Saturday, April 30, 2005
E-Commerce Sites Forced To Adopt Security Standards
Online retailers will be forced to tighten security and improve their handling of customer data under new rules being introduced by the credit card industry to stop identity theft. From June 30, all e-commerce sites with internal systems that process, store or transmit cardholder information will have to comply with the Payment Card Industry (PCI) Data Security Standard or face significant fines. In extreme cases, online merchants could be banned from processing transactions using payment cards.
Security Audit: Backed by MasterCard, Visa, American Express, Diners Club and JCB Cards, the standard requires Internet retailers to carry out a 12-step security audit, which will be certified annually and checked every three months. Introduction of the standard follows a series of security breaches that resulted in the theft of credit card details.
Last week, HSBC North America warned 180,000 customers who use its General Motors-branded MasterCard to cancel their cards, after faulty electronic sales systems at clothes retailer Polo Ralph Lauren accidentally stored their financial details instead of deleting them. Data wholesaler Lexis Nexis has also reported security breaches of customer databases, after hackers gained access to its systems. "If credit card information gets exposed there's a huge cost factor involved for the banks, because there are heavy overheads in terms of replacing them," said Gerhard Eschelbeck, chief technology officer at security software firm Qualys.
Security Steps: To combat the loss of payment card information to hackers, e-commerce sites will have to comply with 12 security requirements to achieve certification.
Here is a list of these procedures:
-Installation and maintenance of a firewall.
-Do not use vendor default passwords on IT products.
-Strong protection of stored data.
-Encryption of cardholder data transmitted over public networks.
-Installation and regular updating of anti-virus software.
-Development and maintenance of secure systems and applications.
-Controls restricting access to data on a need-to-know basis.
-Unique identity authentication assigned to each person accessing computer systems.
-Restrictions on physical access to cardholder data.
-Regular monitoring and tracking of network resources and cardholder data.
-Frequent testing of security systems and processes.
-Maintenance of an information security policy.
Stephen Orfei, senior vice president and head of the MasterCard E-Commerce Centre of Excellence, said: "The standard reflects our commitment to helping customers and online merchants evaluate and improve the security of their Web sites." The PCI Data Security Standard will also help converge the different security standards demanded by Visa, MasterCard and American Express, says Avivah Litan, research director at analyst Gartner .
Costly Compliance: "This will simplify the compliance process, but achieving compliance with these standards can still be very costly for merchants and acquiring banks," she said. "The more the process can be streamlined and automated, the easier it will be for everyone."
To help make the auditing and certification process less expensive for e-commerce firms, MasterCard is appointing a series of vulnerability assessment firms to carry out the approval process. This week the card giant announced the appointment of security software firm Qualys as its first automated compliance tester for the MasterCard Site Data Protection scheme, which uses the standard.
Internet retailers will be able to use QualysGuard software to carry out quarterly network scans and annual assessments, and regularly detect and fix flaws. "Larger firms may already have protected themselves as part of their vulnerability management processes," said Eschelbeck. "But you need to think about all of the small firms that don't have an IT security department."
Small e-commerce firms will be able to buy the basic software for US$495, with a full service costing $2,495.
Credit Card Numbers: The credit card industry hopes the tighter security demanded by the standard will lead to fewer stolen credit card numbers circulating on the Internet. MasterCard's Operation StopIT initiative, aimed at reducing phishing and identity theft, has already detected and removed 34,500 stolen credit card numbers being traded over the Internet. Lloyds TSB has backed plans for a standard to physically authenticate Internet customers. The High Street bank is working with banking industry group the Association for Payment Clearing Services (Apacs) to develop the security standard, which will be available from next month.
The bank's decision follows announcements from HSBC, The Royal Bank of Scotland and Barclaycard that they are looking at introducing physical security devices to combat phishing and other forms of identity theft targeting Internet banking customers. 'When key-logging software first appeared which tried to steal information we introduced new password procedures, and now two-factor authentication is something we're looking at,' said Matthew Timms, Internet channel director at Lloyds TSB.
Standards Pending: But the company stresses that any standards introduced must be compatible across Internet banking and card-not-present transactions. "One of the critical factors will be customer adoption," said Timms. "We need to balance security with the fact that consumers might not want to use it if it's too much of a hassle." The industry also needs to do more to educate online banking customers about the potential risks when using the Internet, says Timms.
"Consumer awareness is still low, and there are people that still fall for phishing scams. We are also seeing more trojans trying to capture passwords," he said. "People need to know firewalls and anti-virus updates are critical."
Brought to you by Guardian eCommerce.
Security Audit: Backed by MasterCard, Visa, American Express, Diners Club and JCB Cards, the standard requires Internet retailers to carry out a 12-step security audit, which will be certified annually and checked every three months. Introduction of the standard follows a series of security breaches that resulted in the theft of credit card details.
Last week, HSBC North America warned 180,000 customers who use its General Motors-branded MasterCard to cancel their cards, after faulty electronic sales systems at clothes retailer Polo Ralph Lauren accidentally stored their financial details instead of deleting them. Data wholesaler Lexis Nexis has also reported security breaches of customer databases, after hackers gained access to its systems. "If credit card information gets exposed there's a huge cost factor involved for the banks, because there are heavy overheads in terms of replacing them," said Gerhard Eschelbeck, chief technology officer at security software firm Qualys.
Security Steps: To combat the loss of payment card information to hackers, e-commerce sites will have to comply with 12 security requirements to achieve certification.
Here is a list of these procedures:
-Installation and maintenance of a firewall.
-Do not use vendor default passwords on IT products.
-Strong protection of stored data.
-Encryption of cardholder data transmitted over public networks.
-Installation and regular updating of anti-virus software.
-Development and maintenance of secure systems and applications.
-Controls restricting access to data on a need-to-know basis.
-Unique identity authentication assigned to each person accessing computer systems.
-Restrictions on physical access to cardholder data.
-Regular monitoring and tracking of network resources and cardholder data.
-Frequent testing of security systems and processes.
-Maintenance of an information security policy.
Stephen Orfei, senior vice president and head of the MasterCard E-Commerce Centre of Excellence, said: "The standard reflects our commitment to helping customers and online merchants evaluate and improve the security of their Web sites." The PCI Data Security Standard will also help converge the different security standards demanded by Visa, MasterCard and American Express, says Avivah Litan, research director at analyst Gartner .
Costly Compliance: "This will simplify the compliance process, but achieving compliance with these standards can still be very costly for merchants and acquiring banks," she said. "The more the process can be streamlined and automated, the easier it will be for everyone."
To help make the auditing and certification process less expensive for e-commerce firms, MasterCard is appointing a series of vulnerability assessment firms to carry out the approval process. This week the card giant announced the appointment of security software firm Qualys as its first automated compliance tester for the MasterCard Site Data Protection scheme, which uses the standard.
Internet retailers will be able to use QualysGuard software to carry out quarterly network scans and annual assessments, and regularly detect and fix flaws. "Larger firms may already have protected themselves as part of their vulnerability management processes," said Eschelbeck. "But you need to think about all of the small firms that don't have an IT security department."
Small e-commerce firms will be able to buy the basic software for US$495, with a full service costing $2,495.
Credit Card Numbers: The credit card industry hopes the tighter security demanded by the standard will lead to fewer stolen credit card numbers circulating on the Internet. MasterCard's Operation StopIT initiative, aimed at reducing phishing and identity theft, has already detected and removed 34,500 stolen credit card numbers being traded over the Internet. Lloyds TSB has backed plans for a standard to physically authenticate Internet customers. The High Street bank is working with banking industry group the Association for Payment Clearing Services (Apacs) to develop the security standard, which will be available from next month.
The bank's decision follows announcements from HSBC, The Royal Bank of Scotland and Barclaycard that they are looking at introducing physical security devices to combat phishing and other forms of identity theft targeting Internet banking customers. 'When key-logging software first appeared which tried to steal information we introduced new password procedures, and now two-factor authentication is something we're looking at,' said Matthew Timms, Internet channel director at Lloyds TSB.
Standards Pending: But the company stresses that any standards introduced must be compatible across Internet banking and card-not-present transactions. "One of the critical factors will be customer adoption," said Timms. "We need to balance security with the fact that consumers might not want to use it if it's too much of a hassle." The industry also needs to do more to educate online banking customers about the potential risks when using the Internet, says Timms.
"Consumer awareness is still low, and there are people that still fall for phishing scams. We are also seeing more trojans trying to capture passwords," he said. "People need to know firewalls and anti-virus updates are critical."
Brought to you by Guardian eCommerce.
