numbers of fans on ShopSite’s Facebook page versus our Google+ page.  Of course, some of this is to be expected, since we have been on Facebook much longer than on Google+.

In addition to my own experience, data from others seems to bear out similar results.  For example, Search Engine Journal reports that most Google+ users are male, ages 24-25, and that tech-savvy places like India are growing in usage.  Of the 40 million users, only 17% were frequent users.

Personally, I don’t think it hurts to have a Google+ business or product page.  You can easily post to it when you post to your Facebook page. (You do have a Facebook page, right?  See Unlike FIFA You Should Use Technology) If you market technology, especially to twenty-something males, Google + becomes another important channel you can use.

Facebook is clearly the 800 pound gorilla.  But, because social networking is so lucrative, you can be sure that Google will keep trying to get a piece of that pie.  Besides Android, Google has many other properties that it will leverage to make Google+ appealing.  You can easily post your Picasa photos to Google+ as well as from your Android smartphone.  No doubt there will be further integrations with Search, YouTube, Chrome, and other properties.  Even if it’s not a replacement for Facebook, Google+ is another useful channel that should not be overlooked.

 

« Older Entries
Newer Entries »
ShopSite Online Shopping Cart Software BlogShopSite Online Shopping Cart Software On YouTubeShopSite Online Shopping Cart Software On TwitterShopSite Online Shopping Cart Software On FacebookQuestions?888-373-4347E-commerce Blog