Major credit card issuers created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when companies process, store, or transmit credit card information. For a more defined definition of PCI Compliance be sure to read our blog article.


If you run credit cards, eventually your processor may ask you to prove that your website is PCI compliant. PCI compliance is just a simple security test. The credit card processor wants to ensure that there are no glaring vulnerabilities that would allow hackers to access sensitive data regarding your users' credit card information.

In this article, we're going to take you through the steps of PCI compliance and let you know what to expect.

The process of PCI compliance testing is usually an annual process and is required to prove certain security parameters based on the server and programming you use for your website. Alternate Image's websites are written in Cold Fusion, a language made by Adobe.

To achieve PCI compliance, your credit card processor has a PCI vendor (of their choosing) run a remote scan of your website. After the scan, there are usually always a few items (vulnerabilities) that need clarification. These items are appealed through the PCI vendor and then declare you"PCI compliant"....for this year. Yes, you read that right. Once you get a PCI request, it's something that has to be done every year.

The reason they need clarification is because they simply can't see much with their remote scans. For example: if your website is written in ColdFusion, you always get a couple standard ColdFusion specific"vulnerabilities". If the website were written in PHP, you would get the standard PHP vulnerabilities, and so on. These vulnerabilities are not seen through the scan, therefore, they require an appeals process to clarify and confirm that security measures are being taken care of.

An example of a Cold Fusion"vulnerability" is"Predictable Session IDs". To resolve this issue,
we simply run our servers with"J2EE session variables". The PCI vendors are even nice enough to tell us what the solutions are. Adobe (the makers of ColdFusion), published a tech note specifying what to do in order to ensure PCI compliance. It is literally a checkbox in our ColdFusion administration panel. But because the PCI vendor is scanning remotely, they cannot verify whether this box is checked or not. This is why there is a PCI appeals process.  

You will receive a login to your PCI vendor's website. Here we can see whatever"vulnerabilities" they have found and can resolve them through the standard appeals process of each one. In the case of the"Predictable Session IDs", we confirm for the vendor that we are, in fact, running J2EE Sessions and we point them to the Adobe tech note. Problem solved. This is how each vulnerability is handled and therefore each vulnerability is resolved.

Unfortunately, this is not a onetime process. Because PCI is continually requiring and monitoring websites for these vulnerabilities, each year they will be scanning and each year we will be following the PCI appeals process to resolve the vulnerabilities found.

This is not something you should be alarmed about, however it is important you are informed. We have found some PCI vendors to be more difficult to work with and therefore we suggest TrustKeeper, whom we work with exclusively. TrustKeeper is a certified PCI compliance provider for all credit card companies. They have proven to respond regularly and timely. If the PCI vendor does not respond you will continue to receive messages that you are not PCI compliance which can result in additional fees and frustration.

If you have any questions about PCI Compliance please do not hesitate to call 386-760-1774.

In addition to hotels and custom websites, we also do websites for Realtors. Our real estate website applications include the listing of properties from the Multiple Listing Service, a customer Wish List and more. Previously, we had to develop and host the Realtor's website for them to make use of our Realtor applications. With the advent of WorldRETS and SnipApps technology, that is no longer necessary. If you have a website already but would like to add a RETS feed, we can help.

Often, Realtor websites are pretty simple or have limited functionality due to the sheer cost. WorldRETS specializes in providing enterprise-level functionality to Realtors that don't want to pay development costs for a new website and deal with the pain of switching webmasters.



To do this, WorldRETS utilizes SnipApps technology. What is SnipApps? A SnipApp is simply a single snippet of html code. Put this code anywhere on your site and it can generate customized property listings, forms or whatever else we offer. No need to switch webmasters, no need to install anything complicated, no need to change the look, feel or functionality of your existing website. A SnipApp is completely standalone.

What Can SnipApps Do?

We have created SnipApps that perform a wide variety of Realtor functions. There are SnipApps that list properties in an interactive Data Grid or a Carousel, SnipApps that create search boxes and wishlist boxes and so on.

