My Blogroll

Seth Godin's Blog

Marketing insights by one of Internet Marketing's top guru.

Small Biz Trends

Just started following this blog - the name says it all.

SEOMoz Blog

Information on the latest in the world of SEO.

Occam’s Razor by Avinash Kaushik

"If you can't measure it - you can't manage it." (Drucker). Avinash tells you how to measure everything on your website.

aimClear Blog

Aimed at people doing their SEO and online PR 'in house' - there is a wealth of information on all aspects of promoting your site.

Mashable

THE blog to read for current information and trends in Social Medai.

Copy Blogger

READ THIS if you ever get stuck writing copy

TIMR Web Services
1412 Albatross Ave.
Comox, BC
[email protected]
250.218.5285

Archive for the ‘security’ Category

Friendly Fraud

There is a new buzz word making the rounds – Friendly Fraud. It is the online term for the old practise of returning goods after you have used them. For the online merchant, this type of fraud now includes the customer saying they never received an item, stopping the credit card payment, and even returning empty boxes.

While the practice is probably as old as merchandising – it seems to be on the increase, due, in large part, to the declining economy. Some business blogs are reporting a 50% increase in this type of fraud.

This fraud not only causes losses of a sale but also the cost of bank chargebacks and handling costs. In many cases the items are, if they are returned, are too badly damaged to be resold even as used material.

While nothing you can do will eliminate this practise, there are somethings you can do to discourge the less aggressive fraudster.

  • Have a clear return policy. Have it online and as part of you packaging.
  • Limit the time period when returns will be accepted
  • Require a RMA (Return Merchandise Authorization) for all returns
  • Use a shipping method that requires the customer sign for the product.

These methods won’t deter the most aggressive fraudster. They will help deter those that may be looking quick way to get out of paying. And, in most cases, seeing a well defined returns policy will be appreciated by legitimate customers

 

Email on the Road

I just got back from a short vacation and am getting back to normal – except normal around here is chaos just about every where else.

Of course, emails come whether you are on holidays or not. To deal with them I created a new Google gMail account and forwarded all my email there. gMail has an easy filter setup – so I was able to filter out all my standard emails, such as newsletters, and have only those from clients and the occasional SPAM left in the Inbox.

You maybe maybe wondering why I didn’t use my company’s webmail. I am paranoid!!

Like most of you, I use a laptop (in my case netbook) to connect through public ‘hot spots’. They have become so common that most of us take them for granted. However, they all have one major flaw – they aren’t secure.

While some webmail login pages are sort of secure – many are not. To check your webmail go to the login page and see if it says http or https in the location bar or look for the padlock icon at the bottom of the browser. Our webmail service uses https – but many don’t.

We have all come to believe that the lock icon and https means we have a secure connection. In most cases that is true. ISPs and other legitimate businesses handling Internet traffic go to great lengths to maintain the security of that connection. However, any time you go through a third party’s server you risk what is called a ‘man in the middle’ attack.

The easiest way to break any security encryption is to have an encrypted and plain text version of the same message. The more text, the easier it is to crack the code. In the case of your connection at "Joe Blog’s Coffee Shop" (the man in the middle) both the plain text version and encrypted versions of the login page are available to Joe’s server. Is the text on a login page enough to make it easy to crack the code? – Yes but it would take a while. But, like I said, I am paranoid!!

Why, is the gMail login more secure, after all it has more text? The text is not always the same – the little counter that indicates the amount of free space available makes the code harder to crack. Also, I deleted that account once I got back from my vacation.

BTW: Banks are the worst offenders for having plain text information on a https server. NEVER log into you bank from a public ‘hot spot’.

 
"));