Video Transcription

Hey everybody, it’s Justin here with the B2B Vault: The Payment Technology Podcast with the host Allen Kopelman. We provide educational information about business payments, FinTech, and the technology businesses need in today’s world. In today’s episode, we’ll be talking about how to protect your e-commerce business. And here you go. The host Allen Kopelman, Hey, everybody Allen here with Justin, a bit of a news new cyl on the setup to coming into the podcast. So let’s get into it. So today’s episode, we’re talking about e-commerce for your business. We’re going to talk about online payments, security, fraud prevention. Ecommerce security is a susceptible subject right now, and there it’s been quite a few articles in the news about this. I think business owners need to be aware of, you know, what they need to do to protect their business. So what are the basics that go on with an e-commerce business e-commerce has been growing ever since the pandemic started two years ago; e-commerce is getting bigger and bigger.

Plus, you know, ways to order online, get your product delivered locally, order online, pick up curbside order online, pick up in-store. You know, all of these things are growing. Those things are all ecommerce, it’s growing for food businesses, regular retail stores, everything, you know, and even, you know, a lot of businesses are starting to figure out like how to deliver, you know, locally and linking up with like local delivery services so they can deliver locally to their customers. Do you know? So what are the basics that you need? You need a gateway. So, you know, you always have to make sure you’re building your website, which I always tell people, you know, start with your website. What are you building? You know, WordPress, I tell people they ask me questions all the time. What should I do when I build my website? I always suggest WordPress. If you use other services, you’re going to be locked into their payment meth, their payment processing, and then you might not be able to use their payment processing, which could cause you to use to pay extra fees. So you always need to make sure, like what kind of platform you’re on and you know what you’re getting from the platform, you know, then you got to configure your gateway, have your gateway settings where you’re configuring your velocity settings.

So somebody can’t run a thousand transactions on with a robot through your site. cause you to pay any fees and get a bunch of chargebacks possibly. to make sure you have your fraud features configured with AVS address verification, CVV, to where you’re getting the last three digits from the credit card, collecting an email address, and all those different things that do fraud, you know. You know, your website needs to have an SSL certificate, and the hosting company needs to be PCI compliant. We’re going to talk about that. It’s Morton, you know, and you should check out like, Hey, is the web host I’m using for my website, PCI compliant because there was just a whole big story in the news, which we’re going to come up to in another slide. And you know, your e-commerce page, is it secure checkout? So, you know, many integrations now allow you to use a hosted page where that page, where they’re checking out, is on the payment gateway’s servers. This gives you better PCI compliance at lowers your PCI compliance, like what you have to deal with, right?

You don’t have to worry so much that you have to get your web hosts scanned or something like that. And you’re, you’re lessening your risk that you could get hacked. Okay. Because when the customer’s paying, there’ll be on the payment gateways website, not on your website. I always recommend if you can using the hosted checkout page. If you’re using WordPress, you know, a website software you’re using, you have to make sure that you have WordPress security plugins, as what are those security plugins? We typically are you; I like to use Wordfence or have security, but there are tons of them, but those are the two the most known Wordfence. Yeah, you have these things installed on your website, you know, and make sure you have an SSL certificate. Many people are starting to move to WordPress-managed hosting because those have PCI compliance. So what was in the news recently, a huge hack credit card though data was stolen, you know? And so is your web hosting platform; PCI compliance was in the news a lot. We put a link to the story, and the video was on wired, but you can just Google, you know, web hosts act. No, what happened was, you know, these, these, these hacks, how do they happen? You know, ransomware attacks are going on.

