SECURITY

Magento Authorize.net Direct Post End-Of-Life Demystified

Authorize.Net alerted customers recently that it was phasing out MD5 based hashes. These are used for transaction response verification from Magento’s Direct Post payment method. Magento has announced a patch to address this issue. The first step is currently in effect, merchants are no longer able to configure or update their MD5 Hash settings in the Merchant Interface. On June 28, 2019, Authorize.Net will stop populating the MD5 Hash Value altogether. This will in effect make it impossible to process payments for merchants who use Authorize.Net Direct Post method in Magento.

For all Magento versions prior to Magento 2.3.1 (including Magento 1.9 and 1.14 and below) Authorize.net Direct Post was a native payment application within Magento’s platform. This payment method will no longer be valid after June 28, 2019. This could result in lost revenue and downtime for merchants.

In order to continue processing these payments, Magento has provided a solution in the form of patches which can be applied for both Magento 1.X and Magento 2.X.  These patches for Magento must be applied within the code base and deployed to the merchant’s production server before June 28th to ensure continuity of service. Additionally, the merchant must generate a signature key within their authorize.net portal, and insert this into the admin configuration.

If any of this sounds technical, its because it is. The patch provided requires updating your Magento code. After the patch is applied, it is important to verify that any customizations dependent on the Authorize.net module are not impacted by the patch and appropriate configurations within the payment portal are properly tested.

Crimson Agility is well-versed in this process and has already completed the necessary changes for all their clients. If you are concerned your site might be at risk, please contact us for Magento Support through our contact form or call us directly for assistance.

For more information on this issue see the following:

Why are Poor Search Results Killing your Sales?

What is the first thing you do when you are online shopping or looking for a particular product?  If you are like 60% of consumers, you start your research on a search engine before heading to a specific website. On average, those same consumers visit at least 3 online stores before making their purchase. That means that by the time consumers come to your site, they have already done their research and they are ready to make the purchase.  At this point, it becomes increasingly important for the consumer to find what they are looking for, at the right price, with low/no shipping costs, and within an environment they can trust. All of these factors contribute to the success of your business, however, searchability is becoming increasingly important if you are to secure a sale. After all, customers can’t buy what they can’t find. So if you haven’t already thought about it, it is time to look under the hood and find out just how good your site search is. Here are some things to consider:

Time is of the essence

On average, 30% of the visitors on your site will use the search box. Once they arrive at your site, they are in “buying mode”. They have completed their research and all they need is a final view at the product details such as the price, availability, and delivery costs.  You can help customers find what they’re looking for by offering a user-friendly site search experience. Make sure that the search box is visible and results are fast. It is all about encouraging them to make that purchase.

50% higher conversion rate

A user-friendly site search experiences can lead to conversion rates up to 50% higher than the average. When searching for a product, the expected result is a direct link to the product’s detail page. Good search results can yield higher sales because customers who find what they are looking for easily are more likely to buy it on the spot. Customers who can’t find the information they’re looking for leave your site within minutes, only to make a purchase at someone else’s site that can yield the expected results.

Offer Suggestions

Offering related products as part of a search result can encourage visitors to view more products. About one fourth of site visitors will click on a search suggestion. These suggestions can be cross-sell or up-sell items that complement the product they searched for. If several models or options are available they can also be displayed as suggestions.

Allow flexibility of display results

Allow for results to be displayed in grid or list views. Consumers enjoy having the flexibility to decide in how results are displayed. Having these options can improve their experience on your site and potentially increase the chances of customer retention and loyalty.

Auto-complete can boost conversion rates

Using an auto-complete tool that begins to search as the customer is typing, offers a number of advantages: it speeds up the search process for users, it helps to avoid misspellings, and it can also ensure searches return a product result. If it is well implemented, auto-complete can save customers a lot of effort, in addition to speeding up the search process. More intuitive search and navigation means higher conversion rates.

Zero results page

If customers have searched for a product that you don’t stock, it doesn’t have to end with a ‘no results found’ page. You can provide a list of alternate products that may be related to the searched item. In addition, zero results pages can be a valuable source of information for you as an online retailer. Use the zero results page to discover new trends and then stock what is needed. Keep an eye on your site’s keyword search results. Tracking this data can inform you of products customers are looking for that you don’t currently stock.

Too many search results

Another definition of a poor  search result is returning hundreds or even thousands of results. Too many results coupled with poor filtered navigation options is detrimental to your sales. Any decent site search tool will cater for synonyms, such as with synonym lists. By mining older search data to understand the specific terms the audience are using to find products, adjustments can be made to drive better results.

With that said, how can you improve searchability on your site?