Thursday, April 28, 2005
Google Launches Personal History Feature
Google Inc. is experimenting with a new feature that enables the users of its online search engine to see all of their past search requests and results, creating a computer peephole that could prove as embarrassing as it is helpful. Activating Google's "My Search History" service, unveiled yesterday afternoon at http://labs.google.com, requires users to create a personal login with a password. Users of Google's e-mail, discussion groups and answer services can simply use their existing log-ins.
Preserving Details: The service allows users to decide if they want Google to automatically recognize them without having to log in each time they use the same computer. Those who prefer to log in on each visit can use a link that will appear in the right-hand corner of Google's home page. Whenever a user is logged in, Google will provide a detailed look at all their past search activity. The service also includes a "pause" feature that prevents it from being displayed in the index. Users will be able to pinpoint a search conducted on a particular day, using a calendar that's displayed on the history page. The service sometimes will point out a past search result related to a new search request.
Google is hoping the service becomes so valuable that people will use its search engine even more frequently than they already do, giving the company more opportunities to display text-based ads that boost its profits. "We think there is some value in providing people with visibility into their past activity on Google," said Marissa Mayer, the company's director of consumer Web products.
But privacy rights expert Pam Dixon is worried the service will make it easier for mischief makers, snoops and perhaps even the government to get their hands on a user's entire search history.
"It's really a bad idea," said Dixon, executive director of the World Privacy Forum. "If you need to keep track of your past searches, I recommend using a notebook. It would be a lot more private and a lot less risky." Mountain View-based Google believes the service has adequately addressed privacy concerns, although Mayer conceded people who share a computer might not want to use the service. "This isn't for someone who is particularly sloppy about signing in and signing off," she said. "You have to have very good computer hygiene to use this."
Yahoo, Ask Jeeves Inc., and A9.com, a search engine owned by Amazon.com Inc., offer a feature that provides users with a limited look at past search activity. Google's software for searching computer hard drives, introduced last fall, also provides a snapshot of past Web searches.
Digging Deeper: But Google promises its latest feature will dig deeper than its rivals or even its own desktop search product. The online service is designed to store years of each individual's search activity, although users can remove selected links from their personal archive at any time.
Because the history feature requires an individual login, it could help Google better understand each user so it can customize its results to reflect a person's specific interests, said industry analyst Charlene Li of Forrester Research.
But Li doubts Google's latest feature will have mass appeal. "I don't think this is going to be very important to the average person," Li said. "Most people are kind of paranoid, so they are going to be wondering, 'Why should I give all my information to Google?"'
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
Preserving Details: The service allows users to decide if they want Google to automatically recognize them without having to log in each time they use the same computer. Those who prefer to log in on each visit can use a link that will appear in the right-hand corner of Google's home page. Whenever a user is logged in, Google will provide a detailed look at all their past search activity. The service also includes a "pause" feature that prevents it from being displayed in the index. Users will be able to pinpoint a search conducted on a particular day, using a calendar that's displayed on the history page. The service sometimes will point out a past search result related to a new search request.
Google is hoping the service becomes so valuable that people will use its search engine even more frequently than they already do, giving the company more opportunities to display text-based ads that boost its profits. "We think there is some value in providing people with visibility into their past activity on Google," said Marissa Mayer, the company's director of consumer Web products.
But privacy rights expert Pam Dixon is worried the service will make it easier for mischief makers, snoops and perhaps even the government to get their hands on a user's entire search history.
"It's really a bad idea," said Dixon, executive director of the World Privacy Forum. "If you need to keep track of your past searches, I recommend using a notebook. It would be a lot more private and a lot less risky." Mountain View-based Google believes the service has adequately addressed privacy concerns, although Mayer conceded people who share a computer might not want to use the service. "This isn't for someone who is particularly sloppy about signing in and signing off," she said. "You have to have very good computer hygiene to use this."
Yahoo, Ask Jeeves Inc., and A9.com, a search engine owned by Amazon.com Inc., offer a feature that provides users with a limited look at past search activity. Google's software for searching computer hard drives, introduced last fall, also provides a snapshot of past Web searches.
Digging Deeper: But Google promises its latest feature will dig deeper than its rivals or even its own desktop search product. The online service is designed to store years of each individual's search activity, although users can remove selected links from their personal archive at any time.
Because the history feature requires an individual login, it could help Google better understand each user so it can customize its results to reflect a person's specific interests, said industry analyst Charlene Li of Forrester Research.
But Li doubts Google's latest feature will have mass appeal. "I don't think this is going to be very important to the average person," Li said. "Most people are kind of paranoid, so they are going to be wondering, 'Why should I give all my information to Google?"'
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
Tuesday, April 26, 2005
AOL Develops Anti-Phishing Plan
America Online is trying to block the bait in phishing scams, announcing today that it will seek to identify bogus sites and prevent its users from gaining access to them. AOL will work with Cyota, an anti-fraud and security company, to implement the plan, which will operate 24 hours per day.
Phishing scammers create bogus sites that look like financial or retail sites in order to gather personal information that an unsuspecting user might type into them. Often, the scammers send an e-mail that looks very much like one that of a legitimate business . The message may ask users to update their information or try in some other way to get them to give up private data.
Impressive Action "AOL's move is a bold one," SecurityCurve President Ed Moyle said. "I'm impressed that they've decided to undertake this type of protection for their user community and I think that it's a very responsible position on their part." When AOL decides to block a site, a member who tries to access the page will instead receive a notice explaining why the page has been blocked. Part of the difficulty with phishing is the ease with which legitimate sites can be mimicked. "While we can introduce a healthy skepticism to users about e-mails they receive through education, the fact of the matter is that businesses do use e-mail to communicate with their customers and sometimes those e-mails contain links to their Web site," Moyle said. "In other words, given the climate in which businesses operate, it is extremely difficult for a user to know which e-mails are real and which are scams if their particular service provider is the target of the scam."
Others Trying, Too: The ISP is not the only company making an effort to prevent phishing attacks. Opera Software, developers of the Opera Web browser, yesterday released Opera 8.0, which includes an anti-phishing measure. The browser will show the certificate of secure sites so that users can match them with the URL they have typed in. The browser will also label the security of the site with levels from 1-3. Moyle said that despite these moves, consumers should stay on guard. "AOL's decision to filter known phishing sites is a step in the right direction. Of course, the technology isn't likely to be a complete barrier to all phishing, since it will take time to update the list of filtered sites as new scams are brought online, but I do think it is likely to greatly reduce the severity of the problem. If the technology prevents even 80 percent of the phishing currently underway, that's better than what we have today," he said.
The ISP said it will add more tools to its anti-phishing arsenal in the coming months.
More information at Guardian eCommerce.
Phishing scammers create bogus sites that look like financial or retail sites in order to gather personal information that an unsuspecting user might type into them. Often, the scammers send an e-mail that looks very much like one that of a legitimate business . The message may ask users to update their information or try in some other way to get them to give up private data.
Impressive Action "AOL's move is a bold one," SecurityCurve President Ed Moyle said. "I'm impressed that they've decided to undertake this type of protection for their user community and I think that it's a very responsible position on their part." When AOL decides to block a site, a member who tries to access the page will instead receive a notice explaining why the page has been blocked. Part of the difficulty with phishing is the ease with which legitimate sites can be mimicked. "While we can introduce a healthy skepticism to users about e-mails they receive through education, the fact of the matter is that businesses do use e-mail to communicate with their customers and sometimes those e-mails contain links to their Web site," Moyle said. "In other words, given the climate in which businesses operate, it is extremely difficult for a user to know which e-mails are real and which are scams if their particular service provider is the target of the scam."
Others Trying, Too: The ISP is not the only company making an effort to prevent phishing attacks. Opera Software, developers of the Opera Web browser, yesterday released Opera 8.0, which includes an anti-phishing measure. The browser will show the certificate of secure sites so that users can match them with the URL they have typed in. The browser will also label the security of the site with levels from 1-3. Moyle said that despite these moves, consumers should stay on guard. "AOL's decision to filter known phishing sites is a step in the right direction. Of course, the technology isn't likely to be a complete barrier to all phishing, since it will take time to update the list of filtered sites as new scams are brought online, but I do think it is likely to greatly reduce the severity of the problem. If the technology prevents even 80 percent of the phishing currently underway, that's better than what we have today," he said.
The ISP said it will add more tools to its anti-phishing arsenal in the coming months.
More information at Guardian eCommerce.
Sunday, April 24, 2005
Savvy Florida Man Nabs Domain Name of New Pope
A savvy tech writer has nabbed the Internet domain name of the new pope Benedict XVI, but said he will ask his devout Catholic grandmother what he should do with it. Rogers Cadenhead, a Florida-based tech writer, purchased the rights to BenedictXVI.com on April 1 -- more than two-and-a-half weeks before Cardinal Joseph Ratzinger announced that he would assume the papacy under the name of Benedict XVI.
