The new document, which has outlined the minimum security standards for online stores since 2008, will be familiar to any ecommerce business processing card payments via their website.
In the aftermath of recent SSL vulnerabilities, mainly the BEAST and CRIME exploits, the way in which your server processes HTTPS requests is now under scrutiny.
The good ol’ trusty lock symbol you see in your browser’s address bar when you access a secure page, is no longer an indication your data is encrypted to the new PCI standards.
I have a SSL certificate, does this still affect me?
When you visit a “secure” page on the internet using HTTPS, the method in which the data you send and receive is encrypted will depend on your operating system, and browser.
If you’re using the most up-to-date version of Google Chrome, then most likely your request uses the secure TLSv1.2 protocol. However, if you’re using an older version of Opera or Internet Explorer, you may be using a potentially weaker protocol such as SSLv2.
What’s new in PCI 3.1?
The latest round of requirements in the PCI DSS document state the following;
SSL and early TLS are not considered strong cryptography and cannot be used as a security control after 30th June, 2016.
What’s most worrying about the new standards, is how far behind browser support is for the new PCI compliant protocols.
At some point soon, you’re going to have to make a very difficult decision: Do I comply with the PCI guidelines even if this means losing customers who use older browsers?
Quite simply, by disabling TLSv1.0, any customers using one of the following browsers would not be able to access the secure pages of your website;
Oldest version not to support TLSv1.1
Google Android OS Browser
Microsoft Internet Explorer
Microsoft Internet Explorer Mobile
Apple Safari mobile
That’s right folks, to remain PCI compliant users on browsers as late as Internet Explorer 10 will no longer be able to access your site. Eeek!
How to disable non-PCI protocols
If you’re not on managed hosting, configuring your webserver to only accept TLSv1.1 or above is quite straight forward. On Apache 2.4 for example, simply remove unwanted protocols using the ‘-‘ option in your config directive;
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
We hope this helps! If you’re unsure of your website’s current setup and whether you might be falling foul of the new PCI guidelines, try the handy tool over at SSL Labs.
If you’ve already signed up for one of our monthly blog packages and your site is running on WordPress, you can now choose to auto-publish posts.
This nifty new feature relies on the Copify Plugin being installed, version 1.0.3 or higher. Once your blog posts are complete, we’ll give them a proof read, create an engaging title, and publish straight to your blog.
Need something a little different?
As of today, you can also create a completely custom package on your account.
Any number of blogs per week at any word count you desire. From the packages page, go to “Advanced”.
Once saved, your new custom schedule will be available when editing or creating a new blog package.
We’re constantly deploying new features to Copify.
Some are small updates that users are unlikely to notice. Others, where changes to the user interface are involved, require a bit more care and attention to make sure things are hunky-dory when it comes to cross-browser compatibility.
Let’s face it – the Internet is a mess. There are so many different browsers and devices, ensuring that your web-app works on all of them can be a bit of a minefield.
Thankfully, most modern browsers play nice, and all render HTML & CSS pretty much the same way.
Oh wait, no. They don’t. Do they, Bill?
Many agencies and web developers have fought hard for a long time to “convert” as many people as possible away from Internet Explorer, and with recent stats on browser usage it looks like it’s not all been in vain.
However, we still have a significant number of visitors using older versions of Internet Explorer (mainly IE6 and IE7) causing us headaches. One of the biggest headaches is testing.
If you’re on a Mac, or running Windows 7, you can’t just download IE6 and see how your site looks. You’re going to need XP.
In this post I’m going to show you how we use a virtual machine to test these older pesky browsers.
All you need is Windows 7 and a few gig disk space going spare.
Ready? You were born ready!
Windows Virtual PC
Head over to Microsoft’s website and download Windows Virtual PC. You don’t need “XP mode” so you can skip this if you like, just make sure that you select the correct version of Virtual PC for your machine and operating system.
Once the download has finished, have a bash at installing. You’ll figure it out.
I need to test IE6 and IE7 on Windows XP so I download the package called “Windows_XP_IE6.exe”.