The Listings Snippet  is the central WorldRETS SnipApp. It is a customizable list of properties pulling from the MLS (Multiple Listing Service). A Listings Snippet can be a standard Data-Grid or a Carousel. A Data-Grid is a straight list of properties that can be sorted or searched. For our current realtor clients, you would recognize the Data Grid as what you currently have on your property.cfm page. A Carousel is simply a slide show of properties.

Data-Grids are a central part to any realtor website. They stand alone, but can also interact with search boxes and wishlist boxes on the same page. All you have to do is put a Data-Grid Listings Snippet and a search box on the same page and they will work together as though they were made specifically for your site. No extra fuss necessary!

The best part about SnipApps is that they can be customized in look and feel. If you want a Data Grid that only shows commercial properties, you can create a SnipApp that does just that through our Listings Builder. From there, you can customize the look and feel by selecting one of our predefined skins, to make the SnipApp more closely match your site.

- John Peron
Sr. Programmer,
Alternate Image


 

Have a support question?

Many commonly asked questions can be found in our AI support desk knowledge base at www.AIsupportDesk.com. Simply log in with the same email address you use to send tickets, if you do not know your password you can choose the 'Lost Password' option located above the login field to have your password emailed to you.

Once you have logged in you will see the knowledge base located on your left.Click on this to see the different help articles and support questions.

We are always updating the knowledge base so that our clients can find answers to commonly asked questions. If you have a question that was not answered by any of the articles in the knowledge base you can send in a support ticket by emailing help@aisupportdesk.com or by logging intowww.AIsupportDesk.com and selecting 'Submit a ticket'.

What to Include in your Support Ticket:

Name

Phone Number

Email Address

Your website

Your support issue

The exact url for the page you are having an issue with

What browser you are using (ex: Safari, Internet Explorer8, Firefox, etc.)

Please be as thorough as possible so that we can better troubleshoot and solve your issue. If you are just submitting a ticket for simple graphics updates be sure to include the file attachment and the url for the page you would like this to be applied to.

If you are submitting an excel file to import users to your database for an email, be sure that your excel file is in the proper format (see 'How Do I Import Users to My Database') and that you mention any special user groups you would like created for this list. If no user group is mentioned the list will be uploaded to the general 'user' group. Keep in mind that lists may take a few hours to upload depending on their size. Please plan ahead when scheduling email blasts to accommodate for this time.

For general requests please allow 48 business hours for tickets to be completed.

Thank you for using the AI Support Desk and Knowledge Base

-AI Staff

Major credit card issuers created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when companies process, store, or transmit credit card information, whether it be a brick and mortar or an online business. All members of the payment card industry must comply with these standards if they want to accept credit cards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.

PCI Compliance applies to all businesses or merchants, regardless of size, who acquire banks, are independent sales organizations, processors, hosts, shopping carts, e-commerce and retail merchants. All merchants who store, process or transmit card holder data must now be compliant. You may refer to your merchant bank for specific validation requirements.

A SSL (Secure Certificate) is not a valid PCI compliance requirement. Its purpose is to secure connection between customer's browser and web server, as well as, validation of a Website organization. To be PCI compliant you must protect credit card information.

To satisfy the requirements of PCI compliance Alternate Image has a registered account with TrustKeeper, a certified PCI compliance provider for all credit card companies. TrustKeeper has validated the compliance of the majority of service providers listed on the Visa and Mastercard websites.

We have also passed compliance with Security Metrics, but work exclusively with TrustKeeper.

Alternate Image stays up to date on all PCI compliance regulation changes. If you receive a notification of non-compliance, this does not mean your website is insecure. Please notify us immediately and we will work towards resolving any data security vulnerabilities.

If you have any other questions regarding PCI Compliance please feel free to contact us anytime.

