===========================================
LexiConn – December 2005 Newsletter
===========================================

In this month’s issue:
* Avoiding Form Vulnerabilities and Exploits
* ScanAlert / Hackersafe Offering
* Accepting Gift Credit Cards
* Happy Holidays from LexiConn!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avoiding Form Vulnerabilities and Exploits

Spammers are constantly searching for ways to send out their spam/virus messages. One way they attempt to send out these emails is by trying to exploit form processing scripts implemented on hosted websites. This type of exploit activity has increased exponentially over the last few months making it essential that any custom written form processing scripts are written securely with no vulnerabilities or exploits. If you use the form processing script formmail.cgi, offered by LexiConn, then you are not vulnerable, as this script has already been patched to avoid this type of abuse. Detailed information regarding formmail.cgi can be found in our knowledgebase.

http://support.lexiconn.com/kb/index.php?ToDo=view&questId=3&catId=15

If you are using your own custom script, then you will want to be sure that it is not vulnerable to these types of abuse. The way to achieve this is through the use of validation. You will want to check fields in the header for hard returns and extra data that hackers use to send out spam. Example code and resources that can help you do this can be found in our tutorial section.

http://support.lexiconn.com/news/viewtopic.php?t=153

If you have not audited any custom written form processing scripts on your website, you will want to do so promptly. Once a vulnerable script is discovered, a spammer can quickly send out thousands of emails through the system using your hosting account resources without your knowledge. If you are unsure about a custom script that you use for a web form on your site, please send us the web address (URL) of the web form and we can take a look at it for you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ScanAlert / Hackersafe Offering…

LexiConn is pleased to bring you a special offering in partnership with ScanAlert. The service provided by ScanAlert offers a secure, dynamic image that can be placed on your website that tells your customers that your site is safe from hackers and has been certified to be a safe shopping location on the web. Many shoppers feel more secure when they know a site they are visiting has been audited and is certified to be safe. In fact, a recent study done at the sports retail site FogDog.com showed a 5% increase in sales after signing up for the ScanAlert Hacker Safe service. In addition to FogDog.com, other Internet Retailer Top 400 companies such as The Sports Authority, Inc. and Linens ‘n Things Inc. have recently subscribed to this service. Site certification remains a key tool for boosting online conversion rates, and the Hacker Safe seal is becoming more and more recognizable on major sites, leading to a sales increase anywhere from 5-30%.

The ScanAlert service, normally priced at $179 per month for larger merchants, is now available through our partnership with ScanAlert for as low as $19.99 per month (shared hosting accounts only). Signing up is easy and LexiConn will manage all the security alerts and issues. All you need to do is place a few lines of code wherever you would like the ScanAlert Hacker Safe image to appear on your site.

More information and subscription information can be found at:

http://www.lexiconn.com/hackersafe/

If you do not wish to subscribe to this service, but are interested in maintaining PCI compliance in accordance with credit card company regulations, you will want to consider our PCI compliance offering. This service is still being offered free of charge for the first year and full details can be found at:

http://www.lexiconn.com/pci/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Accepting Gift Credit Cards…

In order to accept gift credit cards at your online store, you will need to make sure that your payment gateway is configured correctly to process these transactions. Accepting these types of cards would be advantageous to your business, as the third annual National Retail Federation (NRF) Gift Card Survey indicates that gift credit card sales will total $18.48 billion this holiday season.

The potential problem merchants encounter when trying to accept gift credit cards has to do with Address Verification Service (AVS). A gift credit card is not associated with the recipient’s billing address at an issuing bank, ultimately meaning that gift credit card transactions may experience AVS rejections.

Authorize.net, one of the top payment gateway companies in the world, has issued the following statement regarding this subject:

AVS is a valuable fraud-prevention tool that allows merchants to validate customer billing address information before accepting credit card transactions. However, to allow for the smooth processing of gift credit cards during increased holiday shopping, your merchants should take the following steps to verify, and if necessary, turn off the appropriate default AVS setting for their payment gateway account:

1. Log into their Merchant Interface account
2. Click “Settings and Profile” in the main menu
3. Click “Address Verification System (AVS)” in the Security section
4. Click to deselect the checkbox labeled “Address information for cardholder is unavailable (U)”
5. Click “Submit”

The AVS settings will then be updated to allow the processing of gift credit card purchases with unavailable address information.”

If you do not use AVS currently, then nothing needs to be done in order to be able to accept these gift credit cards. If you use a payment gateway other than Authorize.net, you will want to check your AVS settings either through your gateway’s online interface, or by contacting them directly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Happy Holidays from LexiConn!

We would like to wish you all the best this holiday season. The turn of the year is always a great time to evaluate the services we provide to you and examine how we can most effectively improve and innovate moving forward. Our 10th anniversary is right around the corner in February of the coming year and nothing would give us greater satisfaction than being able to send you a similar note in another 10 years! We appreciate your business as providing the best possible customer and technical service will continue to be our highest priority, just as it has been since our inception. We look forward to working with you in 2006.