All Bases Covered: Cadenhead had no divine inspiration about the identity of the new head of the Catholic church. He just decided to buy the domain names corresponding to all the popes since the year 1700 for US$12 each, he wrote on his Web site, cadenhead.org, today. "I couldn't resist the chance to have some skin in the game. Someone else already has JohnPaulIII.com and JohnXXIV.com, but otherwise I put a chip down on every name of the past three centuries," Cadenhead wrote. Cadenhead, 38, also registered ClementXV.com, InnocentXIV.com, LeoXIV.com, PaulVII.com and PiusXIII.com.
Cadenhead said he was raised Catholic, and that he bought the domains as a game -- not as a way to make money by cybersquatting. Cadenhead said he hasn't figured out what he's going to do with the BenedictXVI.com domain yet but that his "decision would be guided by the idea not to piss off 1.1 billion [Roman Catholics.]"
Whatever he decides, he will first seek approval from his devout Catholic grandmother. "I guess you could call her a papal adviser," said Cadenhead.
Brought to you by Guardian eCommerce.
All Bases Covered: Cadenhead had no divine inspiration about the identity of the new head of the Catholic church. He just decided to buy the domain names corresponding to all the popes since the year 1700 for US$12 each, he wrote on his Web site, cadenhead.org, today. "I couldn't resist the chance to have some skin in the game. Someone else already has JohnPaulIII.com and JohnXXIV.com, but otherwise I put a chip down on every name of the past three centuries," Cadenhead wrote. Cadenhead, 38, also registered ClementXV.com, InnocentXIV.com, LeoXIV.com, PaulVII.com and PiusXIII.com.
Cadenhead said he was raised Catholic, and that he bought the domains as a game -- not as a way to make money by cybersquatting. Cadenhead said he hasn't figured out what he's going to do with the BenedictXVI.com domain yet but that his "decision would be guided by the idea not to piss off 1.1 billion [Roman Catholics.]"
Whatever he decides, he will first seek approval from his devout Catholic grandmother. "I guess you could call her a papal adviser," said Cadenhead.
Brought to you by Guardian eCommerce.
Saturday, April 23, 2005
Consumers ask Guardian eCommerce...
Where are the safest places online to conduct business? Consumers have an insatiable appetite for online safety on the Net, and the Guardian eCommerce Privacy Seal Program fields hundreds of consumer queries on the topic. Every month, Guardian eCommerce receives hundreds of queries from online consumers seeking the safest places to shop online or purchase services online. In fact, most of the queries received come from consumers residing in North America. Guardian eCommerce replies to each and every one of these consumer queries by recommending safe site(s) that best suits the consumer's need.
Actually, it's a win-win situation, simply because consumers benefit from visiting recommended and reviewed safe sites on the Web, while member Web sites benefit each time Guardian eCommerce sends another potential customer their way. For convenience, Guardian eCommerce also provides a Safe Site Links page as a 'piece of mind' reference for online consumers seeking to purchase goods and/or services online from recommended and reviewed safe sites.
Brought to you by Guardian eCommerce.
Actually, it's a win-win situation, simply because consumers benefit from visiting recommended and reviewed safe sites on the Web, while member Web sites benefit each time Guardian eCommerce sends another potential customer their way. For convenience, Guardian eCommerce also provides a Safe Site Links page as a 'piece of mind' reference for online consumers seeking to purchase goods and/or services online from recommended and reviewed safe sites.
Brought to you by Guardian eCommerce.
Thursday, April 21, 2005
Report: E-Mail Coming to All Smartphones Soon
Wireless e-mail connectivity will be a built-in feature on all smartphones by the end of 2008, according to a new report from Gartner that underscores the shift in the hand-held device market and portends massive future changes. Gartner said wireless e-mail is on its way to becoming a mainstream mobile application as common as voice communications among end users, but that several factors are hampering uptake of wireless e-mail for the time being.
Network Providers Delay: "Network operators are reluctant to permit widespread messaging access to their networks without collecting fees from those who send such messages," Gartner Vice President Ken Dulaney said. "However, operators will lose this battle the same way that telecommunications companies lost the battle against an open Internet."
Smartphones have long included Web surfing capabilities, but not necessarily e-mail client software, making the process of accessing e-mail accounts through a Web interface time-consuming, clumsy and expensive. At the same time, mobile e-mail servers are not widely in place on corporate networks. In fact, many analysts say mobile network providers have been slow to embrace data services such as e-mail and text messaging out of fear of cannibalizing their core voice-minutes business, which has been an engine of growth and profitability for many of them.
However, failing to do so could result in loss of users to the Blackberry or other options, and mobile carriers are likely to find ways to bundle e-mail and instant messaging in a way that protects their core revenue streams. Many analysts expect most telecommunications companies to forge partnerships for robust e-mail services in the near future as they recognize the value of being able to provide a full menu of communications services to users.
Productivity Benefits: Dulaney said the situation today is similar to the early days of mobile voice technology. Current mobile e-mail use is limited largely to relatively expensive services such as Research In Motion's popular Blackberry. At the same time, many enterprises haven't yet realized the potential productivity benefits of outfitting workers with mobile e-mail.
However, Dulaney said it will take a relatively short period of time for mobile e-mail to reach critical mass among users, especially as companies realize that if approached correctly, adding e-mail to a suite of mobile services could be relatively inexpensive. For instance, Dulaney added, wireless e-mail use could actually cut down on the amount of wireless voice minutes used. "A business manager might see voicemails dropping precipitously and find real benefits to the fact that messages can be forwarded easily inside and outside the organization," the analyst said. "The overall cost per message delivered is likely to be lower, given the theory that most phone calls are several minutes long and include the time to connect to the person called."
The migration toward all-in-one smartphones has been well-documented and has coincided with a plunge in the sale of other types of hand-helds, especially personal digital assistants (PDAs). One notable exception to that trend has been the Blackberry, which enjoys credibility among business users.
Jockeying for Position: Technology companies are rushing to be in position to provide the next wave of communications services. AOL and Yahoo both recently announced deals to license their instant messaging platforms for use on the Blackberry. Also, Microsoft has announced a surprising deal to cross-license technology with Symbian, the creator of one of the most widely used smartphone operating systems.
That deal involves Microsoft's Exchange server, which the software giant is hoping will become a standard for mobile e-mail able to rival that of Blackberry. Business users want constant access to e-mail but that even those corporations that recognize the potential productivity gains to be realized are wrestling with how best to make it happen.
For instance, ompanies might be reluctant to add an entirely new layer of e-mail servers dedicated to serving mobile users and might be open to approaches such as the one Microsoft hopes to create, that enables similar servers to be used for all e-mail and messaging solutions. Meanwhile, the consumer market is also ripe for the arrival of full mobile e-mail access. Already, Web search and portal companies have invested heavily in providing services via mobile devices, despite the fact that many devices have limitations when it comes to accessing the Web, including limited bandwidth, the high cost of such access and the difficulty of navigating small keyboards. Easing the use of e-mail on those devices could further boost how often they're used and create new opportunities for selling mobile.
Brought to you by Guardian eCommerce.
Network Providers Delay: "Network operators are reluctant to permit widespread messaging access to their networks without collecting fees from those who send such messages," Gartner Vice President Ken Dulaney said. "However, operators will lose this battle the same way that telecommunications companies lost the battle against an open Internet."
Smartphones have long included Web surfing capabilities, but not necessarily e-mail client software, making the process of accessing e-mail accounts through a Web interface time-consuming, clumsy and expensive. At the same time, mobile e-mail servers are not widely in place on corporate networks. In fact, many analysts say mobile network providers have been slow to embrace data services such as e-mail and text messaging out of fear of cannibalizing their core voice-minutes business, which has been an engine of growth and profitability for many of them.
However, failing to do so could result in loss of users to the Blackberry or other options, and mobile carriers are likely to find ways to bundle e-mail and instant messaging in a way that protects their core revenue streams. Many analysts expect most telecommunications companies to forge partnerships for robust e-mail services in the near future as they recognize the value of being able to provide a full menu of communications services to users.
Productivity Benefits: Dulaney said the situation today is similar to the early days of mobile voice technology. Current mobile e-mail use is limited largely to relatively expensive services such as Research In Motion's popular Blackberry. At the same time, many enterprises haven't yet realized the potential productivity benefits of outfitting workers with mobile e-mail.
However, Dulaney said it will take a relatively short period of time for mobile e-mail to reach critical mass among users, especially as companies realize that if approached correctly, adding e-mail to a suite of mobile services could be relatively inexpensive. For instance, Dulaney added, wireless e-mail use could actually cut down on the amount of wireless voice minutes used. "A business manager might see voicemails dropping precipitously and find real benefits to the fact that messages can be forwarded easily inside and outside the organization," the analyst said. "The overall cost per message delivered is likely to be lower, given the theory that most phone calls are several minutes long and include the time to connect to the person called."