Identity theft is on the rise, phishing attacks through email, also phishing attacks through text messaging, SMS, and instant messengers. So how could, you know, these companies, they could get hacked easily. Somebody sends an email, and the unsuspecting receiver of the email gets an email, oh, your bank account has been compromised, click here. And the next thing you know, you’re downloading. What do they call it? Executable file. And that’s putting a key logger into the system. That’s what happened at this web host. Somebody is sending them malicious malware through an email or an instant message that’s being sent. There was also a CA been a lot of cases lately where people get a text message, and it says, oh, there’s a problem with your bank account log in now. And you’re clicking a button, and they’re guessing, oh, they’re making a guest like, oh, you maybe you bank at Bank of America. They pick the big banks, like the bank of America, chase Citibank, Wells Fargo, you know, BB and T truest. You know, they pick that, and then they just send out random text messages. These scammers, you click on it. You think you’re logging into your bank. And then the login doesn’t work. Well, now the hacker just got the mat, got a text message from you with your username and your password for your bank account. They go in there, and then it goes Zell themselves, you know, 500 bucks.

Today, I am thrilled like I went on my truest, which used to be BB and T. I did sell some money out, and they said, oh, you added a new person. We got to send you a code. Then when I sent the money, I had to okay. It is with another code. That was a little much, but Hey, this way, you know, you know, you, you can’t get ha you know, that’s going to prevent hacking. Do you see the taxed or Facebook messenger? I read about another one through Tebow Graham. People have been getting ripped off on their crypto-like that. Cause now as trendy people do in these as NFT drops, right? And they post your wallet, post your wallet. And when you post your wallet, then they send you like a free NFT, maybe something that’s not so good, you know? And they send you this free NFT, but now they have your information. Then they send you another one that says, oh, log into your wallet. Right. And it’s a fake message. So you got to be careful, these phishing attacks. And then there, you know, we’ve gotten applications where people are applying, and we look, we say, see like, oh, the name of the businesses, let’s say Bob’s air conditioning. And the URL was Bob’s air-con ac.com is the real website. And then the person’s using Gmail. That’s the first clue right there. And then the phone number is not the phone number to the business. Right. So that’s like the first clue right there.

You know, you go and then, you know, an identity that bam and you know, yeah, you got to monitor your credit. I tell every we did a podcast about that a couple of weeks ago. You know, you, anybody, everybody, especially if you’re a business owner, you should have credit karma, you know, you should be signed up for Experian, Credit Karma is excellent. Anytime they run, someone runs a credit check. Bam. They send you an email. So it’s important. I want to add on about the e-commerce side of things too. Suppose you’re running a website on WordPress, and you know. In that case, you’re selling stuff, or you’re selling your products, make sure you’re keeping your plugins, your theme, and WordPress, as far as the content management system, up to date. my experience over the past ten years of hacked websites comes from the lack of maintenance on the website. Definitely. So like, if you’re not Updating your website on a regular start doing it now. Don’t wait. Don’t wait till it’s too late. Because the next time you look at your site, you’ll be looking at something that is not your website. One day, memory had all Chinese letters, and the girl’s website, you know, got ruined. We don’t know what happened. It’s back up now. But somebody who had a client and their website were ruined toast. Yeah. And then somehow, they must’ve had a backup because they got the site back up.

But if you didn’t have a psych back, a backup, like a lot of people don’t back up their site. So if you don’t have a site backup and somebody goes in there, maybe we’re pressed at an update cause they got caught a vulnerability. Like you get updates for your phone all the time. Right. They want you to do that because there’s some vulnerability that somebody has identified. Exactly. So this way, you know, you don’t get like the hackers, but also make sure you’re backing up your website, you know? And if you’re silly, Allen’s right. So if you’re going to, you know, if you’re going to be before you update the site, there are tons of plugins that you can download. You don’t have to have some expensive server, you know, wherever your website’s hosted or You’re using the manage WordPress backups. If, but if you’re not, you know, there’s free stuff out there that you can install, and you download the core files straight to your computer, and then you update, and then you’re good to go. Like then, if something does happen in the future, if it does get hacked, you have a file containing the, you know, the files that were not compromised. And you just upload that to your website and your backup and run. I remember we had that situation. We helped out our client a couple of months ago. They didn’t pay for their; they didn’t pay for their website renewal right away. You know, the web, the domain name, they didn’t pay right away. So Godaddy cut the domain name from the website. And then they’re calling us up, oh, the website doesn’t work. The website doesn’t work. And then we went round and round. We found that they didn’t pay on time and thought they did pay.

