Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
29
Nov

PayPal Now Has Financing Tools – Turn Browsers Into Buyers

Turn browsers into buyers with PayPal Bill Me Later®, a PayPal service.

For existing PayPal merchants, when your customers checkout using PayPal, they can get 6 months financing on qualifying purchases*.  Within minutes, you can add banners to your site and watch your holiday sales grow.

There is no cost to you!  You get paid right away, regardless of when your customers pay.  Average order sizes have been shown to increase up to 75% when Bill Me Later® is offered as a payment method**.

If you don’t take PayPal already, it’s never too late.  You can sign up to be a PayPal merchant anytime.

Click Here to Learn More About Bill Me Later®

*Bill Me Later® customers are subject to credit approval, as determined by the lender, WebBank, Salt Lake City, UT.

**Forrester Research, Total Economic Impact (TEI) study of PayPal Express Checkout for web and mobile, 2012.

+

Joe Palko is the CMO of 3dcart. Prior to joining 3dcart in 2011, Joe was a true internet pioneer co-founding his first e-commerce website in 1994 which later sold to America's largest mail order pet supply retailer in 2007. Joe also co-founded Solid Cactus in 2001, which was later sold to the Web.com Group in 2009.

03
Jun

3dcart Recognized as Visa PCI DSS Validated Service Provider

Joins Short List of Approved e-Commerce Solution Providers for Outstanding Adherence to Security Standards

TAMARAC, Fla., June 3 /PRNewswire/ — Shopping cart software leader 3DCart today announced its inclusion in Visa’s Global List of PCI DSS Validated Service Providers, a comprehensive list of Visa-certified service providers named for passing a rigorous security screening process. Inclusion on Visa’s short and exclusive list helps further validate security measures to protect credit card data and other personal information put in place by 3DCart for local and international online merchants of all sizes. 3DCart was officially validated by Visa as of March 31, 2010.

“Instances of online fraud have pushed stricter regulations on financial transactions that take place on the web,” said Jimmy Rodriguez, chief technical officer for 3DCart. “General PCI DSS compliance is crucial, and verification by Visa serves as a validation that online storefronts are doing everything in their power to protect the personal information of their customers, in turn adding value and increasing brand credibility. Online stores with Visa-approved e-commerce platforms position themselves as cutting-edge within their niches.”

PCI DSS compliance is now required for any service provider that collects sensitive financial information over the internet. The Payment Card Industry (PCI) Data Security Standard (DSS) is crucial for all service providers that collect payment by credit card.

3DCart was officially named PCI DSS compliant by the PCI Security Standards Council on February 26, 2009 following rigorous testing by third-party PCI DSS compliance experts SecurityMetrics. In order to gain compliant standing, twelve stringent requirements must be met or exceeded to help build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy.

To view the complete Visa Global List of PCI DSS Validated Service Providers, visit http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf.

About 3DCart:

3DCart (www.3DCart.com) is a complete e-commerce solution for new or existing websites.  The company’s services include the tools, advice, support, and technology to manage an entire online operation, so clients can focus on managing their orders.  3DCart is able to design and implement innovative web solutions to meet a company’s specific requirements.  Whether clients are looking to update their existing web store or develop a completely new design, 3DCart maintains a flexible approach to ensure they provide the right solution for the company.  One monthly fee pays for the store setup, security, design, and maintenance.

21
Jan

Analysis of a Lie – 3dCart Vs Volusion

cakeisalie

We appreciate healthycompetition between companies. However, when deceptive marketing practices are being  used to mislead the consumer, we have to draw attention to them.

Our company values dictate that we do not speak negatively about our competition. Our sales team is fantastic. They’ve got a combined total of over 70 years in e-commerce design, consultation, and support. These are not simply a group of people who are here to sell you the best account, these are people who know e-commerce software, design, and have helped launch thousands of online stores. They take pride in assisting small to medium sized businesses realize their dreams and help them to achieve success in the online marketplace. Their integrity speaks volumes about the kind of people they are. They will never speak negatively about an opponent, and in the rare occasion that there is a feature  that we do not offer, will suggest an appropriate competing product to take care of the client’s needs.

comparisonchartOne of our competitors recently launched a comparison chart which lists an “E-Commerce Comparison Checklist” and displays how we stack up against each other. Not surprisingly, according to them, we do not offer a single feature that they do.