If your store is built on Magento 2.x Enterprise Edition, you get ElasticSearch for searching your catalog. ElasticSearch performs quick and advanced searches on products in the catalog, supports multiple languages, supports synonyms, and returns results based on the last generated index. ElasticSearch is accurate and scalable and it allows you to customize reuslts by tracking terms that consumers type into the search box to direct customers toward a particular product or result. By improving the site search results, you can directly impact the experience for users and increase conversions.

Even with all of the features mentioned above, the native Magento search functionality can be lacking. To bridge the gap, we recommend to our clients that they invest in a third party search solution. We recommend using Klevu, which is a market-leading search solution that uses natural langauge processing (NLP) and machine learning to provide more accurate results and allows for far more complex merchandising. Klevu is a very robust and cost effective solution and in our experience has yielded very positive results.  Some of the features we (as well as our customers) like:

  • Advanced product boosting (either at SKU level or based on attribute rules)
  • Comprehensive reporting (which products are performing best)
  • Natural language processing (deeper understanding around queries)
  • Machine learned results (self-learning based on what users are searching)
  • Ability to index more content
  • Quick search (fast search results
  • Awesome UX (results in a user-friendly layout)

We have seen improved search results and increased conversions with the implementations we have completed for our customers. If you are interested to find out more, stay tuned as we dig deeper into the topic of site/product searching in our March series of social posts, blog posts and our new upcoming newsletter. We will be exploring features around Klevu and a client success story later this month.

In the mean time, please add your comments below and let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

IS YOUR MAGENTO SITE SECURE?

Let’s face it, hackers are out there. They are a fact of life in cyberspace. Magento is diligent about making sure that they plug vulnerability holes wherever they exist in the infrastructure of your Magento e-commerce site.  Let Crimson Agility update your Magento platform to keep it secure. Your Magento platform is there, to supercharge your e-Commerce site. Just like with any computer system, maintenance is an important factor. Magento and Crimson Agility take security very serious and the newly released critical security updates are important to keep hackers at bay.

Here are some of the things we can help you with:

SUPEE-10266 Security Patch
For Magento 1.x and 2.x versions, the Security Update SUPEE-10266 was created to address recently identified vulnerabilities. You can check your site at MageReport.com for an assessment of your site’s health and security before and after applying the security update.

Update to the latest version of Magento
In addition to security patches, updating your version of Magento to the latest version will also help keep your site in tip top shape.

For Magento Commerce the latest version is 1.14.6 and Open Source to 1.9.3.6.  The latest versions contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.

For Magento 2.x, update to Magento 2.0.10 for Community Edition and Magento 2.1.2 for Enterprise Edition for the latest security updates. The Magento 2.0 Upgrade Guide and Magento Security Best Practices are great resources for keeping your Magento site safe and secure.

Keeping your Magento E-commerce site up to date and secure can be a daunting task, but it doesn’t have to be. Just call Crimson Agility today we can get your upgrade scheduled and done in no time at all! Contact us and we’ll answer your questions.

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

NEW MAGENTO SECURITY UPDATE – SUPEE-8788

Let’s keep your Magento platform up-to-date and secure.  Your Magento platform is there to supercharge your e-Commerce. Just like with any computer system, maintenance is an important factor. Magento and Crimson Agility take security very seriously and the newly released critical security updates are important to your Magento site’s security and performance.

 

For Magento 1.0, the Security Update, SUPEE-8788, was created to address recently identified vulnerabilities.  If you need assistance with this update or any update, contact Crimson Agility to get this scheduled and to keep your Magento platform secure.  You can check MageReport.com for an assessment of your sites health and security before and after applying the security update.

In addition, Magento released upgrades to Magento Community Edition and Enterprise Edition, versions 1.9.3 and 1.14.3 respectively.  With these new releases Magento had added support for PHP 5.6 which has some significant performance benefits.  Check the Magento 1.9.3 and 1.14.3 release notes for more fixes and new features.

For Magento 2.0, download Magento 2.0.10 for Community Edition and Magento 2.1.2 for Enterprise Edition for the latest security updates.  The Magento 2.0 Upgrade Guide and Magento Security Best Practices are great resources for keeping your Magento site safe and secure.  For the less technical, call Crimson Agility today to get your upgrade scheduled.

If you have any questions on these security updates or upgrades, contact us and we’ll answer your questions.  We have already updated over 40 sites for our current clients.

HOW DOES SITE SECURITY BUILD TRUST WITH CUSTOMERS?

For all of the things that are great about the internet, there’s still one thing that makes many people hesitant to use it for sensitive transactions. Not having the ability to directly monitor where their information goes and who sees it along the way can leave people hesitant to provide financial information and other sensitive data. This can be a major hurdle that many small online retailers have to face when they are just starting out.