The disk image comes with Windows XP and IE6, and also the installation files for IE7.
However, once you’ve installed IE7 you can’t run IE6 again. So make a copy of the first image, rename it and use this for IE7.
Fire up Windows Virtual PC
First off, select which image you want to run.
Right click on the Windows XP VMC and enter “Settings“. From here you can choose which image to use. Change the setting for “Hard Disk 1” and browse for your disk image.
As with many Microsoft products, there is some kind of annoying, inexplicable problem with its use. In this case, it’s the fact you are presented with an impenetrable login form.
To get round this, choose “Disable Integration Features”. No idea what this does, but it gets you to login screen that works!
You can now login with the username “IE User” and the password “Password1“.
You’ve now traveled back in time and are about to experience the wonders of 1990’s web browsing. I suggest playing some classic Nineties pop tunes while you test to get the the full effect.
OK let’s Brogram this Mother until all the horribleness is gone. Done? Great!
We’ve made our fixes to ensure IE6 users get the best browsing experience, and we’re now ready to do the same for IE7.
If you never wish to use IE6 ever again in your life (highly likely) then just run the IE7 install.
Unfortunately for me I may have to revisit good ol’ IE6, so I just reconfigure Virtual Machine to use the image copy I made earlier. I’ve renamed them so I know which is which.
Again, work your magic and fix all the nasty codez with some CSS hacks.
If like us, you’re using Git (What? You’re not using Git? Why not?) this is a good time to commit your changes and wave and scream at your boss, hinting you’ve made your website look great for pensioners and public sector workers across the country.
Having problems following this guide? Tweet now or forever hold your forever hold your peace.
As an internet business here in the UK, it’s easy to feel a little distanced from all the champagne and pop enjoyed over in the USA.
Apparently, while you’re based in The Golden State you can throw together a small, loss making product and within a few months have acquisition offers bigger than Pete Burns’ face.
Before you know it, you’ll be zooming around Palo Alto on a Segway wondering what quirky snack to put in the office vending machine next.
Back in the room. Look out of the window, it’s raining. In a few days it’ll be July, yet it feels like November. You’re on your third cup of Yorkshire tea. The only thing more distracting than the fluorescent lighting above your desk is the piercing sound of Fearn Cotton’s voice on the radio as she queues up another awful pop song for the 400th time this week.
This is Lancashire. You’re a million miles from Silicon Valley.
Back int’ day, when your business needed to buy some equipment, or had to hire some sales people, you attacked your best pair of Clarks shoes with a tub of Kiwi and headed down to Barclays to meet with bank manager “Graham” for a chunky loan.
Hang on…I have to pay it back?
Web startup, meet British business culture. Things are different here in Blighty. A black hole in computer science skills, and a relatively young industry (10 years ago using your credit card online was pretty much the scariest thing known to man) which means that Graham is going to laugh you out of the door when you pitch him your far fetched idea of a new “social media portal”.
But there is an alternative, you’ve got a killer idea and your numbers are crunched. You’re itching to launch your startup on a shoe string… here’s how.
Find a partner
If you have all the skills to pay the bills, great you’re all set. But lets face it…you don’t.
Every aspect of your new venture is going to require a skill and focus in several areas: sales, marketing, design, programming, hosting, accounting, packaging, ordering pizza at 2am, customer support. The list is pretty big, and at a stretch you can cover 2-3 of these areas really well.
Usually folk are in one of two categories: Commercial or Techie.
Do you like trying your hand at building websites? Obsess over the next bit of cool software that will make your life easier? Spend most of your time on Stackoverflow? You’re probably a Techie.
Are you good with people? Confident on the telephone? Know exactly how you’re going to work through your list of contacts to grow the business? You’ll be better at the commercials.
Decide which glove fits you best, and find someone to wear the other. This is your new partner.
You now have a basic two person team that can cover almost every area of your business, and if there is still something neither of you can do, one of you learn.
Try to go things alone and you will quickly be overwhelmed, your attention will be spread too thin and you’ll more than likely burn out in a matter of months.
