Saturday, November 26, 2011

How $1,100 in Fraudulent Charges Encouraged Me

I was recently surprised by a "please see attendant" message on the gas pump after swiping my debit card. What the...? I had just used it for lunch the day before. I went home, checked my online activity and everything looked fine. My bank was closed for Veteran's Day so I couldn't call anyone to figure out what was going on.

The next day it was all too clear what had happened.

22 transactions from an iTunes store in Luxembourg for $99.99 each along with one for $1 were all pending on my account. I have to pause a moment and tell you how thankful I am for having worked for and learned from Dave Ramsey. We spent years paying down debt and building an emergency fund so I can honestly say my wife and I felt no stress at all in that moment. For 90% of my life, seeing $2,200 of pending transactions would have caused a major freak out. Financial peace is a real thing and it's awesome.

Ok, back to the story...

First thing Monday morning I called the bank, who directed me to call Apple, who said they need a charge back request, which can't happen until the transactions actually post to the account. By Tuesday about $1,100 worth of transactions cleared and the rest were rejected. Wednesday afternoon was spent at the bank. After almost an inch of paperwork and the police report I had to file just to get the process started, I finally had a charge back in process (the money was refunded less than a week later).

A week or so later, I got an email from saying their site had been hacked and payment card information was compromised. Well there you go.

So how could this experience possibly be an encouragement to me?

I was encouraged because it reminded me why I care so much about, and have spent years of my life working on, security. At, we're almost fanatical about it. We spend a large portion of our revenue constantly improving our systems and ensuring we're with one of the most secure hosting facilities available. We've done extensive penetration testing and we're finishing up our audit (last week) to become a PCI Level 1 Service Provider. Are we invincible? No. No one is. But we've spent years and more money than I want to say taking this issue very, very seriously.

If you run a business that processes payment information (or you're thinking of starting one), please, do yourself a favor and read our wiki page about PCI DSS. If you don't treat this seriously, it can destroy your business. The fines alone can be hundreds of thousands of dollars, not to mention the damage it does to your brand and your reputation.

I'm not mad at Gary Vaynerchuck or at Wine Library. Their staff is going through hell right now and they are doing a great job, including a personal phone call I received after replying to their email. What I am upset about is that this didn't need to happen. They are good at wine. It's what they do. They should have left the e-commerce security to professionals because it's what we do. Having an in house team wasn't enough in this case.

If you're building an online business, please do your homework. Know the full costs and risks involved with using a hosted or self hosted solution. If you don't use FoxyCart, find another secure hosted solution or use tokenization so payment card data is never stored (which, I'm happy to say, Wine Library's new website takes advantage of). Another option is to offload everything to PayPal or Google Checkout. Don't take these risks on yourself unless you have a team of people dedicated to security.

I now have personal experience with the drama created when a payment system isn't as secure as it should be. It's really frustrating. I'm encouraged because I believe the business we've built will spare hundreds of thousands of people from experiencing what I went through.

Your customers deserve to trust you with their payment information. Don't let them down.

Sunday, November 13, 2011

How to Make an Entrepreneur Mad:

Edit: 8/24/16 a version of this post now lives on Steemit

Demonstrate an entitlement attitude.

That is the quickest way to frustrate an entrepreneur.

Every successful entrepreneur I've ever met believes nothing is owed to them. They believe in personal responsibility and making things happen. They believe an idea, hard work and perseverance can accomplish anything and, more importantly, nothing can stop them. They believe everything it takes to succeed is already in their hands or they are actively executing a plan to obtain whatever is missing.

They don't believe in hand outs.
They will not let themselves be victimized.
They don't make excuses.
They don't feel entitled to anything by anyone.

But what about the entitlement mentality of the "kids these days?" I know, I know, that sounds like a question our parents would have asked... But it is worth talking about. Are we becoming more and more entitled as a country? What will that do to our culture in the generations to come?

I feel like we need frontiersman training. Buy an ax, a gun and find some wilderness. Now go build a home and provide for your family. That's part of the foundational thinking of this country and I'm afraid we're losing it. We are a nation of innovators, but we'll only stay that way if we train ourselves to drop the entitlement mentality and go build something.

What are you building?
Are you waiting for something and if so, why?

Monday, November 07, 2011

How I Made Twitter Fun After Ignoring It for Four Years

140 characters. Couldn't be simpler, right?

Wrong. Or maybe I'm just really dumb. Or both.

When I first signed up for Twitter in 2007, I seriously didn't get it. I thought it was stupid and didn't use it. Much later I found TweetDeck, and some things started to make sense. It became fun, friendships formed, and now it's a daily source of humor, education and joy. This post is about what changed.