The migration toward all-in-one smartphones has been well-documented and has coincided with a plunge in the sale of other types of hand-helds, especially personal digital assistants (PDAs). One notable exception to that trend has been the Blackberry, which enjoys credibility among business users.
Jockeying for Position: Technology companies are rushing to be in position to provide the next wave of communications services. AOL and Yahoo both recently announced deals to license their instant messaging platforms for use on the Blackberry. Also, Microsoft has announced a surprising deal to cross-license technology with Symbian, the creator of one of the most widely used smartphone operating systems.
That deal involves Microsoft's Exchange server, which the software giant is hoping will become a standard for mobile e-mail able to rival that of Blackberry. Business users want constant access to e-mail but that even those corporations that recognize the potential productivity gains to be realized are wrestling with how best to make it happen.
For instance, ompanies might be reluctant to add an entirely new layer of e-mail servers dedicated to serving mobile users and might be open to approaches such as the one Microsoft hopes to create, that enables similar servers to be used for all e-mail and messaging solutions. Meanwhile, the consumer market is also ripe for the arrival of full mobile e-mail access. Already, Web search and portal companies have invested heavily in providing services via mobile devices, despite the fact that many devices have limitations when it comes to accessing the Web, including limited bandwidth, the high cost of such access and the difficulty of navigating small keyboards. Easing the use of e-mail on those devices could further boost how often they're used and create new opportunities for selling mobile.
Brought to you by Guardian eCommerce.
Tuesday, April 19, 2005
Yahoo Offers Free Web Sites for Small Businesses
In a move to enhance its search and advertising businesses, Yahoo announced today it would offer free Web hosting to small businesses . The Internet company said any small business can sign up for a free Web page that will appear in Yahoo's Local directory.
Yahoo Local general manager Paul Levine said providing small businesses with free Web sites helps them leverage the Internet and adds depth and comprehensiveness to Yahoo's local product for consumers. "As more and more consumers rely on the Internet for information about their neighborhood -- from finding restaurants to plumbers to dry cleaners -- local businesses are realizing the value of reaching potential customers online," Levine said.
A Helping Hand: Analysts expect that helping hand to be well received. According to The Kelsey Group, over 50 percent of the more than 20 million small businesses in the U.S. do not yet have a Web site . Kelsey Group analyst Greg Sterling told the E-Commerce Times this is an attractive offer for small businesses because it removes a lot of barriers to adoption, like which host to use and how much storage space to purchase. And Yahoo's template wizard makes it easy to set up a working site in a few steps. "If this is widely adopted, it could have a broader impact on the market," Sterling said. "Competitors might have to set up something comparable as an entry level offer or attempt to discredit the strategy."
Yahoo's Loss Leader: The free service complements Yahoo Local's other merchant offerings, including Free Basic Listings and Enhanced Listings. Yahoo is betting that small businesses will extend their Internet presence over time as their online needs grow with its other services, like domain name , e-mail, enhanced Web hosting and e-commerce solutions.
Even if competitors do try to copycat Yahoo, Sterling said it may be difficult to replicate because not all business models can absorb the upfront costs associated with giving away Web sites.
"Yahoo has multiple revenue streams and they can subsidize free Web pages," Sterling said. "That's a significant factor. This is a loss leader for Yahoo. It brings people in the store where they show them the rest of what they've got in terms of commerce solutions."
Brought to you by Guardian eCommerce.
Yahoo Local general manager Paul Levine said providing small businesses with free Web sites helps them leverage the Internet and adds depth and comprehensiveness to Yahoo's local product for consumers. "As more and more consumers rely on the Internet for information about their neighborhood -- from finding restaurants to plumbers to dry cleaners -- local businesses are realizing the value of reaching potential customers online," Levine said.
A Helping Hand: Analysts expect that helping hand to be well received. According to The Kelsey Group, over 50 percent of the more than 20 million small businesses in the U.S. do not yet have a Web site . Kelsey Group analyst Greg Sterling told the E-Commerce Times this is an attractive offer for small businesses because it removes a lot of barriers to adoption, like which host to use and how much storage space to purchase. And Yahoo's template wizard makes it easy to set up a working site in a few steps. "If this is widely adopted, it could have a broader impact on the market," Sterling said. "Competitors might have to set up something comparable as an entry level offer or attempt to discredit the strategy."
Yahoo's Loss Leader: The free service complements Yahoo Local's other merchant offerings, including Free Basic Listings and Enhanced Listings. Yahoo is betting that small businesses will extend their Internet presence over time as their online needs grow with its other services, like domain name , e-mail, enhanced Web hosting and e-commerce solutions.
Even if competitors do try to copycat Yahoo, Sterling said it may be difficult to replicate because not all business models can absorb the upfront costs associated with giving away Web sites.
"Yahoo has multiple revenue streams and they can subsidize free Web pages," Sterling said. "That's a significant factor. This is a loss leader for Yahoo. It brings people in the store where they show them the rest of what they've got in terms of commerce solutions."
Brought to you by Guardian eCommerce.
Monday, April 18, 2005
Google Takes Local Search Mobile
In a bid to drill into two fertile growth markets with a single service, Google has unveiled a version of its local search tool designed specifically for users of mobile devices. The mobile version of Google Local went live this week and seeks to extend many of the same features available at the Web-based local search product to hand-held devices in a way that makes the transition seamless. The new product expands the possibilities for mobile commerce.
Following Yahoo: Like other Google mobile offerings -- including a basic search function -- the local product uses either mobile browsers or short messaging service (SMS) to deliver information such as driving directions and business listing information. Jonathan Rosenberg, vice president of product management at Google, said the service will prove useful for users whether they are "traveling long distances or looking for a restaurant in their hometown" and will eliminate the "hassle of referring to paper maps, reference guides, or often outdated directories.
"Google's mobile search and Google SMS services are important advancements in our goal to provide users immediate access to valuable information anywhere and anytime," Rosenberg added. The move comes about six months after Yahoo launched a mobile version of its Web, image and local search offerings. That service, which strips out bandwidth-hogging ads and other design features, offers users the ability to search the Web and to recall searches done on the desktop and stored online. It also has a keyword function that will immediately take users to the most likely results for a term.
Battle in the Air: The Google Local Web search offering presents mobile users with a screen with two boxes, one labeled "what" and the other "where" for entering a city or ZIP code. There's also a link for driving directions. Results include 10 local services matching the location and a small map showing their locations and, if the user's phone supports it, links enable telephone numbers to be called directly.
Many analysts believe that combining local search listings with mobile accessibility is one of the holy grails of search because it has the ability to provide users with information that is immediately relevant. It's also information that's most likely to lead directly to commerce. For instance, a user might use the search tool to pinpoint a restaurant in a strange city, narrowing his or her choices by using search terms and likely taking some of the guesswork out of the process.
The service is just the latest reminder of what one analyst calls a "war of attrition" among Web search companies to out-duel each other in terms of new services. Rarely does a day go by now without a new service or feature being rolled out by Google, Yahoo, MSN or one of the other major search players.
Ahead of the Curve: However, analysts said unlike other features and services, other search companies might not be in a position to roll out an answer to Google's mobile search upgrade.
"Unlike adding server space or partnering with a third party for another feature, developing robust services for mobile devices is not an easy proposition," Gartner analyst Phil Redman told us.
That might be one of the reasons that Google moved forward with both SMS and Web browser mobile features when it first launched last year, he added. "Most wireless operators have not yet provided the proper content or applications for integration on mobile handsets," Redman said. At the same time, having browser-ready mobile content is important because text messaging has yet to gain widespread acceptance except among teenage users, among whom it is wildly popular.
Brought to you by Guardian eCommerce Privacy Seal Program.
Following Yahoo: Like other Google mobile offerings -- including a basic search function -- the local product uses either mobile browsers or short messaging service (SMS) to deliver information such as driving directions and business listing information. Jonathan Rosenberg, vice president of product management at Google, said the service will prove useful for users whether they are "traveling long distances or looking for a restaurant in their hometown" and will eliminate the "hassle of referring to paper maps, reference guides, or often outdated directories.
"Google's mobile search and Google SMS services are important advancements in our goal to provide users immediate access to valuable information anywhere and anytime," Rosenberg added. The move comes about six months after Yahoo launched a mobile version of its Web, image and local search offerings. That service, which strips out bandwidth-hogging ads and other design features, offers users the ability to search the Web and to recall searches done on the desktop and stored online. It also has a keyword function that will immediately take users to the most likely results for a term.
