Archive for the ‘Development’ Category

« Older Entries
0507.10

What PCI compliancy means for your E-Commerce company

Posted by Nick in Development, E-Commerce

What is PCI Compliancy?

PCI-DSS compliancy (as well as PA-DSS for application development) has been around for a long time now, established by the leading card companies as a set of rules to govern the build, implementation and running process of any company who stores, transmits or processes card details online. Visit the PCI Security Standards Council for more information.

As of the 1st July, 2010 full PCI-DSS compliancy is required for ALL merchants accepting card details to be fully compliant or risk heavy fines, a costly audit or worse, to have their credit card processing privileges revoked.

What’s the big deal?

It amazes me, after reading up about 40 hours of various articles just how clueless the industry generally is on PCI compliancy standards. The larger companies out there are far more aware while the small ones still walk on, some not even knowing what it is. Furthermore, the documentation is very hazy and in general, companies just aren’t sure what they should be doing to make sure they are compliant. Every person I have spoke to has a very different view on what they need to be doing to be compliant. Some think it is essential to have several dedicated servers, while many argue that your site will sit comfortably on a shared server. I agree with the dedicated server route where you are storing or processing the card details yourself – but seeing so much variance concerns me.

What do you need to do?

At Optix Solutions we have endeavoured to make sure all our e-commerce clients are fully compliant and have done for many years now. Our dedicated servers are ISO 27002 standards compliant. Here are some of the other tactics you should adopt to make sure your business is fully PCI compliant (I am not a Qualified Security Assessor so please remember these are just my personal view):

1. Use a validated payment application. At Optix Solutions, we work closely with Sage Pay to out source the payment stage of the transaction, ensuring that compliancy is not necessary for us, as their certificate covers this (please note, we do code to the PA-DSS standards but don’t undergo an audit due to the costs being in the tens of thousands). The big drawback of this is that payments do have to leave your website to go to Sage Pay, but the costs associated with PA-DSS and a higher level of PCI compliancy just don’t make it beneficial (it will cost tens of thousands including 3 dedicated servers and regular audits!).  Sage Pay also offer a new inFrame solution to make it look as though the customer is entering the details into your site – we are currently experimenting with it’s integration as there are some limitations but we will discuss these with our customers depending on their needs. Finally, a new tokenisation system that Sage Pay also offer means the customer can store credit card details for processing next time…a problem associated with using a payment application historically. This means that one-click or rapid checkout is easily possible without affecting your level of compliancy.

2. Install SSL. For the inFrame solution, SSL is required to ensure you are PCI compliant. For other integration methods this isn’t necessary but certainly advisable.

3. Take the online self assessment questionnaire. Available here, the online SAQ MUST be completed by ALL merchants. Failure to do so means you are not PCI compliant. If you implement the 2 stages above, you will only need to complete Validation Type 1.

In conclusion, it is worth noting that PCI Compliancy cannot be avoided and heavy fines will be imposed or card processing priviliges revoked if they are. By following the 3 steps above, you ensure that your e-commerce platform is fully compliant.

Posted in Development, E-Commerce | 1 Comment »

3006.10

Devon Air Ambulance Trust takes Transparency to a new level

Posted by ksousa in Design, Development, News

For charities to survive and prosper it is vital that they retain the goodwill of their existing supporters and earn that of potential new donors.

Transparency is a key element in achieving these objectives for charities of all descriptions. After all, the majority of the money that enables them to do their work ultimately comes out of the general public’s pockets. The more people can see that their money is being spent effectively and diligently the more likely they are to donate.

Last year Devon Air Ambulance Trust (DAAT) brought in Optix Solutions to produce a website that would not only attract increased donations and fundraising opportunities, but also engage and interact with new and existing supporters of all ages and interests.

Phase One of the site development included a new Content Management System (CMS) that enables the posting of the very latest news from DAAT, a mission mapping facility and a special section for kids.

Phase Two involves the posting of in-depth Accounts on the site, showing in an easy to follow form the charity’s income and expenditure over the past financial year compared with figures from 2008.

(more…)

Tags:
Posted in Design, Development, News | No Comments »

1406.10

Rising to the Dakar Challenge

Posted by Optix in Company News, Design, Development, News, Online Marketing

Dakar Challenge is all about theScreenshot of Dakar Challenges Website spirit of adventure and the opportunity to do something truly different for a few weeks of your life, and the website Optix has designed for the challenge organisers is all about reflecting that.

Organiser and self-styled ‘Crap Car Svengali’ Julian Nowill first got together a group of 55 ‘bangers’ in various states of disrepair, their drivers and passengers to share the experience of driving from Plymouth to Dakar in Senegal in 2003. The publicity this generated not only attracted 88 cars the following year, but also spawned a variety of copycat expeditions of varying repute.

Despite its success, Julian has always been determined to stick to the original ethos of the Challenge. It remains a part-time hobby run by himself and his wife Annette, simply offering people the chance to do something completely different and eye-opening, hopefully with a lot of laughs and a few tests of character along the way.

Participants are welcome to make charity drops on the journey, or auction their vehicles for local good causes once they reach their destinations, but the Challenge is not a charity event in itself.

Optix has designed a site that reflects the essence of what the Challenge is all about.

You will find stacks of information on the various challenges on offer this year and next – including off-roading in Morocco, and destinations such as Banjul (Gambia), Timbuktu (actually Bamako in Mali, but it sounds better!), The Silk Road and Murmansk in Northern Russia on pages that look like old parchment maps.

The comprehensive booking form features a question and answer section, ensuring entrants are left in no doubt as to what it is they are committing themselves to.

Nothing better illustrates the experience and the camaraderie of taking part in the challenges than the photographs and videos taken by participants over the years. Optix have not only built in a slide-show facility for still photographic memories, we also embedded YouTube on the site to show inspiring videos of previous trips.

At Optix Solutions we understand how important it is that a website is not only great to look at and simple to use, but that it consistently reflects the unique identity of the business or organisation.

With the constant flow of new technical and design innovations available to website designers, it is all too easy to get bogged down in the minutiae and lose sight of what it is your trying to convey.

Posted in Company News, Design, Development, News, Online Marketing | No Comments »

« Older Entries