Secure Encrypted Credit Card Reservation Bookings

A Travelhops Secure Booking Form makes it easier and safer for you and your customers to conduct transactions for travel and accommodation bookings over the Internet.  Convert more of your online inquires to confirmed credit card bookings. Get important feedback on how customers find out about your service. A Travelhops Secure Booking Form can be integrated into your new or existing Web Site. The system allows your customers to make secure credit card bookings via a SSL encrypted booking form.  All businesses have different needs when conducting business. A Travelhops Secure Booking Form is flexible and can be customised to your individual business requirements.  The Travelhops system offers a solution for businesses offering a service which requires a quotation to be sent to a potential customer before they make a secure credit booking. In this scenario the potential customer makes an inquiry. The merchant replies to the potential customer with an email quotation for the service they have requested. The merchants email quotation contains a hypertext link to a secure credit card booking form which the customer can use to confirm and proceed with a secure credit booking based on their email quotation.  The Secure Booking Form can also be set up with a fixed pricing structure for customers wanting to make immediate credit card bookings. The secure booking form displays the merchants service prices and calculates the total cost based upon the number of adults, children, and the quantity of services required. Prices are displayed in five currencies. Currency conversions are updated daily.  Details on the Travelhops secure booking form can be edited via a password protected Merchant Admin Account.  By logging into your Merchant Admin Account via your Web browser you can quickly and easily edit the prices displayed on your secure booking form.  Typical Travelhops Secure Booking Forms feature a section that asks customers how they found out about your service. This feature offers your business useful marketing research information regarding how a client found out about your service and more importantly which methods of advertising or promotion are working effectively for your business.  Secure Booking Forms display your business booking terms and conditions. If your terms and conditions change during the course of the year they can be quickly and easily updated by logging into your Merchant Admin account via your Web browser and making changes.  Travelhops secure booking forms can be set up with your company logo and Web site background colours so as to appear consistent with the overall style of your Web site.  A Travelhops Secure Booking Form does NOT perform authorisation with Banks to determine if sufficient funds are available. It is the merchant’s responsibility to have credit card authorisation and processing facilities.  Annual cost USD $195 Note: A Secure Booking Form can be customised to accept Visa, Mastercard, Diners and American Express. The marketing referral options and service prices contained in the Secure Booking Form can be quickly and easily updated online using your Web browser.

Computer E-Retailer Exposes Credit Card Numbers

Hardware vendor ComputerHQ.com exposed billing addresses, credit card numbers, and other personal information through a JavaScript bug that was noted over the weekend, a privacy expert claimed.As of Monday morning, the security breach had been filled. Before then, about 15,000 personal records were available for viewing on the Web, according to Keith Little, a self-employed privacy consultant.

ZD Internet/ExtremeTech verified the information with the actual cardholders, who confirmed that they had indeed made the indicated purchases. Essentially, some or all of ComputerHQ.com’s invoices were available to the Internet at large, including names, addresses, phone numbers, credit card numbers and expiration dates, as well as the products ordered and their price.

Executives at ComputerHQ.com, based in Fremont, Calif., did not return repeated phone calls requesting comment. A sales employee said that IT concerns were handled by an offsite Web team which worked for the company, and that he couldn’t answer any questions. However, he did say that the Web site was redesigned a month ago.

The glitch was relatively simple, Little said: normally, if a viewer wanted to check an order, he could visit the company’s Web page, enter his order number and ZIP code, and a dynamically-generated Web page would list the appropriate information. If he failed to list his ZIP code, a popup window would appear asking for the ZIP code.

However, that tracking system would only work if a user’s client browser had JavaScript enabled. Little said that if JavaScript was turned off, the company’s database was exposed to public view, one record at a time. A malicious user could simply change the order number in the URL to obtain new records.

“The whole thing started Saturday before noon,” Little said. “They erroneously sent me a hard drive that (my client) didn’t need.” On every invoice, Little said, was a URL to check the order status using the unique order number. Little didn’t need to know the ZIP codes used by other orders; instead, he could input a URL with a similar order number and use the JavaScript exploit to obtain the database information.

Little then said he called the company on Saturday, and the site was promptly taken down to apparently fix the hole. On Sunday, however, the site reappeared with the same hole, and Little again successfully asked to have the site taken down. The scenario repeated itself early Monday morning.

“This morning he had the site up and running while he made the change,” Little said. “No firewall, nothing. It was the dog’s breakfast.” Little said that, according to his conversation, the owner of the site apparently did his own IT maintenance and programming.

The orders date back approximately eleven months, a time when it’s likely, but not certain, that those numbers were visible to someone exploiting the JavaScript bug. “If it didn’t (happen), it’s a miracle,” Little said.