Demonstrating trust and security doesn’t only apply to small online retailers, but it also impacts large retailers like Target, whose information got hacked and resulted in compromised credit card information for over 40 million consumers. Here are some common questions consumers have for online retailers when it comes to the security of their sites:

  • Are there common consumer online fraud scenarios to be aware of?
  • Is your site secure for credit card transactions?
  • Will my data get hacked and will my personal information be in the hands of criminals?
  • What does your company do to protect my information?
  • What can I do if I suspect fraud or if I’m a victim of fraud?

Crimson Agility understands these concerns and has recently partnered with Norton Shopping Guarantee to provide customers with both the mental and financial peace of mind that Norton Shopping Guarantee can provide.

Norton Shopping Guarantee is an industry-leading software for antivirus, malware prevention, threat identification and transaction security. After years of experience in online threats and data breach prevention, Norton Shopping Guarantee is confident enough in its ability to protect customers from such threats that it’s prepared to stand by its promise with financial reimbursement. When you sign up with Crimson Agility as a Magento service client, your customers automatically receive the protection that comes with Norton Shopping Guarantee. This includes:

  • Identity theft protection up to $10,000: If you suffer a data breach that leads to identity theft and all that can entail, the guarantee will cover up to $10,000 in costs related to fixing the problem. This includes things like attorney fees and credit disputes.
  • $1,000 Purchase guarantee: This covers the resolution of purchases that don’t meet the buyer’s expectations. Norton will work with both parties to resolve the conflict and will provide reimbursement of up to $1,000 if the conflict isn’t resolved and Norton rules in the customer’s favor.
  • Lowest price guarantee: The online shopping world moves fast, and finding the lowest price is important to shoppers. If an item is offered by another merchant at a lower price within 30 days, Norton will cover the price difference up to $100.

Show Your Customers That You’re Serious About Security

To be successful in online retail, it’s essential that your customers have faith in your ability to protect them and offer them the best and safest shopping experience possible. With Norton Shopping Guarantee, you can reassure your customers that you’re doing everything possible to protect them as well as offering them insurance in the event that something does happen. With a Crimson Agility and Norton Shopping Guarantee partnership, you can enjoy peace of mind knowing that you’re offering your customers the protection they expect and deserve.

If you’re looking to update the security of your e-commerce site and make it secure and reliable for your customers, we invite you to schedule a complimentary consultation with one of our Certified Magento Professionals.

4 WAYS TO INCREASE THE ONLINE SECURITY OF YOUR E-COMMERCE SITE

Online security is one of the most important features of any e-commerce site.  Users want to be able to trust your web site, regardless of how it looks or performs, before using it.

With modern hacker techniques, even the most harmless user information can be leveraged into an attack on your customers, so it is critical that your e-commerce site be secure and reliable. Here are four ways to help improve the online security of your e-commerce site:

  1. Use a secure connection for checkoutSSL certificates are fundamental to your customers’ online security. They encrypt the information during the checkout process to make certain that even if the data is intercepted it is useless to anyone other than the intended destination.  Additionally, more and more customers are looking for the https, where the “s” stands for “secure”, when shopping online. Update your site to use SSL (https) on the entire site – not just during checkout. Make sure your site reassures your customers and protects their personal information.
  2. Only store the customer information you need: Hackers are very sophisticated when it comes to victimizing users. The best way to protect your customers is store only the information you need.  Avoid storing information that might be useful later, or that was used but is no longer necessary. Also, make certain you have verification procedures in place. If your customers have membership accounts, insist on strong passwords, and train your employees on the proper ways to handle this data.
  3. Conform to the PCI DSS – The PCI (Payment Card Industry) Security Standards Council is a global body led by the five main credit card companies.  The Council exists to help businesses meet the stringent requirements they require when using credit card information.  They publish the PCI DSS which is a security self assessment tool, and is designed to help companies be as secure as possible.  Whether or not your business uses credit card information directly, being able to successfully conform to the PCI DSS means your site is as secure as some of the best on the web.
  4. Remain Up-to-date with Security UpdatesAvoid becoming comfortable with your security.  Your security personnel should always be updating their knowledge.  Security should be performing tests on a regular bases, including attempting to compromise the site’s security. Work with certified Magento professionals, like Crimson Agility, to ensure your site remains secure and up-to-date with all the latest security updates. Request a security audit of your site to ensure you are following all Magento security “best practices”.

Online security is an ongoing journey with no end point.  As long as there is data to be stolen, hackers will try to steal it. If you’re looking to update the security of your e-commerce site and make it secure and reliable for your customers, we invite you to schedule a complimentary consultation with one of our Certified Magento Professionals.

NEW MAGENTO SECURITY PATCH UPDATE: SUPEE-7405 AND SUPEE-7616

Last week, Magento released a security update patch, which includes Security Patch Bundle SUPEE-7405 and USPS Patch SUPEE-7616. The update is intended to improve both the security and functionality of Magento sites for all editions.

