A Look Ahead: Some Interesting Deadlines
Red Flag Policy
Do you need one?
Identity theft and credit account abuse are large problems. They are one reason PCI compliance is such a big issue in the e-commerce world (see following story). The FTC has passed a Red Flag Rule (enforceable June 1, 2010) that is also meant to add protection and control for securing sensitive personal information.
If your company collects or manages personal information about your customers, you may need to have a Red Flag Policy in place by June 1, 2010. What this policy does is identify ways you would be alerted to potential fraudulent use of an account or identity and what you would do about any such alerting situations. The Federal Trade Commission set up these rules primarily for financial institutions and creditors. But any company that deals with personal information, even if it is at low risk for identity theft, may be considered covered by the rules.
The FTC has a web site that explains how the rule applies to businesses, how to decide whether you are at high or low risk, and even includes a template for writing a Red Flag Policy. The Red Flag Rule itself is recorded in the Federal Register, Friday November 9, 2007, starting on page 63717. Multiple delays in enforcing the rule have intervened and the current enforcement beginning date is June 1, 2010. The FTC web site includes links to the rule and to FAQs for businesses.
If your company might fall into the “covered” category and if you do not already have a Red Flag Policy in place, you might want to take a look at the FTC web site. They have made what could be a very dense and technical dissertation quite readable and understandable.
July 1, 2010
Is this a date you need to be ready for?
If you have an online store and you accept credit cards for payment, 2010 is an important year for you. There is a July 1, 2010 deadline in the Payment Card Industry mandates. If you have not yet heard from your merchant bank on this topic, you can expect to hear from them soon.
We have talked about PCI compliance here before. It is a complex issue. The rules that apply to the online retailer are summarized in many places, including on our site.
One of the crucial pieces to remember is that it can take some time to get the required infrastructure in place to meet the requirements. If you are not already using PA-DSS certified e-commerce software, you will want to consider doing so. PDG Commerce version 5 is PA-DSS certified. Version 4 (and Shopping Cart) are not. It takes some time to schedule an upgrade to a new version. It takes more time to move from one shopping cart software package to another.
Your hosting platform may also need to pass external security scans. Our VPS family of plans can be made PCI-compliant. Our Signature family of hosting plans cannot. It takes some time to schedule and complete moving a site from one host to another.
So if you are thinking about PCI compliance requirements but have not done much about it yet, call us to talk about your plans. We can help.
Wishing You Happy Holidays
Each of us here at HTN sends out a bucketful of good wishes to you this holiday season. May your homes be warm, your visitors delightful, your travels safe, and your meals delicious. And may the New Year find us all rested and refreshed.
Customer Site News
This has been an extraordinarily busy month with several sites pushing toward launch. We will take a look at them in next month’s newsletter. For this month, we have two sites with unusual architecture to talk about.
When Edge of Urge installed the Profits Plus Wishlist., it was a challenging installation because the site does not actually use PDG Commerce templates on their product pages. This made feeding the wishlist the information it needed a bit more work than usual. But it works. Check out the site for its really unusual and arresting look, as well as its merchandise.
Stamp A Mania is a site that has a sub-store with an entirely distinct appearance inside its main PDG Commerce installation. Posh Rubber Stamps is a separate product line. You can browse the Posh products either from the poshrubberstamps.com entry point or from the Posh dropdown menu on the stampamania.com pages and, at the point that you add something to your basket, you are in the main Stamp A Mania store. Up until the basket page, though, you are in a distinctly Posh-themed store. You can mix products from both stores in the same basket. If you are in the need of any sort of stamp-related crafting supplies, you’ll love this site.