Battle in the Air: The Google Local Web search offering presents mobile users with a screen with two boxes, one labeled "what" and the other "where" for entering a city or ZIP code. There's also a link for driving directions. Results include 10 local services matching the location and a small map showing their locations and, if the user's phone supports it, links enable telephone numbers to be called directly.
Many analysts believe that combining local search listings with mobile accessibility is one of the holy grails of search because it has the ability to provide users with information that is immediately relevant. It's also information that's most likely to lead directly to commerce. For instance, a user might use the search tool to pinpoint a restaurant in a strange city, narrowing his or her choices by using search terms and likely taking some of the guesswork out of the process.
The service is just the latest reminder of what one analyst calls a "war of attrition" among Web search companies to out-duel each other in terms of new services. Rarely does a day go by now without a new service or feature being rolled out by Google, Yahoo, MSN or one of the other major search players.
Ahead of the Curve: However, analysts said unlike other features and services, other search companies might not be in a position to roll out an answer to Google's mobile search upgrade.
"Unlike adding server space or partnering with a third party for another feature, developing robust services for mobile devices is not an easy proposition," Gartner analyst Phil Redman told us.
That might be one of the reasons that Google moved forward with both SMS and Web browser mobile features when it first launched last year, he added. "Most wireless operators have not yet provided the proper content or applications for integration on mobile handsets," Redman said. At the same time, having browser-ready mobile content is important because text messaging has yet to gain widespread acceptance except among teenage users, among whom it is wildly popular.
Brought to you by Guardian eCommerce Privacy Seal Program.
Sunday, April 17, 2005
Surfers Learn To Tolerate Spam
Computer users are getting used to spam and no longer regard it as such an issue, according to a report from the Pew Internet and American Life Project.
Although two thirds of respondents found spam annoying, this was down from 77 percent a year ago. As for fears that spam would undermine Internet use, 53 percent of e-mail users indicated that spam has made them less trusting of e-mail, compared to 62 percent a year ago.
Volume Heavy: The report also questions a recent report claiming that spam levels are approaching 95 percent of all e-mail. "While more users report an increase than a decrease in spam over the past year, the numbers are much more modest than the dramatic increases reported by spam filtering companies," said the report's author, Deborah Fellows, senior research fellow at the Pew Internet and American Life Project.
"The differential between the big increases in calculated spam volumes on the Internet (an 83 percent increase reported by MessageLabs) and very modest yet statistically significant increases in spam reported by e-mailers, suggests that for whatever reason (better filters, more filters, better spam avoidance behavior by users) not much of that additional spam is making it to users' inboxes."
Effective Filters: Fellows added that about half of all users of private and business e-mail reported no change in the volume of spam, and about one in five thought they were getting less. "Domestic providers like AOL and Hotmail have done a huge amount of work to filter spam," said Paul Wood, chief information security analyst at MessageLabs.
"What people don't see is the spam that's filtered out. Other ISPs have a lesson to learn from that: people will move from e-mail providers that don't protect against spam as standard." The number of people who actually buy products from spam e-mails remains steady at seven percent. This is more than enough to keep the spammers in business, according to the report.
Brought to you by Guardian eCommerce.
Although two thirds of respondents found spam annoying, this was down from 77 percent a year ago. As for fears that spam would undermine Internet use, 53 percent of e-mail users indicated that spam has made them less trusting of e-mail, compared to 62 percent a year ago.
Volume Heavy: The report also questions a recent report claiming that spam levels are approaching 95 percent of all e-mail. "While more users report an increase than a decrease in spam over the past year, the numbers are much more modest than the dramatic increases reported by spam filtering companies," said the report's author, Deborah Fellows, senior research fellow at the Pew Internet and American Life Project.
"The differential between the big increases in calculated spam volumes on the Internet (an 83 percent increase reported by MessageLabs) and very modest yet statistically significant increases in spam reported by e-mailers, suggests that for whatever reason (better filters, more filters, better spam avoidance behavior by users) not much of that additional spam is making it to users' inboxes."
Effective Filters: Fellows added that about half of all users of private and business e-mail reported no change in the volume of spam, and about one in five thought they were getting less. "Domestic providers like AOL and Hotmail have done a huge amount of work to filter spam," said Paul Wood, chief information security analyst at MessageLabs.
"What people don't see is the spam that's filtered out. Other ISPs have a lesson to learn from that: people will move from e-mail providers that don't protect against spam as standard." The number of people who actually buy products from spam e-mails remains steady at seven percent. This is more than enough to keep the spammers in business, according to the report.
Brought to you by Guardian eCommerce.
Thursday, April 14, 2005
MSN Offers Advertisers Messenger, Spaces Opportunities
Microsoft today released MSN Spaces and Messenger version 7.0 to the public, and with new initiatives designed to connect advertisers with target customers through the services, users may get more than they bargained for.
The software company plans to integrate ads into users' personal Spaces -- free Web journals, or blogs, revealed in beta form in December -- and at the beginning of video chats initiated through Messenger. "Deeper brand integration into MSN Messenger and MSN Spaces will enable our advertisers to connect with their target audiences in more creative, spontaneous and unobtrusive ways," said Joanne Bradford, vice president and chief media revenue officer for MSN.
Cashing in on Communication: U.S. Internet advertising revenue is expected to rise 25 percent to US$12 billion this year, according to American Technology Research in San Francisco. Microsoft wants to claim a larger slice of that pie after seeing its MSN division post its first profit last year thanks to more than $1 billion in ad sales.
Volvo is one of the advertisers already signed up for Spaces exposure. The company will have its own "Space" in which it will advertise its automobiles in a blog format. Volvo will also advertise its vehicles through text links and graphics at the top of users' personal Spaces. In addition, Messenger users will now see text advertisements within the conversation window as well as in the normal half-banner on their buddy lists. MSN is also opening up its Tabs architecture to allow sponsored tabs within the client.
Every month more than 155 million active users log in to the MSN Messenger service. Bradford said she expects advertisers like Volvo, Sprite and Adidas to enjoy "higher brand awareness and favorability." Microsoft said it expects to generate hundreds of millions of dollars in ad revenue through its various initiatives over the next few years.
Users Are Used to It: Whether users are bothered by advertisers' increasing infiltration of their personal communications space remains to be seen. One analyst told the E-Commerce Times he doesn't expect them to mind. Jupiter Research analyst Joe Wilcox said that since most free software displays ads, he is hardly expecting a consumer backlash.
"It's pretty reasonable for Microsoft to want to make money on these services. How long can you give it away for free?" Wilcox asked. "MSN is a major division of Microsoft and it's supposed to generate profit. Right now, the main source of MSN revenue is advertising."
Personalized Community Features: Wilcox pointed out that MSN is not relying exclusively on advertising: Personalization options like Winks, Dynamic Display Pictures and theme packs allow customers to show their personality and mood with premium content from third-party providers. For example, a customized message can include a greeting that shows the name of a song someone is listening to and, with one click, customers can go to MSN Music to purchase the song or listen to a snippet. And "gleam" notifications let friends and family using Messenger know that users have updated their blogs.
"The Internet is about sprawl," Wilcox said. "MSN Messenger and Spaces try to contain that sprawl by putting emphasis on the people you know. It's a very smart approach and it's a good way of bringing blogging into the mainstream."
More information at Guardian eCommerce.
The software company plans to integrate ads into users' personal Spaces -- free Web journals, or blogs, revealed in beta form in December -- and at the beginning of video chats initiated through Messenger. "Deeper brand integration into MSN Messenger and MSN Spaces will enable our advertisers to connect with their target audiences in more creative, spontaneous and unobtrusive ways," said Joanne Bradford, vice president and chief media revenue officer for MSN.
Cashing in on Communication: U.S. Internet advertising revenue is expected to rise 25 percent to US$12 billion this year, according to American Technology Research in San Francisco. Microsoft wants to claim a larger slice of that pie after seeing its MSN division post its first profit last year thanks to more than $1 billion in ad sales.
Volvo is one of the advertisers already signed up for Spaces exposure. The company will have its own "Space" in which it will advertise its automobiles in a blog format. Volvo will also advertise its vehicles through text links and graphics at the top of users' personal Spaces. In addition, Messenger users will now see text advertisements within the conversation window as well as in the normal half-banner on their buddy lists. MSN is also opening up its Tabs architecture to allow sponsored tabs within the client.
Every month more than 155 million active users log in to the MSN Messenger service. Bradford said she expects advertisers like Volvo, Sprite and Adidas to enjoy "higher brand awareness and favorability." Microsoft said it expects to generate hundreds of millions of dollars in ad revenue through its various initiatives over the next few years.
Users Are Used to It: Whether users are bothered by advertisers' increasing infiltration of their personal communications space remains to be seen. One analyst told the E-Commerce Times he doesn't expect them to mind. Jupiter Research analyst Joe Wilcox said that since most free software displays ads, he is hardly expecting a consumer backlash.
