Category Archives: Security

Choosing the best video player for your project

When incorporating video on your website, it is essential to choose the best video player for your website and your content. Your video player should have a quick loading time, offer HD quality and should inspire users to take action. If you choose an optimal video player then users will be more likely to share your content as well as click on ads. ?According to a Kaltura White Paper, when choosing the best video platform it is important to ensure your video player has these key components:

Quick Loading Time: If your video takes a long time to load you will lose viewers and people won?t stay to watch your entire video. According to the Kaltura White Paper, after two seconds people lose patience and anything past that time increases abandonment rate.

Responsive Videos: The world has become highly technical and a majority of society uses smart phones, tablets, and many other technological devices with different screen sizes. It is just as essential to have a website that is responsive on all devices as it is to have responsive video. Many times if a viewer visits a website that has video and it cannot be played on their smart phone or it looks distorted they abandon ship and move on to a website that does allow for easy viewing. If your video player cannot deliver video to any device you will lose a lot of viewers due to a lack of convenience.

Ability to Maximize Monetization: Your video player should allow the opportunity to monetize your video content with ease. Digital ads are becoming more and more prominent daily and it could be beneficial to take advantage of these opportunities. In order to do this your video player needs to allow for transparent delivery of your ads. Some people op to use YouTube and other free video sharing sites to monetize their content. While this may be an easy option, it also results in a loss of revenue because you have to give whichever video sharing site you are using a portion of your profits. When you cut out the middle man you are more in control of your profits from ads because you are dealing with advertisers directly.

Customizable Video: ?Consistent branding across multiple platforms is central to an online strategy and that is why it is vital to be able to customize your video player to have similar colors and fonts to your website/brand. When you use a professional video platform you will have more freedom in customization. Most times free players have a distinct look and may clash with your brand?s appearance. Also you want to be able to drive traffic and by keep your video player aligned with your brand you encourage promotion of your brand. Some features that you may want to include that you may not be able to incorporate using a free solution are, on-video watermark, animated logos, clickable logos and more.? With free solutions you may have limitations and it is imperative that you have the ability to customize past a certain point if needed.

A Video Player that protects your content: Copyright issues are becoming more prevalent every day. When creating original content, it is critical to prevent others from downloading that content and doing whatever they want with it. A good video player will provide protection and will use DRM technology to encrypt content.

A Video Player that provides analytics: Being able to see very clear analytics is in implementing an online video strategy. With some free solutions the analytics provided is limited. With a good video player you will be able to track views that show the play to impression ratio, and keep track of bandwidth and storage.

These components are just a few things to keep in mind when choosing a video player for your website. It is important to look at your company?s needs and see which option will be best for you. You can find more information and things to look for when choosing a video player in the Kaltura White Paper.

Note: DWG is a Kaltura partner but is also familiar and works with other adaptable platforms.

Are You Ready for Credit Card Liability Shift?

What?s common between Target, Aaron Brothers, Michaels, Home Depot, P.F. Chang?s, California DMV, Goodwill, Sally’s Beauty Supply, Bebe Stores, and Staples? All these places (and many more) have experienced Card Breach over the past several months. As a result, millions of consumers, including many of us, have become victims of such breaches through exposure of credit card and personal information which has made its way to underground markets.

Over the past two decades, the Internet has made it extremely convenient and cheap to conduct business and transact sales/purchase of goods and services. A result of such convenience was the advent and ease of fraud. Irrespective of reasons for fraud, it is safe to assume that fraud is here to stay and the ?bad guys? are getting smarter. So, what are the ?good guys? doing to combat fraud, protect consumers and businesses and put a dent in how much damage the ?bad guys? cause? Well, there has been a lot of effort and various solutions in helping us protect ourselves. However, we, consumers and businesses, have let inconvenience and near term cost deter us from changing our ways and, thus, made it easier for fraudsters to perpetrate fraud.

One significant change coming to a credit card near you is called the EMV?an acronym for Europay, MasterCard, Visa?Standard. In a nutshell, EMV standards provide the technology to better secure credit card transactions through Chips installed within the cards. Some of you might have already received such chip cards from your banks. Processing chip cards requires newer/different equipment?ATMs, Point of Sale (POS) readers. Europe and Asia have been years ahead of the US in terms of adoption of this standard.