But they paid after the, you know, the amount of time. Well, that wasn’t what they still saved; they got their domain name back disappear, which I’ve seen happen before too. You know, they did it disappear, but they didn’t renew it on time. So, they disconnected them from the website. Right. And then we thank goodness. We use WordPress manage, manage to host, and we’re able to re you know they re-hooked it up. We gave them the information. And while I, we restored the website and then had to do a few minor fix Updates and yeah. Otherwise, yeah. We say, save the, save the day. You know, what other types of fraud prevention can you use in your e-commerce business? So there’s 3d secure, which is basically like a widget you put on your checkout page, and then it authenticates. So you’ll notice, like, when you go use your credit, when you go to your credit card company, they always ask you like your login on your phone. Oh, is this a, is this a trusted device? And you say, yes. And you’d go on your laptop. Is this a trusted device? And you say, yes.

So 3d secure, the way that works is to make sure that your registered devices protect the merchant. Still, it also protects the cardholder because if they see the credit card sees transactions coming from an unprotected device, right? That’s not doesn’t belong to me. Then they’re going to question that transaction. And if it is from my device, then if you’re using 3d secure, it puts a little checkmark next to the transaction. And if the person tries to do a chargeback to the card issuers, they’re responsible. The merchant never even finds out about it. AVS settings are important, ensuring that all your transactions come through that their AVS matches CVB two matches, a security digit, and shipping. This is a huge, huge problem. We just had a client, they got a $3,000 chargeback, and they shipped some products to a mailbox door. And it was a total scam; I went back and looked at the transaction. The AVS was it; it had the address match, but there was no zip match and those CVV to match. And they should have never shipped that out. And a lot of like bigger merchants, you know, they’ll use the software in the back in their back office. That’s connected to like white pages or something like that.

A service that will tell them, oh, is this a home? Is this a business? And then it’ll identify, Hey, that’s a mailbox. They warn that they just like to put that order on hold if they see that. What’s the mailbox store for someone who doesn’t have an ups store or an office wheel box. Well, no, you can’t ship to a PO Box. They will drop it off at the post office. No, but there are stores where they have mailboxes and don’t have anything. It’s just a mailbox store. Literally. Like I know that we had a client, we have, we have, we still have that client. Like they have self-storage units. And then, in the lobby of the self-storage units, they built a whole thing of mailboxes that’s for some of the tenancies it, but they also will let people who are not tenants rent a mailbox there. So that’s very dangerous to ship to that kind of location because the person can come in anonymously, they rented the mailbox, they used a fake name. They, you know, and all that, you know, you can catch the B2B Vault Podcast on all the popular podcast networks. We recently were added to Pandora and Amazon music. It’s fascinating.

Every week, you know, we’ll get emails from different podcast networks. Oh, we added your podcast. So that’s cool. And we hope, you know, you find us on your favorite podcast network or want to watch the video on YouTube and connect with us on social media. You know, so we talked about, you know, secure, you know, securing your website and your social media, making sure you have like good passwords on there where you can, you know, have two-factor authentication, like your domain accounts. You should have like ones you want to keep, you know, like the domains you want to keep, you should have them auto-renewal. Make sure you have a good credit card on there. And also, you know, when you register them, some people will set the domain to private. You know, you have to pay extra, and you also have to make sure you read and get emails like once a year from ICANN. And they always want you to go on their website. And I can, it’s like the overseer of webs website, registrations, you know? So you have to make sure, you know, everything is, you know, kosher on that. And two-factor authentication. I know it’s a pain in the butt, but you got it.