A common trick in comparison charts is to select carefully worded items which your competition, upon the surface, does not offer. Let’s be honest here. Most of you would not even care to look deeper into these charts and would assume that the company presenting the comparison chart has done their homework.

Let’s examine some of these items a bit closer.

1. Over 10 Years in Business and One of The First Shopping Cart Providers – 3dCart has been in business since 1997. We started out developing custom e-commerce solution and decided in 2001, to offer our software to everyone. That’s 13 years in the industry.

2. 75+ FREE Ready-to-Go Store Designs- We offer over 30 free templates and our designers add to this each month. These are all FREE and Ready-to-go store designs.

3. In-House Design, Marketing and Expert Services Available - Our design team is located in house with our consultants, and marketing team. Everything is in-house at 3dCart.

4. Tens of Thousands of Satisfied Customers – We’ve got tens of thousands of satisfied clients. In fact, a significant amount of our customers found 3dCart because of being displeased with one of our competitors.

5. Most Award-winning Solution Recognized for Customer Service, Innovation and Overall Product Offering – We applaud them for their awards. Truth is, we never entered our software into any award or review site that our competitors are on because we feel that our clients don’t look at those things. We have gone up against our competition on a popular review site, and came out above the rest.

6. Visa Credit & Hacker Secured (PCI-Certified) – This is the one entry on this list that is quite irksome. We are 100% PCI compliant. The Visa Credit list is primarily for payment gateways. In 2009, we determined that it was not a suitable list for e-commerce providers to be on, and decided against paying the fee to be included in that list. Regrettably, our competitor has been deceiving potential clients by telling them that since we are not on this list, we are not PCI compliant. This is a considerable fabrication and to stop them from deceiving customers, we are going to be included in the 2010 list. You are not required to be on this list, to maintain your PCI compliance certification.

7. Knowledge and Experience of 18,000+ Online Business Owners – We’ve got tens of thousands of online business owners as well, and they are quite knowledgeable. We love our customers and not a day goes by that we do not learn something from one of them. But don’t take our word for it, take theirs.

8. Premium Hosting, included in all packages, with 99.99% guaranteed uptime – All of our plans include premium features and we offer a 99.99% uptime guarantee as well.

9. Free 24x7x365 Live Support – We have tripled the size of our technical support staff and proudly offer 24x7x365 technical support… We even offer 24x7x366 technical support on leap years!

10. Social Store Builder™ – This name is owned and trademarked by our competitor so obviously, we don’t have it. Since this feature is named by our competitor, we can’t have it. No one can. What we do offer in the next update, will be Facebook, Youtube, Twitter, and social media marketing integration that is above and beyond what ANYONE offers in the industry.

11. Enhanced Product View with Vzoom!™ – Yet another custom named feature. We have this, and we call it Zoomify. We’ll be offering a more enhanced version of this in an upcoming  release.

12. Integrated Vendor Management – Managing distributors and vendors has been an integrated feature of 3dCart since the first release.

13. SmartMatch Technology™ – Yet again, another custom named feature. Noticing a trend here? We have a related product feature that allows you to easily add related products.

14. Soft Add-to-Cart – Finally, a feature that we do not have built into the cart. This feature is something that we can custom program in your store but we have not yet integrated it into all of our stores.

15. Multi-Store Discounts – 3dCart offers you a discount on multiple stores. We also offer reseller accounts. Contact our sales team to discuss these promotions @ 1-800-828-6650 x1

16. Advanced Language Settings – Ok, you’ve got us on this one. We don’t offer the ability to have your cart in multiple languages. However, we are adding this feature in an upcoming release.

17. Pick Ticket Functionality to Speed up Business Processes – I’ve got no idea what this one is. At this point, I think they’re just making things up.

PHEW, that was a lot of info. As you can see, its a bit asinine to expect any customer to do that amount of research, which is what marketers bank upon. Here’s a revised comparison chart based upon our research:

truecompare

12
Jan

2010 PCI Compliance Process

PCI CardAlong with the ball dropping, New Resolutions and parades, 2010 also ushers in the annual PCI DSS certification inspection. If you’re a store owner, I’m sure you’re familiar with the acronym PCI DSS (Payment Card Industry Data Security Standard). However, you may not be privy to the process that hosting companies have to go through in order to attain it. I’m not going to get into the history of the program, but I do want to shed some light on the process so that it will not seem so mysterious. In the age of the internet, we hear so many acronyms and all we know about them is that we must have them for our sites.

