4. What “social merchandising” techniques and tools are used in eCommerce?
“Social merchandising is part of the marketing mix now used by online retailers to convert fans and followers to customers. A relatively new marketing tool, social merchandising has plugged into the potential of social media networks to influence online shopper’s decision-making process.” — Houston Chronicle
Generally we would be thinking of using social media sites such as Facebook and Twitter to engage with customers. In Magento terms, ratings and reviews, sharing wishlists, and newsletters are built-in options that allow direct engagement with customers.
5. When is SSL required when transacting data online?
First, it’s useful to define what SSL is before we determine why it’s being used.
“Transport Layer Security (TLS) and its predecessor,Secure Sockets Layer (SSL), both of which are frequently referred to as‘SSL’, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major web sites (including Google, YouTube, Facebook and many others) use TLS to secure all communications between their servers and web browsers.” — Wikipedia
WhatSSL lets us do is to send information from the customer’s browser to the merchant’s Magento site securely by using encryption. The whole browsing session does not need to take place over SSL, but any time any personal or financial information is being sent, SSL should be used.
If you’re looking into buying a cert for your Magento store, you can buy a certificate from NameCheap.
6. What is PA-DSS? When should PA-DSS be applied?
“The Payment Application Data Security Standard (PA-DSS), formerly referred to as the Payment Application Best Practices (PABP), is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN. In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).” — Wikipedia
PCI-DSS compliance comes into play when credit card information is transferred to your server. If you utilize a third party gateway such as PayPal where the user is redirected to another site for payment, your Magento site will fall out of scope. The second financial information is transmitted to the server, the data must be protected and follow PCI-DSS standards.
7. What is the process for getting a site certified as PCI-compliant?
The PCI council defines this pretty well on their quick reference quide:
Depending on an entity’s classification or risk level (determined by the individual payment card brands), processes for validating compliance and reporting to acquiring financial institutions usually follow this track:
- PCI DSS Scoping[/fusion_highlight] – determine which system components and networks are in scope for PCI DSS
- Assessing[/fusion_highlight] – examine the compliance of system components in scope following the testing procedures for each PCI DSS requirement
- Reporting[/fusion_highlight] – assessor and/or entity submits required documentation (e.g. Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC), including documentation of all compensating controls
- Clarifications – assessor and/or entity clarifies/updates report statements (if applicable) upon request of the acquiring bank or payment card brand
See the whole document here.