You have to do it. It’s a pain, but you must do it. You know, making sure all your registrations are up to date. You know many people use, you know, we’re not going to do a commercial for our password protection thing. But, you know, I recently got off the whole Google password thing and got a password program that’s much, much better. And when you just throw their name out there, yeah. Lastpass is a great Chrome extension. You can download it; they got to pay a premium version of the plugin, Free or Paid. It saves you from trying to remember passwords that have password generators. You can, it’s a useful tool, and it’s, And it’ll tell you like, oh, change this password. Change that password. When you go to a site, Duplicate passwords, It’ll tell you to change it. It’s a cool program, you know? And then, you know, and you also got to make sure you’re using the, you know, if you’re using WordPress or whatever you’re using to build your website, that you’re making sure that the security features are activated and that they’re all up to date. It’s very, very, very important. You know, one thing I get asked all the time, so someone starting a new business and the first they show me their website and they go, this is a brand new business e-commerce business. And then, you know, I go to their website, and I review the site.

So, you know, having being compliant on your website is important. And a lot of times merchants will say to me, oh, why do I need this? Why do I need that? I don’t make the rules. You know, the card brands make the rules, the card brands, and the banks. They want to see certain things on a website. So they want to see that you have terms and conditions. They want to see you have a privacy policy. They want to make sure you have a shipping policy, you know, and I tell people like put in your shipping policy, we don’t ship to mailbox the worst though, that can just deter people from even trying to get that, get you to do that. Okay. Your contact information is critical. This can prevent chargebacks a lot. You can prevent a lot of chargebacks by having your contact information, the name of your company, Your DBA, Your address, your phone number, your email address. You know, making sure when people, what’s your return policy, 15 days, 30 days, 60 days, 90 days, you know, I’ve merchants, they’ll say, oh, I want to put a lifetime guarantee. I’m like, you know, what’s your, you know, I asked him, I’d say, you know, what’s your financial situation, you know, because, you know, could you withstand all of a sudden, let’s say you sell a bunch of, you sell a bunch of product.

Let’s say for a year, and then some crazy news story comes out about a similar product to yours. That there’s some problem all of a sudden, everybody wants to return the product you’re going to have, you know, you, you’re going to run out, and you might run out of money. So you know, this kind of thing happens. And you know, you have to be aware of what your return policy does. It needs to be in the original packaging. Are you going to accept it? And it’s not in the original package. Is it? What if it’s open? You know, you’re going to accept that if it’s open, maybe you’re selling a product, like, you know, a bottle, something that has liquid in it and somebody used it then are they going to, can they return it? Do some businesses partially use it? Yes. Some, no, but you have to know what you’re doing. You know, you’re going to have the customer write in and do a return, a return merchandise authorization, and issue them a number. And this is a way to don’t just get random packages in the mail, and you don’t know who they’re from. You know, your policies need to be specific that you put on your website, and they’re there to protect you. Merchants go, why do I have to have that? So come on.

No, that’s great. I mean, I don’t know, I guess, because we’ve been, I’ve been, you know, building sites for other e-commerce, it’s just one of those things where you gotta, you want to see return policy, you got to see the shipping policy and whatever, you know, like those are just, I just feel like they’re just standard. And if you’re going to do a lot of business, you know, maybe you need a widget on there so that people can go back in and check on their order and see their tracking number and stuff like that. To cut down on telephone calls, you’re getting, you know, and the world of e-commerce, as we talked about it, it’s changing. So I’m going to talk a little, we’re going to talk about, you know, payments on your site, credit card processing, you know, crypto acceptance is growing. You can accept crypto get dollars in your bank account. We’ve done podcasts about that. Many people put PayPal Venmo on their site and then set up accounts directly with them and set up accounts directly with Google pay and apple bank. So I’m just going to address this because we have a few merchants that decided that they’re smarter than I am. And they found out that Alan gave them excellent advice, but they didn’t follow it.

So they put PayPal on PayPal checkout on their site. They put the Venmo checkout on their site. They put Google pay and apple pay. And then, you know, the circumvented cause you know that, so that’s not running through the merchant account. Right. So they found out, oh, they got charged backs. So they get notified by the bank that there’s a chargeback. The person pays with Google bank. Guess what? There’s no login to Google pay that goes and tells you who that person was, what? Yeah. They found it at. And apple pays the same way. There’s no. And the same thing with Venmo, these are not set up for you too. That you are not capturing like the data. That’s crazy. Yeah. And I don’t know if it’s a setup in the, you know, the website, the way the website, It must be a configuration that they’re not, I mean, I’m assuming, because I don’t, I don’t, I, I don’t think I’ve ever set up Google pay on. Yeah. It goes directly. The person just clicks a button on their phone, and that’s it. They’re not putting in their name, their address. They’re not putting, you know, you have to get you with, To have a Google pay account, you would have to fill that. Yeah. But the merchants not seeing it is my point. So the merchant, right? Yeah, no, I get what you’re saying. I’m just saying it’s got to be there. Right? The dad has got to be there. The merchant doesn’t have access to it. That is missed.