“I don’t know what SEO, ROI, or PCI is, but I MUST HAVE THEM!”

We are currently involved in the inspection and certification stage of compliance and I’m going to document the entire process for everyone. Our president is deep in the heart of our data center with a certified inspector and they are going through every cable, connector, and line of code to verify our compliance for 2010.

To recap, the core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

I did an in depth look at each of these requirements last year, which you can read here.

27
May

PCI Compliance – Maintain an Information Security Policy

network_security

Requirement 12: Maintain a policy that addresses information security
A strong security policy sets the security tone for the whole company and informs employees what is expected of them. All employees should be aware of the sensitivity of data and their responsibilities for protecting it.

22
May

PCI Compliance – Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis when something does go wrong. Determining the cause of a compromise is very difficult without system activity logs.

Requirement 11: Regularly test security systems and processes
Vulnerabilities are being discovered continually by hackers and researchers, and being introduced by new software. Systems, processes, and custom software should be tested frequently to ensure security is maintained over time and with any changes in software.

21
May

PCI Compliance – Implement Strong Access Control Measures

keep_out_b

Requirement 7: Restrict access to cardholder data by business need-to-know
This requirement ensures critical data can only be accessed by authorized personnel.

Requirement 8: Assign a unique ID to each person with computer access
Assigning a unique identification (ID) to each person with access ensures that actions taken on critical data and systems are performed by, and can be traced to, known and authorized users.


Requirement 9: Restrict physical access to cardholder data

Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted.

20
May

PCI Compliance – Maintain a Vulnerability Management Program

chuck-norris1

Requirement 5: Use and regularly update anti-virus software
Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all systems commonly affected by viruses to protect systems from malicious software.

Requirement 6: Develop and maintain secure systems and applications

Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor provided security patches. All
systems must have the most recently released, appropriate software patches to protect against exploitation by employees, external hackers, and viruses.

19
May

PCI Compliance – Protect Cardholder Data

copy-protection

Requirement 3: Protect stored cardholder data
Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed and not sending PAN in unencrypted emails.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Sensitive information must be encrypted during transmission over networks that are easy and common for a hacker to intercept, modify, and divert data while in transit.

18
May

PCI Compliance – Requirement 2

password_star

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These Passwords and settings are well known in hacker communities and easily determined via public information.

This may seem like common sense, but you would be surprised. There are many  manufacturers that set very easy default passwords on their products before shipping. Some as easy as the word PASSWORD.

We have a very stringent password protocol here that includes weekly password changes. This is a practice that each and every one of us should adhere to.

Password Basics:

  • Use at least eight characters, the more characters the better really, but most people will find anything more than about 15 characters difficult to remember.
  • Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
  • Don’t use a word found in a dictionary, English or foreign.
  • Never use the same password twice.

Things To Avoid

  • Don’t just add a single digit or symbol before or after a word. e.g. “apple1″
  • Don’t double up a single word. e.g. “appleapple”
  • Don’t simply reverse a word. e.g. “elppa”
  • Don’t just remove the vowels. e.g. “ppl”
  • Key sequences that can easily be repeated. e.g. “qwerty”,”asdf” etc.
  • Don’t just garble letters, e.g. converting e to 3, L or i to 1, o to 0. as in “z3r0-10v3″

Bad Passwords

  • Don’t use passwords based on personal information such as: name, nickname, birthdate, wife’s name, pet’s name, friends name, home town, phone number, social security number, car registration number, address etc. This includes using just part of your name, or part of your birthdate.
  • Don’t use passwords based on things located near you. Passwords such as “computer”, “monitor”, “keyboard”, “telephone”, “printer”, etc. are useless.
  • Don’t ever be tempted to use one of those oh so common passwords that are easy to remember but offer no security at all. e.g. “password”, “letmein”.
  • Never use a password based on your username, account name, computer name or email address.
Check out more great password tips at Lockdown