The FTC recently released new rules at the end of 2009 in an effort to police businesses using social media or online ads that appear to be created by a user not affiliated with thier company. Overall, the FTC is trying to enforce that all blogs, social media, advertisements, reviews and testimonials that promote a brand or company must disclose within their advertisement, blog, or profile that they are being paid or receiving compensation from that company.

If you are paying or in anyway compensating an advertiser or third party contractor to write blogs, reviews, or promote your brand or company online, it needs to be disclosed to readers.

The FTC is enforcing this by issuing steep fines to those who do not heed their new rule. It will be almost impossible for the FTC to enforce this rule for all advertisers due to the amount of online content, however we expect them to focus on SPAM sites and national brands that use bloggers and social media contractors to post positive reviews about their products or services. We will just have to wait and see how serious the FTC is about enforcing these new rules and how the Internet marketing will adapt to the new disclosure requirements.

Want to read more? Click here to read Attorney Mike Young's blog post about the FTC rules and download his guide to the FTC rules and regulations on affiliate marketing.

Tips for Successful Email Blasts

Creating your email list

• Download a blank user spreadsheet form. To upload emails to your website database, download the blank user spreadsheet from your website.In your admin area click Security and Dashboard. On the left under Export there is a link to Download Blank User Import Spreadsheet.This is what you will use to add your new users to your website database. Duplicate users will automatically be removed from your database and unsubscribed users will stay unsubscribed. At this time, to import users you must send in a ticket to help@aisupportdesk.com and attach your user Excel file (.xls).Be sure to include your website name.The new AI mailer will allow users to upload their own database without using the ticketing system.

• Make sure that your database has opted in to receive your emails. The CAN-SPAM Act requires commercial e-mailers to honor unsubscribes and only email to addresses who have opted to receive emails from your business.Make sure that everyone on your database list has opted in or is familiar with your company (ie: employees, vendors) and that if they have given you their email address that they have agreed to opt-in to receive your email newsletter.When users sign up online or book hotel reservations, they are given the option to opt-in to the newsletter.

Designing your email

• DO NOT make the entire email one large image.SPAM filters look for emails without any body text.Be sure to add the proper amount of text and images to keep from getting marked as SPAM.

• Keep the width to about 500-600 pixels.No more than 600 pixels wide! Typical email windows only open to about 540 pixels, with preview panes showing only 200 pixels or more, so keeping your email design width below 600 pixels will ensure that viewers can see it in their inbox. If you are using the AI mailer composer, this will automatically create an email in the correct size.

• Use a simple layout.Every email application reads and displays HTML emails differently.What works in one application may display poorly in another. Avoid using complicated layouts with too many embedded tables, columns, and rows.Use a table with two columns and one row across the top for your layout.If you are using the AI mailer composer this will create a simple email for you.

• Be careful using CSS.Most CSS will not work in email applications and your body text will show up unformatted.

• Always give users a way to unsubscribe from your emails.The AI mailer will automatically remove unsubscribed users receiving your newsletter. The users will still be in your website database (viewable under security>users), however they will be unchecked to receive your newsletter.

Email Content

• Link back to your website.If you are mentioning a special, create a link to your website page that has the details about that special. If you have images in your email, include a link to your photo gallery so that users can view more. To create a link in the AI email composer, highlight your text, click on the link icon in your text editor bar, and enter in the website address for the url field. Be sure to change the setting so that the link opens in a new window - this way users will not leave your email to view the link. Using the hyperlink feature allows you to link back to your website or specific pages in your website without showing the full address.You can have text like 'See more photos of our hotel' and create a link to your website gallery rather than showing 'See more photos at www.yourwebsite.com/gallery.cfm'.This is easier for users to read.

Be sure to check all links before sending out your email blast and make sure that the link sends users to the proper address.

• Do not use Flash, Javascript, ActiveX, movies, etc. in your emails.These types of files are not able to be viewed in most email applications and are blocked by anti-virus applications since they have been used in the past to spread viruses.

