A QR Code generated by WeChat

A QR Code generated by WeChat

Since I switched jobs last year, I’m now managing a marketing team with team members in the UK and one in China. It’s been very interesting to learn about marketing in China and what works and doesn’t. It’s been a big shift from higher ed, but one I’ve enjoyed learning about. I’ve only scratched the surface so far, and I know I have much more to learn over the coming months and years.

What has surprised me is that with the rise of social mega-services like WeChat, one technology that never quite caught on here continues to explode there.

That’s right, our friend, the QR code.

The sad, maligned QR code. The things that’s had books written about it.

What’s been at most a novelty here, is serious business there. It’s not just for social either, QR codes are everywhere in Asia, and China especially. If anything, the demand for them is rising.

We’ve been using them for awhile, but they are a key part of our messaging in that region of the world. We put them on some printed materials, and we made favicards at Jakprints this year with a QR code that takes users to our brand’s WeChat page. Jakprints even tweeted them out:

Last night, my father sent me a picture from a McDonald’s in China where he’s travelling for business. Yes, the self-ordering and payment kiosk could be a post about the coming change in employment due to automation, but also pay attention to the QR codes prominently displayed on the side graphics. I don’t know where that QR code leads, but they’re not going away in China anytime soon.

Editor’s note: Many of our college and university web sites accept credit cards for many reasons. It could be online gifts, tickets or event registrations, even tuition deposits or payments. We all buy things online with our credit cards. Once you hit that purchase button, what actually happens and what are the steps and players that work to put the actual money into your account. This post looks into that.

If you’re an online business, odds are your business wouldn’t be possible without credit card transactions. Most of the convenience and speed we associate with online purchases are thanks to the infrastructure behind credit card processing. This makes it possible for payments to be received almost immediately, and is a big part of the reason why online spending is increasing all the time. Your customers send their credit card information, their payments are approved, you get your money, and you send the products. All of this happens in a matter of moments, regardless of how far apart you and your customers are. Even though the process can seem like magic, there’s an extremely complicated process involving numerous parties, and it’s important for businesses operating online to understand that process and the role they play in it. Knowing how the process works not only makes you better informed when your customers have questions, but it also can help you control certain processing fees. All businesses are subject to credit card processing fees, but understanding the processes behind them may allow you to negotiate them or avoid them altogether.

In addition to you and your customers, credit card processing involves a number of financial institutions and service providers. These include the banks that issue the credit cards; the processors that serve as intermediaries between the banks and the credit card associations (Visa, MasterCard, etc.) that establish the rules; the merchant account providers that manage the actual processing; and the payment gateways that provide the “virtual terminals” that capture the credit card data during the online checkout process.

The process is broken down like this:

  1. The customer enters his or her credit card information into the secure online checkout form.
  2. Through the payment gateway, the merchant captures the credit card information.
  3. The merchant sends that information to the credit card processor that then sends that information to the appropriate credit card brand association.
  4. The credit card association then confirms the transaction with the customer’s card-issuing bank.
  5. The card-issuing bank either confirms or declines the purchase, and notifications are sent to all parties. This all happens within moments of the customer submitting his or her card information.

In addition to the fact that you and the customer never meet face to face during an online transaction, processing credit cards through an online purchase differs from an in-person, point-of-sale transaction for two key reasons: The first is the involvement of the payment gateway, which takes the place of the point-of-sale credit card terminal equipment during the transaction. For brick-and-mortar merchants, the terminal is either rented from merchant account providers or purchased by the merchants.

The other key difference for online merchants is the presence of the address verification fee, which is assessed for online transactions because of the extra level of verification required when the physical credit card is not involved in the transaction. This is just one of many fees merchants can incur on every credit card transaction. Some of them are regular fees that occur monthly, others occur on a per-transaction basis, and others are incurred only under certain circumstances.

No matter how often your business conducts transactions with customers through e-commerce, understanding the fees you may be subject to — as well as your options for paying them — is essential in helping you avoid racking up more fees than you should be paying. The guide below explains many of the most common of these fees, as well as the payment structures available to online merchants. Review it and you’ll come away with a better understanding of how complicated all of those simple e-commerce transactions really are.

How Does Payment Processing Work?

Author bio: As Vice President of Sales at Performance Card Service, Matt Wollersheim’s focus is on general marketing, client relations and development of new processing channels. Performance Card Service provides high-risk payment gateway solutions. 

