It’s not the technology, stupid…

September 16th, 2011 — 4:56pm

The issues faced by Google+ catching up with Facebook highlighted here:

Raise Your Hand If You’re Still Using Google+

really underscore the difficulties of starting a web-based business.  Many people think that they can take on the big sites with superior technology – some killer app, feature, etc.  Over the years I’ve seen many job posts, and talked to people who wanted to build a “clone” of a big name site (like ebay.com, facebook.com, groupon.com).  They really thought that the “technology” (programming, website, etc.) was really the key driver for the business, and would determine their success.

However, time and again, we see that the technology is really just the starting point.  From there, you need marketing, advertising,  partnerships, etc. to get things off the ground and get traction.  This is the part most people overlook.

In the case of Google+, they spent untold millions on the platform, and have a tremendous user base to launch it to, yet, it’s floundering a bit.  They have a hard uphill climb in my opinion, because of Facebook’s established users.  The switching costs of social media are high, and Google must overcome that.

So, when planning your next killer app, keep in mind that the technology is really the easy part.  Once that’s in place, your real challenges will start.

Comment » | Social Media

Have you registered your ‘Doppelganger’ domains?

September 12th, 2011 — 11:15am

Here’s an article describing the use of so-called ‘Doppleganger’ domains to intercept and steal information:
Researchers steal 20GB of corporate emails via doppelganger domains

Essentially, by taking advantage of typos, the researchers were able to intercept corporate emails, many containing sensitive information in them.  This is similar to someone registering a domain misspelling to grab free web traffic, and show advertising.  However, the email intercept puts a new twist on it.

Here’s the reason – you can intercept mis-typed emails “silently” – either discard them, or forward them on to the real intended recipient.  Nobody can tell what you are doing with the information you glean.  The sender / recipient may never realize the email was misdirected.

For example, you have a domain abc.com.  Your Division in Germany is “de.abc.com” – so I email to my colleague overseas, using “joe@de.abc.com” – however, I misspell it as “joe@deabc.com”.

Now, if some nefarious person has registered “deabc.com” and set up a mailserver there to accept all incoming email, they have just intercepted that email.  If that email contained any passwords, or company secrets, well, it could be very damaging to the company.  Keep in mind that an external customer emailing a sales rep would be susceptible to the same mistake.

So, is your company at risk for this kind of attack?  If so, you should consider registering these alternate domains, and checking into any doppelganger domains that were already registered.

Comment » | E-commerce

Time to move your documents to the cloud? Not so fast…

September 8th, 2011 — 7:18am

There’s been a push over the past few years to move more and more applications “to the cloud”, and off of your desktop / laptop computer.  Google docs has been trying to convert MS Office users away from the traditional Word, Excel, etc. applications to use the online application.

The functionality is pretty good, and it’s neat to be able to store and share your documents online.  You can edit them from anywhere, right in your browser.   However, with all “cloud” applications, there is still the risk of downtime, as this article shows:

Google Docs Stumbles, Goes Down

I think google is trying to remedy this, but creating a hybrid approach, where you can store documents “offline” on your computer, and sync up with the online version.  This may be a solid approach that works in the long run.

However, it’s still a bit risky to store your documents online.  Security is another big issue.  If  someone hacks (that never happens, right?)  into the “cloud” where the documents are stored, your sensitive data could be at risk.  When so much data is centralized like that, it’s a huge target for hackers.  Also, since these platforms offer easy “sharing”, you need to be careful you don’t accidentally share a confidential document with the whole world.

In summary, I think Google Docs has its place, but for mission critical and confidential documents, I’m still sticking with local apps, and local storage.

Comment » | Social Media, Web Tools

The best way to prevent identity theft so far.

September 5th, 2011 — 1:17pm

One overlooked method for preventing identity theft is the “credit freeze.”  Many states allow this now.  Basically, you contact the 3 credit reporting agencies (experian, transunion, equifax), and request the freeze.  Here’s a link describing what this means.

The main drawback is that you won’t be able to open a new credit line, or credit card account without “unfreezing” your account.  So if you don’t need any new credit card accounts, loans, etc.  then a credit freeze is a great option.  This prevents the agencies from releasing your credit information, so if someone tries to open an account in your name, it will be denied.

With so many security breaches happening nowadays, simply being careful with your own data is not enough.  Too many organizations (legally) have your data, and their security CAN be breached.  We see the reports every day.  How many breaches go undetected or unreported?

Comment » | E-commerce

PCI Compliance

August 26th, 2011 — 4:39pm

If you are an online merchant, and you haven’t heard about PCI Compliance yet, you probably will soon.  Credit card companies are slowly pushing online retailers to tighten up their security to reduce fraud.

Maintaining PCI DSS compliance is a potentially a huge obstacle for online retailers.  This document provides some links to understand the basics of what you will need to do.  Essentially this requires two main steps: a questionnaire, and an external scan of your server.  Some scanning vendors are providing an “all in one” spot for you to handle both of these requirements.  We’re partnered with ControlScan, which provides this service for $249/ year.

Here are some links that will help you learn more about PCI compliance:

PCI FAQ: Click here – seems like most merchants will be level 4, which means you need to run quarterly scans from an “approved scanning vendor”.

Here’s a short blog post with video that explains PCI DSS.  It explains that this movement is largely to contain fraud, and stem losses being incurred by banks, businesses, and consumers.

Approved Scanning vendors: Click here

At this point it seems like few gateway providers are “pressuring” their merchants to be PCI compliant, which makes sense – the cost of becoming and maintaining compliance will cause many “hobby” merchants to pack it in, or move to a third party payment system (paypal, google, etc.), and cancel their merchant accounts altogether.  In the long term, I expect more hosting companies to offer and tout “PCI Compliant” server platforms.  Shopping cart vendors are also moving this way.  However, the burden will always be ultimately on the merchant to prove they are using a compliant setup, so I believe now is the time to get your site moving in that direction.

My recommendation at this point (if you are an online merchant) is to go through the process at least one time, to see how close you are to compliance.  Make changes based on the results to get as close as you reasonably can, then keep the documentation until your provider asks.  Then you’ll have a quicker path to pci compliance if you are required to be so.

Comment » | E-commerce, Web Tools

Back to top