So we had two clients, got a whole mess of chargebacks. Wow. A bunch of them were on a pay pal. Venmo. We don’t know. We think it was Venmo, but they removed it from the site. They were like, no way we can’t do this. We lost; they lost already. One guy lost that 400 hours’ worth of charge racks. And another one lost over a thousand. I told them both not to do that. I say you can configure apple, pay Google, pay on the gateway so people can use their Apple pay, Google pay. But it still runs through the merchant account. Why? Because they want everybody thinks like they’re going to use all these side apps. Right. And like outsmart the government and not pay taxes. It’s just, you know like I told you, we talked about this in another podcast. I walked into a business, and I saw a list on a list. The guy was, oh, this is how you can pay me. Zell me, Venmo me with phone number cash at me at this name. I don’t even know all the stuff about the bills circle. This thing, that thing they got, there was a whole list going. I was like, dude, what is that? And he goes like, oh yeah. He goes, you know, you know, I take Ian. Yeah, I don’t. But I’m just saying like, you know, you gotta, you have to think this out because when you’re doing some volume and you run in these third-party apps, one, how are you going to do all your accounting? Right.

So you’re going to be getting money in from all over the place. Then when you get a chargeback, you’re going out; what are you doing? You’re searching through everything, and you go, boom, there’s no info. The info is gone because these things are not set up to do business transactions. They’re unfortunate. They were all set up to do P like, oh, you go to the movies, and my friend doesn’t have money on them. So you for your friend to go to the movies, 20 bucks. And then he goes home and he, he Venmo’s you 20, or he’s LV 20 bucks to pay you back or whatever it was, you, you, you went to dinner, and somebody forgot their wallet, and you covered them. And then that’s what it’s set up for. It’s not set up to be doing all this e-commerce stuff that everybody’s doing. It’s hazardous. I feel like I’m a part of the problem. Cause I’ve been helping people set that up that way back. Rocky doesn’t like it either. Right? Rocky, you don’t like those third parties. Yeah, no. I mean, there’s no reason to go around it. Set up a merchant account and do it the right way the first time.

Those are the same because now the government has cracked down on those companies. They have to issue 10 90 nines. So now, like people are getting letters, Hey, you take a lot of Venmo. Oh, you need to get a business account. Oh, you’re taking a lot of apple pay, right. To get a business account. So those days are over where you can like a skirt alongside that. And then they’re going, oh, well, you get to have to pay fees. And then there’s a big, big surprise for the merchants. So thanks for listening to today’s podcast about e-commerce and your business. You know, if you don’t have a website, I think everybody, every business today needs to get a website it’s, really, really important to get a website, check out, you know, if you want to find out more about e-commerce, you can visit NPS bank.com. We have a download on the download page. I think we have something. We also have a page set up talks about e-commerce gateways, integrations, everything you want to know about e-commerce. You could find out about cryptocurrency and add that to your website. That’s another way. Listen, cryptocurrency is going to be a new revenue stream for businesses. If you’re not taking it now, you will be taking it a year from now, but you can hop on the train now and take e-commerce to take a cryptocurrency on your e-commerce website. We work with all types of businesses. So you pay with crypto, you get dollars in your bank account. It’s a dollar to dollar, dollar to dollar equivalency. So that transaction a hundred. You know you get a hundred, you have to pay a fee, but you get a hundred, or you could add the fee to the customer. So thanks for listening to B2B Vault today. Everybody, have a great day. Carpe Diem. Justin and I are out.