Editors Note: I’ve been writing a lot about application and web security quite a bit lately, and that’s on purpose. There’s never been more attacks on our personal and private information.  These attacks are comging from not only lone hackers but also from state-supported groups and intelligence agencies. This guest post gives a good overview of what’s been going on and a little on the tactics we can take to combat these activities. This isn’t an exhaustive treatise on how to secure your applications. It’s more an intro course on the topic. It’s a springboard for you to dive into this vast and quickly-evolving world.

Application Security — Cutting Edge Or Critical Failure?

How secure are your applications? While you might be confident about apps designed in-house, what about third-party software for desktops or mobile apps made using open-source code? Are current application security methods doing enough to meet the threat of cutting-edge cybercriminals, or are companies facing critical failure?

Continuing Compromise

At the beginning of March, information-sharing site WikiLeaks published what could be the largest release of CIA documents on record, if the 7818 pages and 943 attachments actually belong to the spy agency.

Non-denial denials aside, however — according to spokesman Don Boyd, “We do not comment on the authenticity or content of purported intelligence documents.” The released data contains a number of application attacks that could presumably net access to almost any device around the world. For example, some files contained instructions for compromising computer applications such as Skype, commercial antivirus programs and even PDF files. Applications such as “Wrecking Crew,” meanwhile, could crash targeted computers while others claim the ability to breach both Apple and Android smartphones, in turn bypassing the encryption offered by tools like WhatsApp, Signal or Telegram. It doesn’t stop there, though. A program code-named “Weeping Angel” — which the documents claim was developed in partnership with British intelligence — supposedly used Samsung smart televisions to listen in on conversations even when the device appears to be turned off.

There’s also another level of concern here: An authentic leak means that even CIA servers and storage solutions aren’t of reach for interested hackers. If the vaunted spy agency is at risk, what’s the downstream consequence for the average application or device?

Emerging Threats

While the WikiLeaks story may be top of mind given its high-profile target and potentially dangerous app attacks, it’s not exactly an outlier: Applications across multiple industries and government agencies are now under threat.

Consider the rise of connected-vehicle applications. Recent research suggests that Android-based connected car apps could be easily hacked if attackers gain access to rooted phones or convince users to download malicious files. Once in control of the car app, cybercriminals could leverage the tool to gain physical access without setting off the alarm. Seven of nine car apps tested were vulnerable. Research firm Kaspersky noted that the problem didn’t stem from code flaws but a simple lack of defense. According to security researcher Victor Chebyshev, these apps are “controlling very valuable things for the user, but they’re not thinking about security mechanisms.”

North of the border, meanwhile, the Canada Revenue Agency (CRA) was forced to temporarily shutter its online services and mobile applications after a vulnerability was discovered in Apache Struts 2, an open-source software tool that is widely used by government and private sector agencies alike. While there’s no evidence of lost or stolen data, it’s a sobering reminder that even popular (and presumably well-tested) applications can put companies at risk.

The Speed of Security

As noted by Dark Reading, the recent CIA breaches, vulnerable industry apps and open-source issues make the case for app security as “pre-industrial,” since it lacks the ability to handle attacks at scale, focuses mainly on vertical threats, and includes a “vast landscape of tools and point solutions.” Plus, without effective standardization and specification, these tools are ad hoc at best and may not successfully address the accelerating speed of security threats.

Top Tactics

The first step in shifting app security from critical failure to cutting edge? Identifying key threat vectors. For example, both DoS and DDoS attacks are on the rise, with 53 percent of security pros saying these threats are among their top concerns. In addition, 60 percent of apps are vulnerable to SQL injection, allowing hackers to gain access and take control. More than 50 percent of web applications still allow cross-site scripting (XSS) attacks. Companies aren’t doing themselves any favors when it comes to design and testing, with stock permissions and APIs opening the app door to hackers even as timid testing of apps assumes that internal code offers superior protection.

Bottom line? Apps are vulnerable and software security isn’t keeping pace. Pushing app protection into the present demands a hard look at current targets and a better understanding of top application threats.

For more information on application security threats and how to handle them, review the accompanying slideshow from Column Information Security.

Author bio: Nori De Jesus is Global Director of Marketing at Column Information Security. De Jesus brings more than 20 years of experience as an advent marketer and business strategist working with software manufacturers and launching proprietary software solutions into the market. With expertise in BPM and case management B2B marketing, she focuses on innovation and making a difference by maintaining agility as the technology climate continues to shift. De Jesus is an evangelist in educating buyers through their technology-purchasing journey via content and research.