It’s by no means impossible, but working alongside someone offers invaluable support in areas that could take you precious weeks to get up to speed with.
“Never work with friends” is a myth
The reason people say this over and over is that they chose the wrong friend. How could it be worse than working with the wrong stranger?
When we launched Copify in 2010, I was already good friends with my new business partner Martin, and we immediately had our first issue. Who’s going to build the site?
Me being the Techie, the responsibility lay with me. But hang on, what the hell are YOU going to do while I build the site?
Well obviously, Martin had no product to begin his side of the work with, you can’t start marketing a half finished product so this in itself could have been the first fall out.
From Martin’s perspective, he had chosen the right partner: I didn’t expect more of a stake or to be awarded somehow for my work while he had nothing to do.
I too had chosen the right partner: Any outside issues which were a distraction from the initial site build were taken care of, not quite as time consuming but equally as important for long term success.
The scenario of “I’m doing more than him/her” is a common pitfall which can mean your startup may never get off the ground.
Hang in there and take the rough with the smooth. Do you think the late Steve Jobs, who owned a 50% stake in Apple, refused to do a bit more than others every now and again?
No. That’s what made him a great CEO. He rolled his sleeves up and got stuck in. You’re going to have to do this too. Sometimes you’ll have to do more than another Director. Suck it up.
Working with a friend also means you’ll enjoy what you’re doing, you weren’t just in this for the money, right?
We’ve worked hard, too hard sometimes, argued: sometimes intensely, and on occasion may have needed a break from each other. But fuck me have we laughed. We’ve actually cried laughing at times. Working with a friend can be very rewarding.
You don’t have a clue
Neither did we. It’s OK, its normal.
Unless you have successfully run the exact same business model before, you’re about as useful as a ham sandwich at a Bar Mitzvah.
We didn’t know where to get customers, we didn’t know where to get copywriters and we certainly had no idea how to make the idea work financially.
The key to surviving this period is to take small steps based on your common sense, something you’ll need to trust implicitly.
Do you start cold calling potential customers, or work on refining your product? Should we put together an AdWords campaign, or explore some free alternatives first? We’ve got a huge bounce rate on our registration page, do we split test it with another layout or let people signup with Facebook instead?
All these little questions will crop up, all will be unique to your business, nobody has had to make the same judgement call with the exact same factors you are facing, so take advice with a pinch of salt no matter how experienced you think the person is.
You’ll make some small mistakes, and you’ll also make some enormous ones. Keep going, you’re doing it right.
You are not an entrepreneur
You’re just someone who is working hard on something you believe can work, don’t call yourself an “entrepreneur”.
People who refer to themselves as this are usually scatty, overloaded with crap ideas, have itchy feet and can’t stick something out.
Also, they are usually financially unsuccessful despite having “a name for themselves”. If you actually look in to their accounts most haven’t made enough money to cover their Chamber of Commerce subscription.
Richard Branson is an entrepreneur. You are most definitely not.
Strike while the iron’s hot
In the first few weeks you will be overwhelmed with limitless enthusiasm. Use and abuse it.
You’ll get a perverse amount of work done in the early stages, you’ll have the energy to work late and start early but recognise when this begins to fade and change your routine to suit.
Take more breaks, work less hours. Ask yourself “how much do I want to go to the office today” and when the answer gets below 9/10 take a step back, or mix things up and work on something completely different on your to-do list.
It’s addictive. Get comfortable trying new things, whether it be a new marketing campaign, new price point or a new language or framework. Every month try and learn something new which helps your business grow or reduces cost. Here are some ideas:
• Do some tutorials online and learn how to code an email marketing template, you’ve just saved yourself £100 in outsourcing costs
• Complete your tax return, you’ve just saved on accounting fees
• Learn about version control and help your Techie with small fixes to the website
Or for the Techies:
• Try something creative (like writing a blog post…hello!)
• Go to a networking event while trying not to think about what you’re missing on Reddit
• Try your hand at design or managing a customer account
You’re building your business, but you’re also building YOU as a business person.