Tracking Your Email Blast

Most marketers want to track their email campaigns to see how many people opened the emails, how many bounced, and how many clicked through to their website.The overall goal of the email is to get people to open them, read the information, and then click through to the website.

• Create a duplicate home page and link this to your email blast. Go to your admin area, click on the CONTENT drop down menu, select LANDING PAGES.Click on the green button in the upper left hand corner to ADD NEW PAGE.

Select landing page.

Add your page name - this will be the url and will be visible in the address bar.

Click COPY MY HOMEPAGE.

Hotels: If you are using a promotional code in your email blast, by entering in the code this will be pre-populated in the page that you are creating so that customers will have the code already filled out.

Do not click anything for security, as you will want this page to be accessible by everyone.

Click Submit.Your new landing page has been created, this will be a duplicate of your home page. Use this new url to link to in your email blast.You can see how many people clicked through from your campaign in your Google Analytics.Google Analytics will break down the amount of visitors for each page within your site, this is how you can see the amount of people who clicked through specifically from your campaign.

• To see how many emails were opened and successfully delivered.Go to your admin area, click on Mailer>Archived Mail. From there you can see which emails were sent, the amount of people sent to, how many bounced (the email addresses were incorrect or no longer working) and how many emails were opened.

Avoiding SPAM filters

SPAM filters look for specific trends within an email to determine if it is SPAM or not.Your email receives points for each SPAM-like offense it commits. If you

Here is a link to the full list of red flags that SPAM filters look for:

http://spamassassin.apache.org/tests_3_0_x.html

• Do not use URL shortners.These have become popular for Twitter but they should not be used for email blasts.Gmail is now blocking emails that have url shorteners because spammers are using them to disguise the website links that they are sending out.

• Avoid words like 'CLICK HERE!' or 'WHY PAY MORE?'SPAM filters assign points to these phrases. Other words and subjects to avoid:

-Talking about money

-Breakthroughs of any kind

-Mortgage-like sales pitches

-Anything with 'urgent matters'

-Money back guarantees

-Overuse of exclamation points

-Using all Caps in the subject line

-Using one large image and no text in your email

-Using the word Test in the subject line

• Check your open rate and bounces. A normal open rate is 20-30%, if you start seeing a sharp decrease in your open rate it could be that your emails are going to the junk folder.If you have a high amount of bounces, this could also mean the same thing.

Good luck on your email blast!

-Alternate Image staff

Hotel reservation software has changed alot throughout the years. In the late 1990's if you were at a hotel and wanted to take reservations online there

were few options you had in software. Companies like Worldres dominated not only the market but your pocket book. There were no flat fee booking engines. Percentages of 5% to 10% were common.

As the internet became more main stream and users were booking online, hotels revolted. Flat fees solutions emerge. Since 1998 Alternate Image has always offered flat fee reservation software. We were hoteliers during those early days and remember the checks written to booking engine software companies in excess of $1800 a month.

In today's market you should look closely not only at pricing obviously but at the features your online hotel reservation software provides compared to the competition.

Here are a few of the features that be Open Hotel online reservations software provides and how it compares to others on the market.

*Does your software reside on a URL connected to your website such as book.yourhotel.com or does it click off to a third-party? If it clicks off to a third-party remember a couple of things. First, Google does not give you any credit for the content on your booking engine if it clicks off to a third-party. Second, consumers feel more confident remaining on your site. And lastly, if you discontinue service with your hotel reservation software company you immediately lose all links that you have created. If you're online booking engine resides on a subdomain of your site your webmaster can always redirect links if necessary.

*Does your hotel booking software allow you to create dynamic packaging? Consumers want to not only stay and hotel but they want to know what is available to do while they are at the hotel. All packages may not be booked often dynamic packaging is a great way to showcase things to do.

*Do your online reservations have the option and the flexibility to work the way your property does? Can you do length of stay discounts, advance booking discounts, promotional codes, free night discounts, and have them all work together?

*And finally is your hotel reservation software available and affordable flat rate with no percentages with amazing customer support?