I always thought high security like two-step authentication was reserved for big corporations and banks where major customers financial interests were at stake. My little paint supply store probably couldn’t afford that level of security anyway. I had a basic-ordering website in place mostly for my regular customers who I had known for years, but with business tapering off a bit I decided to expand my marketing efforts through the site. I offered a special promotion to attract new customers if they purchased a minimum of $500.00 in paint and supplies. Well business began to pick up steadily and as most of my customers don’t pay their current invoices for 30 days I had yet to see any revenue but I figured I would at least double what I grossed last month. Last week I began to get some calls from my regular customers complaining of charges for paint and materials they never ordered. I figured it was a one off situation. When I double checked the ordering system and was shocked at the number of orders from the new batch of customers that had been billed to the wrong accounts. I discovered someone had gained access to the site and placed orders under existing accounts and I had no way to verify who and how. It was extremely hard to detect because they picked the larger accounts with a lot of monthly activity. Very often contractors will send day laborers to pick up the paint so we never bothered to call the account owners when they came in to get the materials. I had to eat all the cost of the paint that went out the door but I was convinced I needed to build in additional security on my site if I was going to continue using it. I went on line and searched for two-step authentication and the first company on the screen was TeleSign. I contacted them thinking that I could never afford their services but was pleasantly surprised to learn how affordable they were. They set me up with a two step solution where all my customers needed to do to place an order was enter a special code to verify they were legitimate orders. The verification code, or PIN was tied to their customer record so I had an instant way of cross checking before the order was actually picked up. The protection started right away without any special hardware or software needed on my end and the best part is I only pay TeleSign for each order that is processed through their two step authentication. With TeleSign guarding my site, I was able to successfully paint my way out of a tricky and potentially expensive corner! |
No comments:
Post a Comment