Customers’ responses ranged from the outraged to the fatalistic. “I will never do business on the Internet ever again if these numbers can be published like this,” said Shelley Tighe of River Vale, N.J., in a message left with ExtremeTech.

Some customers, like Doug Berrett of Newton, Mass., said they got off lucky, as they weren’t even sure the cards were still active. Others said they had had problems with possibly falsified credit-card charges, but didn’t know if they had been tied to the ComputerHQ.com hole.

Although some people may actively exploit weaknesses in security firewalls through concerted, active attacks, passive holes can also be common. “I’ve seen methods demonstrated where SQL was exploited with a browser, for instance, to reveal database content far beyond the site operator’s intent,” Little wrote in a followup email.

Ironically, one of the victims was Jeffrey Miles, an employee of DaimlerChrysler, who had done work as a network privacy consultant for small businesses. “I know how this can happen; it just sucks that it happened to me,” Miles said.

New ccfinder.com Site Shows Best Credit Card Deals

.

ccfinder.com unveils a site for finding the best credit deals amongst the daily deluge of credit offers that mysteriously find their ways to our mailboxes.

.

ccfinder lists credit card offers from all of the major credit card distributors. A scoring system rates cards based upon their annual percentage rates, introductory offers, balance transfer rates, and features
Search URLwire archives since 1994

There is certainly no shortage of credit offers these days, no one will argue about that. We receive countless credit offers every day in the mail and a barrage of offers online. But, if you really need a credit card, how do you discern the details from the hype, the fact from the fiction? A new web site called ccfinder.com is dedicated to wading through the hype.ccfinder lists credit card offers from all of the major credit card distributors. A scoring system rates cards based upon their annual percentage rates, introductory offers, balance transfer rates, and features. ccfinder identifies cards with the lowest rates and the best features and makes them easily accessible. And, you can apply online and in a lot of cases know in minutes whether or not you’ve been accepted.

Jennifer Griffin, a new user that recently started exploring the net, has this to say about ccfinder.com, “This is a great site for finding deals on credit cards regardless of your credit. When I got into something I wasn’t sure about [ccfinder] got me out by providing the information I needed. Thanks. I would recommend this site to anyone.”

Even if you don’t know what features and benefits you’re looking for in a credit card or line of credit, ccfinder.com can help. On the home page, there are links to the featured card, the top 20 cards visited by other users, links to the cards with the lowest rates, and a list of categories.

ccfinder.com is designed to make it easy to find what you need. “This site is very well organized, and can help you find a credit card to fit almost any need. Whether you’re looking for a card with no annual fee, one to build your credit, one with low introductory rates for balance transfers, one with special bonuses/points, or one for poor credit, you’ll find the right card”, says Michael Coley, the savvy entrepreneur that brought uswww.amazing-bargains.com and www.magazinepricesearch.com.

If you’re looking for credit, this author believes that you should wander over tohttp://www.ccfinder.com and check out their credit card database.

Choosing a Merchant Credit Card Processing Vendor To Meet Your eCommerce Credit Card Processing Needs

To process online orders, you must offer online payment options. The most widely used form of payment currently is merchant credit card processing. Marketing studies show that you’ll lose 60 percent to 80 percent of your potential orders if your Web site is not set up to accept credit cards; they also show that if you offer credit card payment and use merchant credit card processing, not only will you receive more orders, but those orders will be substantially larger. 

Credit cards enable impulse buying, reassure customers of your legitimacy, and simplify your billing. Other methods of collecting payment are becoming available and include charging purchases to a phone bill, using electronic funds transfers (EFT), paying by electronic check and various forms of prepayment. Each of these methods requires payment processing either in the form of software added to your Web site or by linking to a payment processing service. 

Understand Merchant Credit Card Processing Accounts and Their Fees
To accept credit cards, you must establish a merchant account, a special bank account for handling the revenue (and fees) from credit card transactions. Your merchant account provider (MAP)-a bank or other institution that processes online credit card transactions-will verify the credit card, process the transaction, and deposit the results into your account, usually within two to four days. 

Evaluate Alternative Online Payment Methods
eCommerce credit card processing still reigns as the leading method of payment for online purchases, but other payment options are available. Your product and your customers’ buying preferences will influence which payment methods you accept. In other countries, ecommerce credit card processing is not as pervasive, so you may want to consider offering alternatives for your international customers. Offering multiple payment options on your Web site, if you can afford it and maintain your profit margin, is a means to increase sales by increasing customer convenience and confidence. Many alternative methods are better suited to micro-payments, charges under $1, because the processing costs are often lower and credit card merchant-account fees don’t apply. 