"It's pretty reasonable for Microsoft to want to make money on these services. How long can you give it away for free?" Wilcox asked. "MSN is a major division of Microsoft and it's supposed to generate profit. Right now, the main source of MSN revenue is advertising."
Personalized Community Features: Wilcox pointed out that MSN is not relying exclusively on advertising: Personalization options like Winks, Dynamic Display Pictures and theme packs allow customers to show their personality and mood with premium content from third-party providers. For example, a customized message can include a greeting that shows the name of a song someone is listening to and, with one click, customers can go to MSN Music to purchase the song or listen to a snippet. And "gleam" notifications let friends and family using Messenger know that users have updated their blogs.
"The Internet is about sprawl," Wilcox said. "MSN Messenger and Spaces try to contain that sprawl by putting emphasis on the people you know. It's a very smart approach and it's a good way of bringing blogging into the mainstream."
More information at Guardian eCommerce.
Tuesday, April 12, 2005
Let Net Find Lowest Price
Dan Ciporin made me feel a bit sheepish last week when he asked which washing machine I had just bought from a local electronics chain over the Internet. He took the make and model information and clicked through the French site of Shopping.com, the company of which he is chief executive. Lo and behold, Shopping.com showed me that I could have saved US$135 on my washer-dryer at a small Paris retailer, if only I had done some comparison shopping on the Internet. At least I am not alone. Shopping.com research shows that among people who buy online, only 18 percent do price-checking on a site like Ciporin's.
European Competition: Ciporin plans to officially open his French outpost, which is still being tested, in early April, to be followed by one for Germany before September. They will both be run from London, where he already has a British version. Started in 2000, it accounted for 15 percent of the company's sales last year and is, he said, "very profitable."
Europe already has a dominant comparison-shopping site, Kelkoo, which is based in Paris and operates across most of the Continent and in Britain and which Yahoo (Nasdaq: YHOO) bought last year. But there is no prominent No. 2, and Ciporin says he believes that Shopping.com can take the spot with little effort. Already, the company says, it has signed up 70 percent of the top
50 retailers in France.
The American and British use of credit cards and the Internet are the keys to e-commerce. The French and German cultures are different, making less use of both credit cards and the Internet, for example, making Shopping.com's success here less predictable.
So why don't most online purchasers comparison-shop now? My own reason is probably a combination of laziness and ignorance. But Ciporin's demonstration in a Paris hotel meeting room gave me an education in how easy it is to save a few euros.
Three International Sites: In Ciporin's view, it is not enough to "Google" a product before you buy. Search engines return tens of thousands of Web site choices that are too general or too off-topic, or simply too numerous, to be helpful. He calls them, in business-speak, "not very actionable," unlike dedicated comparison sites like his.
With about 20 million monthly visitors, Shopping.com -- the result of the 2003 merger of Dealtime.com and Epinions.com -- is the third- largest e-commerce site in the United States, behind Amazon.com and eBay, the company says.
When Ciporin has all three international sites up and running, he expects to be able to offer price comparisons not just within a country but also between countries, leading to another potential way to save money.
Even when the French site opens for business in April, Shopping.com expects that around 20 percent of the retailers signed up will not be strictly French but pan-European merchants.
And Ciporin is confident that he can overcome what could be his biggest handicap: He does not own the Internet domain names www.shopping.fr and www.shopping.de.
To get to the French and German sites, you will have to type in www.shopping.com. Your browser and computer indicate which country you are connecting from, and Shopping.com will redirect you to the appropriate language site. Of course, if your browser thinks that you are in France and you want the British site, you will still be able to click through to it, Ciporin said.
Common Meaning: Perhaps the inestimable value of having the shopping.com site to begin with is that "shopping" is a word that conveys the correct meaning to both French and Germans. Ciporin said that may balance out that domain name drawback.
The owners of the .fr and .de addresses have, of course, done their best to get Shopping.com to pay big money for the privilege. Ciporin isn't having any of it. Amazon.com, eBay and local retailers like FNAC in France already have prosperous Internet businesses in Europe. But the price comparisons, Ciporin said, are the key. "People don't want to feel had," he said. Tell me about it.
Brought to you by Guardian eCommerce.
European Competition: Ciporin plans to officially open his French outpost, which is still being tested, in early April, to be followed by one for Germany before September. They will both be run from London, where he already has a British version. Started in 2000, it accounted for 15 percent of the company's sales last year and is, he said, "very profitable."
Europe already has a dominant comparison-shopping site, Kelkoo, which is based in Paris and operates across most of the Continent and in Britain and which Yahoo (Nasdaq: YHOO) bought last year. But there is no prominent No. 2, and Ciporin says he believes that Shopping.com can take the spot with little effort. Already, the company says, it has signed up 70 percent of the top
50 retailers in France.
The American and British use of credit cards and the Internet are the keys to e-commerce. The French and German cultures are different, making less use of both credit cards and the Internet, for example, making Shopping.com's success here less predictable.
So why don't most online purchasers comparison-shop now? My own reason is probably a combination of laziness and ignorance. But Ciporin's demonstration in a Paris hotel meeting room gave me an education in how easy it is to save a few euros.
Three International Sites: In Ciporin's view, it is not enough to "Google" a product before you buy. Search engines return tens of thousands of Web site choices that are too general or too off-topic, or simply too numerous, to be helpful. He calls them, in business-speak, "not very actionable," unlike dedicated comparison sites like his.
With about 20 million monthly visitors, Shopping.com -- the result of the 2003 merger of Dealtime.com and Epinions.com -- is the third- largest e-commerce site in the United States, behind Amazon.com and eBay, the company says.
When Ciporin has all three international sites up and running, he expects to be able to offer price comparisons not just within a country but also between countries, leading to another potential way to save money.
Even when the French site opens for business in April, Shopping.com expects that around 20 percent of the retailers signed up will not be strictly French but pan-European merchants.
And Ciporin is confident that he can overcome what could be his biggest handicap: He does not own the Internet domain names www.shopping.fr and www.shopping.de.
To get to the French and German sites, you will have to type in www.shopping.com. Your browser and computer indicate which country you are connecting from, and Shopping.com will redirect you to the appropriate language site. Of course, if your browser thinks that you are in France and you want the British site, you will still be able to click through to it, Ciporin said.
Common Meaning: Perhaps the inestimable value of having the shopping.com site to begin with is that "shopping" is a word that conveys the correct meaning to both French and Germans. Ciporin said that may balance out that domain name drawback.
The owners of the .fr and .de addresses have, of course, done their best to get Shopping.com to pay big money for the privilege. Ciporin isn't having any of it. Amazon.com, eBay and local retailers like FNAC in France already have prosperous Internet businesses in Europe. But the price comparisons, Ciporin said, are the key. "People don't want to feel had," he said. Tell me about it.
Brought to you by Guardian eCommerce.
Sunday, April 10, 2005
A new breed of news aggregators could provide Web users with personal control over their content feeds and force portals and other e-commerce companies that rely on content to reach their audience to rethink their approaches.
While the jury is still out on the eventual impact of Web logs, or blogs, on Internet use, few analysts doubt that they have accelerated the democratization of the Internet by giving users a vastly wider array of choices from where to get their news and information.
Until recently, finding and reading appropriate blogs often meant extensive searching and clicking through a number of sites. However, news aggregators are beginning to change that by enabling users to create their own pages based upon informal news feeds from blogs and other sources.
Only the Beginning: The rise of aggregators such as Newsgator.com, Bloglines and Feedster have already begun to pressure traditional portals to open up their content. MSN has enabled users to choose from hundreds of news feeds, many of them nontraditional sources of information, placing the blog news alongside traditional fare such as CNN and Slate.
Aggregation is seen as a key for unlocking any revenue potential from blogs, because it will enable ads to be sold on them far more efficiently. In other words, just as consumers can't track all blogs on their own, advertisers are hard pressed to so as well. Portals have long viewed the ability to consolidate and control content an important part of their online roles. By simplifying the online life of users, they become favorite haunts that users return to over and over to view the latest news and begin their online excursions. That theory led to massive investments that resulted in sites such as Google News and the Yahoo equivalent.
E-Commerce Embraces Blogging: Just how disruptive the technology of blogging has the power to be has been underscored by recent developments as well. Already, podcasting, or the equivalent of radio-style blogging, has become an underground phenomenon. Also, Google just this week began to lay the groundwork for what could become a video blogging network.
E-commerce companies so far are eager to embrace the blogging trend. Amazon's search subsidiary, A9.com, has launched an open-source, syndicated search approach that can enable blog publishers to have search, and paid search, fed into their sites.
