MILLIONS TO BANKRUPTCY

Jim had an ecommerce website that was generating over one million dollars in sales. He had no debt and a healthy surplus every month. He had over five thousand likes on Facebook, and twenty thousand followers on Twitter. Everything was fantastic until one day Jim declared bankruptcy overnight. What happened?

One year prior to the bankruptcy Jims employee whose name was Lisa, received an email from PayPal that was asking her to login in order to confirm some information. Lisa was not aware of phishing emails that were sent by hackers, so she did it. When Lisa visited the fake PayPal website, a JavaScript triggered and installed a piece of sniffing malware on her computer. In other words, the hackers were able to see everything Lisa was typing from thereon. The hackers quickly got access to Lisas CRM system, financials, company-wide logins, etc.

Using the company wide logins, they accessed all the computers and installed sniffing software on each one. One of those computers was Jims, who frequently accessed the main server where the website was hosted. It wasnt long before the hackers got access to the main server to do what they were planning the whole time. The hackers were specifically targeting companies who were operating on an open source shopping cart software.

Jim was using an Open Source Shopping Cart to process orders, but he was smart enough not to save the credit card data. He claimed to be SAQ C PCI compliant which means that he does not store credit card data.

Unfortunately for Jim, the hackers knew that open source software inside out because it was open source, and they quickly installed a plugin that they developed to start saving credit card data into another database. Once a week the hackers would have the plugin transfer the database to their own FTP server.

After six months, the hackers had compromised over 300,000 credit cards, and started to commit fraud on all of them. It was not too long before Jims company looked like a massive crime scene with auditors, and private investigators. The company experienced a complete melt down overnight. It was easy to detect that the culprit was Jims company because all the credit cards that had fraud on them had something in common, a transaction from Jims company.

After the audit was complete and the hack was found, Jims credit card company shut down his merchant account with no way to accept credit card payments, all the funds were frozen for twelve months, and the company received the highest PCI penalty of $500,000. In addition, Jim had to pay $170,000 to notify all the customers by mail about the fraud, and $140,000 for security auditors to identify the problem. Jims million dollar company had no way to accept payments, but it did have an $810,000 bill to pay. Jim had no choice but to go bankrupt, and all of this happened because of one email that Lisa opened.

HOW DO YOU PROTECT YOUR COMPANY FROM HACKERS?
Being PCI Compliant is not enough, if it was enough then you wouldnt hear stories like VeriSign an IT Security Company gets breached. VeriSign is a company that helped invent PCI compliance, and I can assure you that they follow every PCI compliance recommendation. So if, VeriSign can get hacked and breached, how can you go to bed at night and think that you are safe?

SOLUTION
Rek9 is for companies who are concerned about PCI compliance and personal data breaches. Rek9 is a data vault solution that allows you to store credit card data and other financial data securely and out of sight using tokenization technology. Unlike merchant companies who offer to store your financial data for you, Rek9 is a SELF HOSTED data vault solution that can be hosted with Amazon AWS, giving you the PCI DSS Level 1 security compliance without the transactional cost. Rek9 takes the data breaching liability away from your company and passes it on to Amazon while giving you the flexibility to keep your own data without marrying any merchant company.

SHOPPING CART ELITE
Rek9 was built by the engineers at Shopping Cart Elite, and it is automatically rolled out to all Shopping Cart Elite clients at no charge. If you want your website to be BEYOND PCI COMPLIANT, sign up with Shopping Cart Elite today.

TRY SCE

THIRD PARTIES
If you are a concerned third party that is interested in Rek9, we will be rolling it outside of Shopping Cart Elite at the end of the year for companies who do over 500 orders per month. If you are interested in this solution when it is released to the public, please fill out this form below.

REK9 WAITING LIST