Determine The Fee Structure That Maximizes Your Profit Margin
Not every product sells the same way, and not every ecommerce credit card processing provider charges you the same way. Choose a provider that suits your business. Begin by considering the nature of the products you sell-are they large and expensive? Perhaps then you ought to seek a MAP that offers a higher flat-rate transaction fee and minimizes the discount rate, since even a hefty $1 transaction fee will be far lower than a 2.5 percent deduction from the charge. On the other hand, if you rely on small, high-volume sales, even a $0.30 transaction fee can erase your profits. 

Specify Your Technical Requirements
Different MAPs require different “gateways” on your site. These gateways are the pieces of code that transmit your customers’ orders to and from your bank’s transaction authorizing agent. If you plan to manually process your orders, a secure Web form might be good enough to capture credit card information that you can process offline. 

Evaluate Your Business’s Credit-Worthiness
MAPs, like most banks, pay close attention to the companies with which they do business. Such factors as your company’s length of time in business, outstanding debt, debt payment history, goods and services offered and even your personal history (for new businesses) will affect the fees your company pays to process credit card transactions on the Net. 

Find MAPs You Can Work With
Many merchant account credit card processing providers refuse accounts to start-up firms or firms and individuals with bad credit histories. Some MAPs will not accept “high-risk” accounts, a term that usually encompasses adult sites, online casinos, and sites operated by firms outside the MAP’s own nation. Other merchant account credit card processing providers refuse to process any transactions that originate on the Internet-even from their own existing brick-and-mortar clients-or may require that you create a separate merchant account to process orders that are not taken face-to-face but are received by mail, phone, or via the Internet. 

Compare Fees and Technical Capabilities
Once you’ve developed a list of merchant account credit card processing providers who might offer you an account, you need to compare the different MAP offerings. Be certain to ask detailed questions about each MAP’s technical requirements, and make sure your system can work with your MAP’s gateways-the software that actually submits your customers’ credit card information for payment authorization. 

Minimize Credit Card Chargebacks
Discussion about consumer credit card protection for Internet purchases has become intense. But the fact is that U.S. federal law limits a consumer’s liability for unauthorized charges to $50, whether the purchase was made face-to-face or on the Internet. No such protective legislation exists for merchants, however, and they bear the full cost of fraudulent charges as chargebacks from their banks. When a fraudulent credit card transaction takes place without the physical card being presented to the merchant, or funds are uncollectible for some other reason, merchants are charged the sale amount by the cardholder’s bank. This is known in the industry as a chargeback. Merchants may also be asked to pay penalty fees in addition to the cost of the original charge. Though it has not been as hot a topic for e-tailers, credit card chargebacks pose a serious threat to profits. To reduce revenue losses due to credit card fraud, online businesses need to take steps to reduce the risk they take with every order received through their Web sites. Find out how credit card chargebacks occur and what you can do to protect yourself. 

Secure All Your Transaction Data and Prevent Fraud
Credit card information is extremely sensitive, and plenty of villains are waiting to exploit any breach in your security. Additionally, online merchants are as susceptible to credit-card fraud as face-to-face retailers. Make sure your merchant account provider has addressed these issues. 

Prepare for International Payment Processing
Some payment processing and merchant account providers do not accommodate international commerce. If you plan to market your product globally, you may need to search specifically for an international provider

Small Business Credit Cards from Advanta.com!

 

Introducing a superior small business credit card. Only from Advanta. Other small business credit cards simply don’t stack up when you compare them to all of what our special credit card offers, such as low rates, unlimited reward points,* merchandise, and gift cards! Here are just a few of the perks you’ll enjoy when you add an Advanta credit card to your wallet: 0% APR on balance transfers for 15 months Low 7.99% APR after the initial 15-month period expires Unlimited Rewards* Earn Cash, Travel, Merchandise & More all from one card No annual fee and no limit on the total rewards you can earn $0 fraud liability Simple online credit card application – Apply Now! *Earn 1 point for each $1 in Net Purchases. Points expire after 36 months. Points may be redeemed for cash in 5,000 points/$50 increments only. The minimum number of points needed to redeem is 5,000. Account must be open and in good standing to earn or redeem points. See Unlimited Rewards Program Rules for additional important information, benefits and limitations.   Advanta’s credit card offers a long list of benefits that goes on and on. And when you apply you’ll be able to choose the rewards program that makes the most sense for your business! Become a cardholder now and start enjoying the perks with our online credit card application Apply Now! About Us At Advanta, our focus is on small business. And no one knows their needs like we do. Founded in 1951 with $30 in seed money, Advanta has grown into one of the nation’s largest providers (through Advanta Bank Corp.) of: small business credit cards, without forgetting what it is like to be a small or start-up business. You can read more about Advanta’s long history of providing innovative financial solutions by clicking here. Or, to apply for an Advanta credit card, visit our online credit card application here.

Credit Card Acceptance and Processing

Authority This Guide Memo was approved by the Vice President for Business Affairs and Chief Financial 

Officer.