Also, optimists say the blogging trend might actually lead to better e-commerce and improved portal services being targeted to users. Because blogs are inherently personal, they can help advertisers and retailers find and target users on a far more specific level than is currently possible, said Chris Sherman, associate editor of Search Engine Watch.
Sherman noted that when Ask Jeeves bought blog publishing software firm Bloglines, it was gaining access to a huge store of personal information. "By knowing what blogs people access and publish, they can aggregate personal data to reveal consumer interest patterns," Sherman said. That in turn can allow the type of targeted ads and merchant offers that are more likely to result in sales.
Hedging Bets: Forrester Research analyst Charlene Li told us that blogs are similar to social networks, which many portals have bought into or formed on their own. Often, they've done so without knowing clearly where the business model lies. "No one wants to miss a trend," Li said. "There is a sense that over time, the revenue models will start to develop and these will be important investments to be a part of."
There is widespread belief that consumers will continue to look to online news sites and portals to filter out the flood of information, a role that in fact might become more important as the sheer volume of information available grows. Because blog aggregation and other technology is still relatively inexpensive to develop or acquire, the large Internet companies can essentially hedge their bets with blogging plays, Li added.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
While the jury is still out on the eventual impact of Web logs, or blogs, on Internet use, few analysts doubt that they have accelerated the democratization of the Internet by giving users a vastly wider array of choices from where to get their news and information.
Until recently, finding and reading appropriate blogs often meant extensive searching and clicking through a number of sites. However, news aggregators are beginning to change that by enabling users to create their own pages based upon informal news feeds from blogs and other sources.
Only the Beginning: The rise of aggregators such as Newsgator.com, Bloglines and Feedster have already begun to pressure traditional portals to open up their content. MSN has enabled users to choose from hundreds of news feeds, many of them nontraditional sources of information, placing the blog news alongside traditional fare such as CNN and Slate.
Aggregation is seen as a key for unlocking any revenue potential from blogs, because it will enable ads to be sold on them far more efficiently. In other words, just as consumers can't track all blogs on their own, advertisers are hard pressed to so as well. Portals have long viewed the ability to consolidate and control content an important part of their online roles. By simplifying the online life of users, they become favorite haunts that users return to over and over to view the latest news and begin their online excursions. That theory led to massive investments that resulted in sites such as Google News and the Yahoo equivalent.
E-Commerce Embraces Blogging: Just how disruptive the technology of blogging has the power to be has been underscored by recent developments as well. Already, podcasting, or the equivalent of radio-style blogging, has become an underground phenomenon. Also, Google just this week began to lay the groundwork for what could become a video blogging network.
E-commerce companies so far are eager to embrace the blogging trend. Amazon's search subsidiary, A9.com, has launched an open-source, syndicated search approach that can enable blog publishers to have search, and paid search, fed into their sites.
Also, optimists say the blogging trend might actually lead to better e-commerce and improved portal services being targeted to users. Because blogs are inherently personal, they can help advertisers and retailers find and target users on a far more specific level than is currently possible, said Chris Sherman, associate editor of Search Engine Watch.
Sherman noted that when Ask Jeeves bought blog publishing software firm Bloglines, it was gaining access to a huge store of personal information. "By knowing what blogs people access and publish, they can aggregate personal data to reveal consumer interest patterns," Sherman said. That in turn can allow the type of targeted ads and merchant offers that are more likely to result in sales.
Hedging Bets: Forrester Research analyst Charlene Li told us that blogs are similar to social networks, which many portals have bought into or formed on their own. Often, they've done so without knowing clearly where the business model lies. "No one wants to miss a trend," Li said. "There is a sense that over time, the revenue models will start to develop and these will be important investments to be a part of."
There is widespread belief that consumers will continue to look to online news sites and portals to filter out the flood of information, a role that in fact might become more important as the sheer volume of information available grows. Because blog aggregation and other technology is still relatively inexpensive to develop or acquire, the large Internet companies can essentially hedge their bets with blogging plays, Li added.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
Personal News Aggregators Promise To Alter Web Use
A new breed of news aggregators could provide Web users with personal control over their content feeds and force portals and other e-commerce companies that rely on content to reach their audience to rethink their approaches.
While the jury is still out on the eventual impact of Web logs, or blogs, on Internet use, few analysts doubt that they have accelerated the democratization of the Internet by giving users a vastly wider array of choices from where to get their news and information.
Until recently, finding and reading appropriate blogs often meant extensive searching and clicking through a number of sites. However, news aggregators are beginning to change that by enabling users to create their own pages based upon informal news feeds from blogs and other sources.
Only the Beginning: The rise of aggregators such as Newsgator.com, Bloglines and Feedster have already begun to pressure traditional portals to open up their content. MSN has enabled users to choose from hundreds of news feeds, many of them nontraditional sources of information, placing the blog news alongside traditional fare such as CNN and Slate.
Aggregation is seen as a key for unlocking any revenue potential from blogs, because it will enable ads to be sold on them far more efficiently. In other words, just as consumers can't track all blogs on their own, advertisers are hard pressed to so as well.
Portals have long viewed the ability to consolidate and control content an important part of their online roles. By simplifying the online life of users, they become favorite haunts that users return to over and over to view the latest news and begin their online excursions. That theory led to massive investments that resulted in sites such as Google News and the Yahoo equivalent.
E-Commerce Embraces Blogging: Just how disruptive the technology of blogging has the power to be has been underscored by recent developments as well. Already, podcasting, or the equivalent of radio-style blogging, has become an underground phenomenon. Also, Google just this week began to lay the groundwork for what could become a video blogging network.
E-commerce companies so far are eager to embrace the blogging trend. Amazon's search subsidiary, A9.com, has launched an open-source, syndicated search approach that can enable blog publishers to have search, and paid search, fed into their sites.
Also, optimists say the blogging trend might actually lead to better e-commerce and improved portal services being targeted to users. Because blogs are inherently personal, they can help advertisers and retailers find and target users on a far more specific level than is currently possible, said Chris Sherman, associate editor of Search Engine Watch.
Sherman noted that when Ask Jeeves bought blog publishing software firm Bloglines, it was gaining access to a huge store of personal information. "By knowing what blogs people access and publish, they can aggregate personal data to reveal consumer interest patterns," Sherman said. That in turn can allow the type of targeted ads and merchant offers that are more likely to result in sales.
Hedging Bets: Forrester Research analyst Charlene Li said that blogs are similar to social networks, which many portals have bought into or formed on their own. Often, they've done so without knowing clearly where the business model lies. "No one wants to miss a trend," Li said. "There is a sense that over time, the revenue models will start to develop and these will be important investments to be a part of."
There is widespread belief that consumers will continue to look to online news sites and portals to filter out the flood of information, a role that in fact might become more important as the sheer volume of information available grows.
Because blog aggregation and other technology is still relatively inexpensive to develop or acquire, the large Internet companies can essentially hedge their bets with blogging plays, Li added.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
While the jury is still out on the eventual impact of Web logs, or blogs, on Internet use, few analysts doubt that they have accelerated the democratization of the Internet by giving users a vastly wider array of choices from where to get their news and information.
Until recently, finding and reading appropriate blogs often meant extensive searching and clicking through a number of sites. However, news aggregators are beginning to change that by enabling users to create their own pages based upon informal news feeds from blogs and other sources.
Only the Beginning: The rise of aggregators such as Newsgator.com, Bloglines and Feedster have already begun to pressure traditional portals to open up their content. MSN has enabled users to choose from hundreds of news feeds, many of them nontraditional sources of information, placing the blog news alongside traditional fare such as CNN and Slate.
Aggregation is seen as a key for unlocking any revenue potential from blogs, because it will enable ads to be sold on them far more efficiently. In other words, just as consumers can't track all blogs on their own, advertisers are hard pressed to so as well.
Portals have long viewed the ability to consolidate and control content an important part of their online roles. By simplifying the online life of users, they become favorite haunts that users return to over and over to view the latest news and begin their online excursions. That theory led to massive investments that resulted in sites such as Google News and the Yahoo equivalent.
E-Commerce Embraces Blogging: Just how disruptive the technology of blogging has the power to be has been underscored by recent developments as well. Already, podcasting, or the equivalent of radio-style blogging, has become an underground phenomenon. Also, Google just this week began to lay the groundwork for what could become a video blogging network.
E-commerce companies so far are eager to embrace the blogging trend. Amazon's search subsidiary, A9.com, has launched an open-source, syndicated search approach that can enable blog publishers to have search, and paid search, fed into their sites.
Also, optimists say the blogging trend might actually lead to better e-commerce and improved portal services being targeted to users. Because blogs are inherently personal, they can help advertisers and retailers find and target users on a far more specific level than is currently possible, said Chris Sherman, associate editor of Search Engine Watch.