October 2015 marks a significant event in the adoption of EMV in the United States. This event is known as the Liability Shift. Although Visa, MasterCard, American Express, and Discover have their own (slightly different) timelines, generally speaking, beginning in October 2015 everyone in the transaction chain?issuer, acquirer, processor, merchant?needs to be ready to issue, and handle chip cards. Gas stations have an additional two years to comply. The entity that does not use the chip to obtain payment authorization would be held liable for the amount of fraud, and, hence, the term Liability Shift. In other words, if a customer presents a chip card merchants should obtain payment authorization using the chip card and not the magnetic stripe. Liability Shift only affects Card Present transactions but not Card Not Present or Internet transactions.

Are you ready for Liability Shift?

Please speak with your credit card processors and POS equipment providers to understand and determine next steps as soon as possible. Don?t delay, prepare for Liability Shift today. It is never too early to review your security of your card processing services and your liability in case of a fraud.

Learn. Prepare. Protect.

Credit Card Processing and Site Security

By: Leslie-Ann Fletcher, Marketing and Promotion Coordinator

Many online businesses provide the opportunity to purchase their products or services online. If you are setting up payment processing on your site, it is essential to know the step by step process. Let?s begin by providing a visual diagram provided by Dream Warrior Group’s CEO, LaMae Weber. Below, I will describe the process step by step.

lamaegoesshopping

Let?s say you go to the Jo Malone online store and you want to buy some lotion for $150 dollars. You find the lotion you want and you add it to your cart and are ready to check out. Next you put in your credit card information and in a matter of seconds your payment is processed and you are given a confirmation number. How does this all work?

First your transaction goes to a payment gateway account which is the bridge between your website and a merchant account. A payment gateway is the ?service that automates the payment transaction between the shopper and merchant.? ?It is the infrastructure that allows a merchant to accept credit cards and other forms of electronic payment.?(Webopedia). A merchant account then processes your money and sends it to your bank for approval. If the charge is approved, the merchant account deposits (after the gateway account batches it)the money in your bank. This takes less than a second to happen.

It is vital to make sure your site is secure and that it has an SSL certificate. An SSL (Secure Sockets Layer) Certificate is what creates a secure connection between a website and a browser. It is a ?digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology.? (GoDaddy) The SSL Certificate icon provides buyers with a sense of security and gives your site credibility.

Notes for selecting your providers:

It is not advisable to purchase your payment gateway and merchant account as a package because if you end up having a problem with one or the other you have less options for change. Here are some things LaMae recommends when implementing payment processing:

? Gateway and Merchant Accounts should be from separate vendors
? You should retain control of both accounts (have master login information)
? Your Webmaster/Developer will need access to properly set up your processing (be sure to make them an Admin)
? Watch your rates regularly ? and be sure you are comparing apples to apples
? Make fee comparisons ? don?t be afraid to change if you?ve done one and two above

Providing a secure, simple and quick way to purchase on your site will allow for a very pleasurable shopper experience, which will in turn result in return visitors.

Check out our video tutorial on Credit Card and Site Security here:

 

The Safety Myth

On Tuesday, September 2, Home Depot disclosed that they were investigating a possible breach of their payment data systems. No less than a week later they had confirmed that those systems have in fact been breached, with direct impact on any customer that had used their payment card at their stores since April. While Home Depot was rather forthcoming about it, they were still not fully willing to bite the bullet and tell the world that in spite of the similar incident earlier this year in Target, they had not taken the necessary precautions. There is a huge gap in most POS system that can be exploited if the hackers can get behind the main firewalls through legitimate avenue. The scenario would go something like this: The POS Vendor has a networking company that manages their networks for them and by necessity some of the employees of the networking company will need to have access to secured layers of POS Vendor’s infrastructure. If someone decides to bring a memory scraper (a form of malware), and place it on a piece of software targeted to be delivered to the POS device, then all the amazing encryption and security is useless. Memory-scraping malware is typically designed to target Track 1 and Track 2 data — including a cardholder’s name, card number, expiration date, and the card’s three-digit security code (a.k.a. CVV or CVC) — at the place where it’s most vulnerable to being intercepted: in memory, where it’s in plaintext format. So what to do? Among other things, software delivery redundancy, and independent pre-staging servers for delivery of updates to the POS device would be a good start. Even better would be to have hermit servers, that are secured and server the sole purpose of delivering the update to the staging server for checksum comparison with the update being delivered normally. As crazy as it maybe, it is not very expensive to setup and it is even cheaper to maintain. Then you ask why didn’t Home Depot do it? The simple answer maybe much more mundane than you think. According to a security professional in that organization “the bosses were sure it was the incompetence of the IT people in Target that had let to their problems.” — Ah Arrogance loses the day once again. It is time for most IT professionals to acknowledge that safety is a myth and the best we can do is to run hard and fast and keep one step ahead of the hackers by continually innovating new ways of double checking what we already believe to be secure.