You’re already an obsessive person. Go on, admit it.
It actually helps to be so, but think of it as a problem that needs to be managed carefully. An obsessive founder can quickly become immersed in their project and end up somewhat blinkered. Clarity of thought begins to disappear faster than Michael Barrymore after a pool party. You listen to other peoples opinion less and less.
Obsessing makes you check your email in the cinema. It makes you login to PayPal under the table at lunch. It makes you think about tomorrows big feature release while you’re on a date.
Switch off! What’s the worst that could happen between 18:00 and 08:00?
Don’t abuse the internet
Enjoy the internet by all means, but when you work online most of the day it can become compulsive. Refreshing Hacker News or Imgur every 10 minutes, or having Facebook open all day long isn’t going to land that next big customer.
The internet is fun, but so is crack cocaine. And we all know how that ends. Even go as far as blocking certain sites through your router if you just can’t handle the distraction.
The same goes for email. Do you sit with your email client open ALL day? Stop. Shut Outlook down, and do some work. Nothing is going to land in your inbox in the next 3 hours that requires your immediate attention. If it is that urgent, someone will phone.
Bad PR is better than being squeaky clean
Unless you’re a major label, nobody cares about you. Not even a little bit. Hurts doesn’t it?
So stop trying to please everyone with a faceless, neutral mush of a “brand”, you’re in business now so by default you are going to forge adversaries no matter what you do, no matter how hard you try to be “great at PR”.
You may as well put this to good use.
In our case, we saw it as any easy way to generate traffic, back-links and stir up some hype. Our product is inherently disliked by traditional, pay-through-the-nose pay-by-the-hour copywriters who see us a not only a threat but somehow derogatory to their profession.
Who better to target for a bit of link baiting?
We emailed a few of them asking if they wanted to sign up and hey presto, several contextually relevant back-links from our furious competitor’s blogs.
Granted most of the posts were scathing attacks, some even plain lies, but aside from the envious PageRank we’ve now acquired as a result, a weird thing also happened.
It was obvious we had been purposely inflammatory, but people we’d never met seemed to find this affable and on a few occasions actually defended us! Further still, we actually acquired our first 4 big paying customers directly though a blog post attacking us.
Great PR is hard. Very hard. It’s time consuming, and we were in too much of a hurry to go down that route. So we put on out troll hats and began stirring up trouble…and it worked.
This is a risky approach, we don’t actually advise you list “start a fight” at the top of your launch to-dos. The takeaway is don’t lose sleep over bad PR and if people dislike what you’re doing, you’re doing something right!
Be honest with your opinion and share enough of your company’s culture so those who do join your following have a genuine reason to do so. They’ll be much better allies!
Sleep on it
Often an idea will seem so important it’s prioritised unnecessarily, especially after a long day fraught with other issues and problems to fix. Unless business has ground to halt (or in our case) your product is offline, sleep on it and review with a clear head.
It’s too easy to knee jerk and change something because of one screaming customer, and when you do this, you’ve possibly made your product a little bit less usable for everyone else.
Don’t be a Facebook douche
There is a big difference between intelligent marketing and begging. Don’t plead with people to “like” or “follow” your company, you come across like a needy girlfriend.
So what, you’ve got 5000 likes from all these irrelevant people when in fact only 4 of them have ever paid for your product, how does that help anything?
The only thing that matters is that your offering is as good as it can be, the likes and follows will come, and they’ll be genuine.
Because put quite simply, you don’t know who you need. If you’ve been up and running for less than a year, you have no way of knowing what position to fill. At best it’s guesswork, at worst it’s trying to run before you can walk.
For a new web startup knowing what’s going to happen next week is hard to predict, so hiring what right now might seem like the “must have” member of staff could be a costly crippling mistake.
Once you can operate with a skeleton staff of the founders, you’ll have a much better idea of what the company’s needs are. By this stage you should also have enough capital in the bank to be able to afford not only their wage, but your own.
Remain profitable, take baby steps, grow slowly and successfully. After all, you’re not in Silicon Valley…