If you're looking for an expert's perspective on how to use Twitter, you're in the wrong place. This is less of a "guide for Twitter newbies" and more of a "Twitter newbie's experience making it not suck" after about four months of active learning.
Me, Ignoring Twitter for Four Years

Twitter is an ecosystem; a virtual world of rules, resources, etiquette, style, humor and friendships. Learning how to use it can be overwhelming, kind of like finding a seat at the lunch table on the first day of school.

But it's also a lot of fun.

Here's what I figured out. I hope it helps you also:

Find a Tool You Like
I started with TweetDeck (which I still use on my mobile), but now I'm using Twimbow which I love. Hootsuite is also really popular.

Start Local
Connect with people at conferences and meetups in your area, then Google their name and location later to say hello (if you didn't already grab a card with a Twitter handle). It's amazing how you can enhance real relationships by throwing around ideas on Twitter. The next time you hang out, you'll already have things to talk about.

Start With People You Know "IRL"
Invite someone to lunch and get to know them personally as you begin your Twitter relationship. Their tweets will mean so much more to you now that you've met them in real life.

Reply Often
Figuring this one thing out changed everything for me: only people who follow both you and the person you're replying to will see your reply. So go for it! Interact with people, tell them how you feel and what you think. Encourage them, laugh with them, tell them you appreciate them. You won't be flooding all of your followers so don't hold back.

Join a Conversation
See a good conversation between friends? Jump in! Twitter is like a party and if your friends were chatting up one of your favorite topics at a party, you'd jump in also. The trick here is to contribute something worthwhile. Don't be that awkward party-goer who says, "HEY GUYS!!!" just a little too excitedly.

Use Twitter Lists
I included this because everyone tells me they are key. Honestly, I'm still figuring out the best way to use them, though I have setup a bunch of private ones. I told you I was a newbie.

Set Up Some Searches
Find a few conference speakers you really enjoy (preferably from your local BarCamp) and set up some searches using their Twitter handle. That's a really great way to learn quickly because you'll see how they reply and interact with their followers and how those followers respond.

Should You Follow Back or Not?
This discussion may be older than Calvinism vs. Arminianism... There are strong opinions on both sides, but I think #TeamFollowBack is a mistake. Who you follow defines the value you gain from the network. Choose wisely. Don't be sad if someone unfollows you and don't feel bad about unfollowing someone who isn't making your stream awesome. If you don't agree, leave a comment and let's chat, but first read these blog posts from Michael Hyatt and Chris Brogan.

Is It OK to Automate / Schedule Tweets?
Here's another big discussion with passionate opinions on both sides. As a general rule, automation seems to be highly frowned upon. That includes automated direct messages when someone follows you or auto responding to keywords. Scheduled tweets, on the other hand, seem to be loved by some and ridiculed by others. As with everything else in this post, I'm still learning, but I've settled into using bufferapp to only schedule links to blogs and resources. Everything else, I think, should be part of a real time conversation.

So now what?
  • Wondering what to tweet? Think useful, encouraging, funny, inspiring, interesting, personal, unique, thankful, helpful, educational and fun.
  • Share links to what you're reading and what you like.
  • Retweet your friends when you get that, "I wish I came up with that!" feeling or to help them spread the word.
  • Proof read your tweets. Twice. Then read them again. Look for any possible double meanings you didn't intend and reword your tweet around them.
  • Leave room for comments or old school retweets (120 chars is a good length to aim for). I used to tweet right at 140 characters every time which caused any retweets to look like a 13-year-old's text-message-version of my original tweet: "luv u! k thnx bye."
  • I've already talked about not claiming your own awesomeness so I won't elaborate here. Just don't do it.
Ultimately, it's all about communication and relationships. Use common sense. A good rule of thumb is: Would this be annoying in real life? It'll probably be annoying on Twitter also.

Be friendly. Be humble. Be yourself.

Most of all, don't forget your first mention and your first retweet. Think about how fun it was. Keep that feeling, share it with others and don't expect it all the time. I never want to get to a place where it takes 5 retweets to feel as good as 1 retweet does now. If someone likes something I said enough to share it with their friends, that's an awesome compliment! I never want to take that for granted.

Want to learn Twitter together? Give me a follow and a reason to follow back.

Here are some friends I really appreciate who have taught me a lot about Twitter: @kennysilva @travisro @jwd2a @kacythedude @jwidmer @lauraclick @joey_strawn @tylerlclark

Here are some posts about using Twitter from people who actually know what they are talking about:

Here are some more resources I've found interesting as part of my Twitter newbie journey: (lots of opinions on this also, but it helped me learn) (Also helped me learn and see progress) (It has Angry Birds built right in! How awesome is that!?!) (I've been using this one for months) (I need to use this more) (Another interesting one I'm still toying with)

What would you add from your first impressions of Twitter?
What other Twitter tools and resources do you find useful?