The SUPEE-7405 patch resolves several security related issues, and also contains important functional updates such as official support for PHP 7.0.2, which should reduce memory consumption as well as provide other dramatic improvements to performance. The patch is available for Magento versions 1.4.0.0 – 1.9.2.2 and 2.0.0.0 – 2.0.1.0.

The SUPEE-7616 patch addresses several changes USPS recently made to their services, rates and package names in all new releases for Enterprise and Community Editions. It is only applicable to customers using USPS as a shipping method and is non-critical.

Security updates and patches are essential for maintaining the security of your website and preventing hackers from being able to access important databases. If you’re currently running an older Magento version, you should definitely upgrade as soon as possible, as there are security issues, performance improvements, and a wealth of usability options that you’re missing out on.

Some of these upgrades will simply make your life a lot easier, but others are absolutely mission-critical. Crimson Agility has a 100% success rate with upgrading Magento platforms, and given our proven methodology and state-of-the-art development environments, we eliminate any risks that come with upgrading your Magento platform.

If you’re interested in upgrading to the latest version of Magento, we invite you to schedule a complimentary upgrade assessment and estimate with one of our Certified Magento Professionals.

WHY ONLINE SECURITY IS CRITICAL FOR YOUR E-COMMERCE SITE

The most successful businesses today have discovered the value of building relationships with their customers. One key to doing that is establishing trust, and nothing will unravel the trust you’ve built faster than a lack of online security in your e-commerce business.

You don’t have to look very far to see the damage a lack of security causes. Some of it has definite dollar signs attached. The hacking scheme that attacked Target in 2013 cost them a reported $10 million. While significant financially, the hack is estimated to have affected as many as 110 million customers. It’s impossible to calculate what the attack cost Target in lost trust with its customers.

Your e-commerce site might be able to offer customers security at the start and end points of a transaction, but providing online security will help you keep the customer trust you work so hard to get in the first place.

This holiday season, retail e-commerce is expected to reach nearly $80 billion in sales, so it is critical that your e-commerce site be secure and reliable for your customers. Reliable online security will do the following 4 things:

  1. Provide a secure e-commerce platform: Your e-commerce platform should provide the precautions necessary to protect your customer’s information from outside threats.  Using a secure platform like Magento that is dedicated to providing secure solutions and a trusted hosting partner like ZeroLag are an excellent start.
  2. Use a secure connection for checkout: SSL certificates are fundamental to your customers’ online security. They encrypt the information during the checkout process to make certain that even if the data is intercepted it is useless to anyone other than the intended destination.  Additionally, more and more customers are looking for the https, where the “s” stands for “secure”, when shopping online.  Update your site to use SSL (https) on the entire site – not just during checkout.  Make sure your site reassures your customers and protects their personal information.
  3. Handle sensitive data sensitively: When shopping on your site, your customers trust you with their credit card information. Make certain you have verification procedures in place. If your customers have membership accounts, insist on strong passwords, and train your employees on the proper ways to handle this data.
  4. Remain Up-to-date with Security Updates: Work with certified Magento professionals, like Crimson Agility, to ensure your site remains secure and up-to-date with all the latest security updates. Request a security audit of your site to ensure you are following all Magento security “best practices”.

Online hacking has become such a problem that most business liability insurance includes some level of protection against it. While that is a great reimbursement to your customers if something does happen, it will only go so far in rebuilding the relationships you need for your site to be successful.

If you’re looking to make your e-commerce site secure and reliable for your customers, we invite you to schedule a complimentary consultation with one of our Certified Magento Professionals.

NEW MAGENTO SECURITY UPDATE: SUPEE-6788

The latest Magento Security Update, also known as SUPEE-6788, fixes several security issues primarily around access to sensitive data such as database credentials, integration passwords, or customer passwords.  One of the more critical parts of this update addresses a vulnerability in how third-party extensions traditionally access an admin URL.  This patch addresses this vulnerability. Consequently, it has the potential to break third-party extensions, modules, and customizations.  To ensure the security update does not break your site, Magento has released this security update with this fix “disabled”.  This allows you and a Solutions Partner, like Crimson Agility, to address any vulnerable extensions, modules or customization before “enabling” it.

We highly recommend that you:
1. Install the Security Update on a development instance and validate all functionality, then move it to your live Magento instance immediately.
2. Evaluate extensions, modules, and customizations on your Magento instance for the vulnerability.
3. Address the vulnerable extensions, modules, and customizations as soon as possible.
4. “Enable” the fix for the admin URLs once all the vulnerabilities have been addressed.

If you’re interested in upgrading to the latest version of Magento, we invite you to schedule a complimentary upgrade assessment and estimate with one of our Certified Magento Professionals.