Applicability This policy applies to all Stanford entities that accept payments via credit cards or pin-less debit 

cards. 

Summary This policy provides guidelines on acceptance and processing of credit cards or pin-less debit 

cards at Stanford.  Section headings are:  

 1. DEFINITION 

2. PURPOSE  

3. POLICY 

4. IMPLEMENTATION GUIDELINES 

5. SOURCES OF MORE INFORMATION 

 

1. DEFINITION 

For purposes of this policy, credit card acceptance and processing is defined as the use of mechanisms such 

as a point-of-sale terminal or a payment page on a web site to accept credit cards for payment of goods or 

services sold by a Stanford University entity.  The term “credit cards” as used in this policy includes the use 

of pin-less debit cards bearing a credit card company logo.  This policy does not apply to the 

StanfordCardPlan or to the University’s PCard or Travel credit card programs. 

 

2. PURPOSE  

Credit cards provide a convenient way to handle business transactions such as conference registration,  the 

purchase of course materials, or the purchase of meals at a campus dining facility.  Acceptance of credit 

cards is subject to the Payment Card Industry’s prescriptive requirements for safeguarding cardholder 

account numbers and other sensitive data.  It is also in the University’s best interest to facilitate the transfer 

of credit card transaction data to its financial systems. The purpose of this policy is to establish guidelines 

for credit card acceptance and processing. 

 

3. POLICY  

a. Relation to University Mission — Any use of credit card acceptance and processing methods at 

Stanford must be consistent with Guide Memo 15.3, Unrelated Business Activity, 

http://adminguide.stanford.edu/15_3.pdf, which prohibits the use of Stanford resources for any 

activity not related to the University’s mission. 

 

b. Authorized Vendor — Departments must use a Stanford authorized payment application, hosted 

service provider, or point-of-sale terminal hardware vendor.  These are listed at 

http://merchantservices.stanford.edu. 

 

c. University Merchant Agreement – Departments wishing to engage in point-of-sale or internet 

electronic commerce must be approved by the Controller’s Office Credit Card Merchant Services and 

comply with all terms of the University’s Merchant Agreement. 

 

d. Confidentiality of Data — Credit Card Data is classified as Restricted Data.  Departments are 

responsible for safeguarding the confidentiality of Restricted and Sensitive Data related to purchases of 

goods or services as stated in Guide Memo 63, Information Security, 

http://adminguide.stanford.edu/63.pdf .  Specific credit card acceptance and processing guidelines 

are:  

 

(1) Use secure and/or encrypted connections to the transaction service vendor (such as the ones 

provided to Stanford by its authorized vendors).

Citibank’s Random Credit Card Number Generator

I don’t know why Citi doesn’t make a bigger deal about publicizing this feature of their credit cards, but they actually have an excellent security option which helps protect customers making online purchases. They mention it only in one paragraph here.

If you have a Citibank credit card, you can use the Virtual Account Number feature to generate temporary “alias” numbers to give out in place of your actual number. Why would you want to do that? Well, there are lots of reasons… read on and I’ll give you a few.

 

 

First, the bad news. The terms of use of the Virtual Account Number service have a dark hidden secret. In essence, Citibank is allowed to update them at any time without ever notifying you of the change. Updates become effective immediately. 

So, in theory, they could add something into the user agreement like:

There will be a $10 per transaction fee imposed on the use of any Virtual Account Number. In addition, the interest rate for charges will be 5% higher than your normal base rate.

Are they likely to do it? Probably not, but I’m sure any good attorney would advise us that anythings possible.

Now, on to the good news… The service is very easy to use.

1. Log into the CitiCards.com site and find the link for Virtual Account Numbers.
2. With one click, you can generate a random credit card number.
3. Use that number whenever you make a purchase online.

So, why would you want to use this service when you’ve already got fraud protection built in?

• Lets say you want to buy a magazine subscription online (or any type of potentially recurring subscription). If you use your real card number they may try to auto-renew you down the road. Can’t do that with a disposable number!
• You want to order from a catalog or some other source that you have to mail in an order form with your credit card info included. Use a VAN in case someone intercepts the mail.
• Each virtual account number is set to expire at the end of the following month and can only be used at a single merchant. This means if someone steals it, the number can’t be used anywhere else.
• Fighting fraudulent charges is a pain in the ass! It takes time and energy and there is always at least a chance that you could lose in the end. Why not prevent it altogether?

Keep in mind the announcement in June 2005 that 40 million credit card numbers were hacked. If those people had used a Virtual Account Number they wouldn’t even break a sweat!

If you want to use this service you’ve got two options. They offer a download-able version for the PC which will automatically pop up and fill in check out forms for you, or they offer a Web based version that you can access online.

Go check it out at CitiCards.com.