Sherman noted that when Ask Jeeves bought blog publishing software firm Bloglines, it was gaining access to a huge store of personal information. "By knowing what blogs people access and publish, they can aggregate personal data to reveal consumer interest patterns," Sherman said. That in turn can allow the type of targeted ads and merchant offers that are more likely to result in sales.
Hedging Bets: Forrester Research analyst Charlene Li said that blogs are similar to social networks, which many portals have bought into or formed on their own. Often, they've done so without knowing clearly where the business model lies. "No one wants to miss a trend," Li said. "There is a sense that over time, the revenue models will start to develop and these will be important investments to be a part of."
There is widespread belief that consumers will continue to look to online news sites and portals to filter out the flood of information, a role that in fact might become more important as the sheer volume of information available grows.
Because blog aggregation and other technology is still relatively inexpensive to develop or acquire, the large Internet companies can essentially hedge their bets with blogging plays, Li added.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
Sunday, April 03, 2005
Phishing Grows in Severity, Sophistication
Phishing is one of the most significant threats to online consumers, and as the incidence of this type of fraud increases, so does the perpetrators' average take. Phishers who lucked out and lured several customers of a British bank into false communications recently made off with an average of 5,000 pounds sterling, or US$9,348, per phished account.
With every successful intrusion on consumers' financial identities, phishers also gain more financial resources which they can then use to invest in more programmers and technology to advance their sophistication in fraud.
Phishers may target tens of millions of online consumers, but they only need a tiny fraction of those users to bite for them to collect a handsome reward. And many more malicious e-mails, culled from ever-expanding data sources, are going out as the months pass, according to the Anti-Phishing Working Group.
Unfortunately, banks and other frequently phished organizations, as well as independent security developers, are moving more slowly to deter these attacks than the phishers are to commit them, said Peter Cassidy, secretary general of the group.
Not long ago, phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts, positioning themselves as real-life banks. Half of these fake e-mails fell into spam filters employed by e-mail service providers, and another 35 percent got dumped by wise consumers.
The remaining 15 percent, however, arrived in the inboxes of consumers who were actually customers of the banks named by the phishers in their attacks. A smaller percentage of these messages were opened and acted upon by gullible recipients who clicked on links in the e-mails and entered their user names, passwords and other personal information the phisher requested on a phony bank login page.
Now phishers worldwide play an even sneakier game. They send e-mails offering content like sports scores or porn or daily jokes. These e-mails deliver their recipients to real Web sites that feature the advertised content, but the phishers use the visits to download key-logger programs, record keystrokes made on computers on which phishers have overridden the host files, or malware on consumer computers. In this way, they effectively take control of unwitting computer users' hardware so that when they visit their banks online, phishers literally cash in.
Cassidy called this "blended" or "hybrid" phishing because it combines the social engineering -- tricking e-mail accountholders into a communication based on a feigned relationship or a social invitiation -- with technical subterfuge, or the co-opting of private computers through the Internet.
"That combination is not wholesome," he said.
Heads in the Sand: Cassidy warned that banks need to be paying careful attention.
"When you're a bank, all you're really selling is trust, so you can't make it look like you're out of control of the solution," he told CRM Buyer. "Everyone is aware that this is going on, but at the end of the day, the losses are so small that banks wipe the crocodile tears of their customers away and put the money back into their accounts," he said. "In terms of rational economics, they figure anything they spend on security would completely eclipse any losses from phishing. They don't want to go out with a solution that won't work in another six months or a year."
But that doesn't do much for trust, especially when consumers read about phishing attacks in the media. Richard Stiennon, vice president of threat research at Webroot Software Inc., the maker of Phish Net, an application for consumers that is in beta test now, predicted that all banks eventually will adopt biometrics, single-use security codes or smart card functionality being tested by a handful of security-savvy institutions now.
But they may wait until the last possible minute to implement these safety measures.
"Whenever cybercrime intersects with existing business models, they don't react until they're affected," he said. "Banks are the most guilty parties in not evaluating the risks well enough.
There are technology solutions that the banks should be using."
Attacking eBay: While the most recent report from the Anti-Phishing Working Group -- results for the month of January 2005 -- show that 80 percent of phishing activity involves financial institutions, eBay also ranks among the top five companies most frequently targeted by phishers.
EBay's problem stems from its prominence in the online world. With the scads of transactions that take place through the auction house and the virtual nature of all communications occurring through it, phishers can hardly pass the opportunity to scam sellers. "EBay has over 20 million active users. That makes it one of the most likely targets. Citibank doesn't have that many online users even though it might have more accounts," said Stiennon.
The Anti-Phishing Working Group's Cassidy commended eBay for its security initiatives, however, and said, "eBay has been subject to this probably longer than anyone else and is doing a lot that's probably smarter than anyone else," he said. "It is way ahead of the world."
Understanding the Problem: "The message that really has to come across is that phishing is evolving," said Cassidy. "It's going to higher levels of automation that ultimately will not require any interaction from consumers at all."
Brought to you by Guardian eCommerce.
With every successful intrusion on consumers' financial identities, phishers also gain more financial resources which they can then use to invest in more programmers and technology to advance their sophistication in fraud.
Phishers may target tens of millions of online consumers, but they only need a tiny fraction of those users to bite for them to collect a handsome reward. And many more malicious e-mails, culled from ever-expanding data sources, are going out as the months pass, according to the Anti-Phishing Working Group.
Unfortunately, banks and other frequently phished organizations, as well as independent security developers, are moving more slowly to deter these attacks than the phishers are to commit them, said Peter Cassidy, secretary general of the group.
Not long ago, phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts, positioning themselves as real-life banks. Half of these fake e-mails fell into spam filters employed by e-mail service providers, and another 35 percent got dumped by wise consumers.
The remaining 15 percent, however, arrived in the inboxes of consumers who were actually customers of the banks named by the phishers in their attacks. A smaller percentage of these messages were opened and acted upon by gullible recipients who clicked on links in the e-mails and entered their user names, passwords and other personal information the phisher requested on a phony bank login page.
Now phishers worldwide play an even sneakier game. They send e-mails offering content like sports scores or porn or daily jokes. These e-mails deliver their recipients to real Web sites that feature the advertised content, but the phishers use the visits to download key-logger programs, record keystrokes made on computers on which phishers have overridden the host files, or malware on consumer computers. In this way, they effectively take control of unwitting computer users' hardware so that when they visit their banks online, phishers literally cash in.
Cassidy called this "blended" or "hybrid" phishing because it combines the social engineering -- tricking e-mail accountholders into a communication based on a feigned relationship or a social invitiation -- with technical subterfuge, or the co-opting of private computers through the Internet.
"That combination is not wholesome," he said.
Heads in the Sand: Cassidy warned that banks need to be paying careful attention.
"When you're a bank, all you're really selling is trust, so you can't make it look like you're out of control of the solution," he told CRM Buyer. "Everyone is aware that this is going on, but at the end of the day, the losses are so small that banks wipe the crocodile tears of their customers away and put the money back into their accounts," he said. "In terms of rational economics, they figure anything they spend on security would completely eclipse any losses from phishing. They don't want to go out with a solution that won't work in another six months or a year."
But that doesn't do much for trust, especially when consumers read about phishing attacks in the media. Richard Stiennon, vice president of threat research at Webroot Software Inc., the maker of Phish Net, an application for consumers that is in beta test now, predicted that all banks eventually will adopt biometrics, single-use security codes or smart card functionality being tested by a handful of security-savvy institutions now.
But they may wait until the last possible minute to implement these safety measures.
"Whenever cybercrime intersects with existing business models, they don't react until they're affected," he said. "Banks are the most guilty parties in not evaluating the risks well enough.
There are technology solutions that the banks should be using."
Attacking eBay: While the most recent report from the Anti-Phishing Working Group -- results for the month of January 2005 -- show that 80 percent of phishing activity involves financial institutions, eBay also ranks among the top five companies most frequently targeted by phishers.
EBay's problem stems from its prominence in the online world. With the scads of transactions that take place through the auction house and the virtual nature of all communications occurring through it, phishers can hardly pass the opportunity to scam sellers. "EBay has over 20 million active users. That makes it one of the most likely targets. Citibank doesn't have that many online users even though it might have more accounts," said Stiennon.
The Anti-Phishing Working Group's Cassidy commended eBay for its security initiatives, however, and said, "eBay has been subject to this probably longer than anyone else and is doing a lot that's probably smarter than anyone else," he said. "It is way ahead of the world."
Understanding the Problem: "The message that really has to come across is that phishing is evolving," said Cassidy. "It's going to higher levels of automation that ultimately will not require any interaction from consumers at all."
Brought to you by Guardian eCommerce.
