EntrepreneurIt

Web (and other IT) resources for entrepreneurs

BLOG HOME    DawnGregg.com    Subscribe

Monday, March 01, 2010

Risks of insecure systems

There are basically three overlapping types of risk that we need to worry about on systems connected to the Internet:
  1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:


    • Steal confidential documents not intended for their eyes.
    • Execute commands on the server host machine, allowing them to modify the system.
    • Gain information about the Web server's host machine that will allow them to break into the system.
    • Launch denial-of-service attacks, rendering the machine temporarily unusable.
  2. Browser-side risks, including:


    • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
    • The misuse of personal information knowingly or unknowingly provided by the end-user.


      • e.g. Identity theft or Session hijacking
  3. Interception of network data sent between browser and server via eavesdropping. Eavesdroppers operate from any point on the path between browser and server:


    • The network on the browser's side of the connection.
    • The network on the server's side of the connection (including intranets).
    • The client or server's Internet service provider (ISP).
    • Either ISPs' regional access provider. 
    Some of these risks every user of the internet needs to be aware of (e.g. browser side risks and the fact that traffic can be intercepted in transit to and from the server) and others are the sole responsibility of the internet provider.

    As a small business owner you need to be aware of these risks and take steps to insure that your website is not vulnerable to them - or promoting them.  To do this you waill want to make sure you are using a reputable hosting provider that will monitor your site for denial of service attacks and other server side problems.  You will want to make sure you use SSL to encrypt all sensitive data transmission between yourself and your users.  You will want to make sure any software you use on your site (e.g. plug-ins, guest books etc) are from reputable providers so you do not pass viruses to your users. Finally, you will want to use strong passwords to log into your ftp site so that no one can "hack" your site and upload bad "viral" content or steal  private programs or data from you.

    Labels: ,

    Monday, February 22, 2010

    On-line Payment Mechanisms

    Frequently online businesses want to be able to collect payments over the Internet. This is usually accomplished through some sort of Payment Gateway, which is is an e-commerce service that authorizes payments for e-businesses and online retailers.
    • It is the equivalent of a physical POS (Point-of-sale) terminal located in most retail outlets.
    • Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant.
    Payment gateways encrypt information handled through SSL. This reduces the opportunity for fraud, and adds security to the transaction process. Gateways communicate with a variety of entities, including:
    • The customer
    • The merchant (through their website)
    • Credit Card companies (by verifying information)
    • Internet Merchant accounts that relay order information from the gateway to the merchant's bank account.
    There are hundreds of online payment gateway providers that allow you to process commercial transactions over the Web without compromising credit card numbers or other confidential information, they can be grouped into two different groups:
    • Merchant Payment Services
    • Personal Payment Services
    The advantage of using most payment gateways is that you are not responsible for storing your customer's credit card numbers.

    Merchant Payment Services

    Merchant Payment Gateways use specialized software on the merchant's server to provide for secure payments across the Internet. 
    There are numerous Merchant Payment Gateway providers:
    • VeriSign Payment Services
    • Authorize.net
    For you to use most payments via many merchant payment services you must: 
    1. Get an Internet approved merchant account from an affiliated merchant bank.
      • An Internet merchant account is configured to allow you to accept "card not present" transactions which are specifically designated as originating through the Internet.
    2. Select (or create) code that will be installed on your server that allows you to take payments on your website.
      • Buy Now Buttons that send payments directly to the Merchant Payment Service
      • Select a pre built shopping cart that automatically connects your Web site to the payment gateway and to a database on your server, allowing you to accept payments immediately and write orders and other customer information to your database.
    3. Register with with the merchant payment gateway provider: The online registration guides you through the process of setting up your web page to process payments. 
    How the Merchant Payment Gateway works:
    • Step 1: The merchant submits a credit card transaction to the Merchant Payment Gateway on behalf of a customer via secure Web site connection, retail store, MOTO center or wireless device (using the buy now buttons or shopping cart provided by the merchant payment service provider).
    • Step 2: The Merchant Payment Gateway receives the secure transaction information and passes it via a secure connection to the Merchant Bank's Processor.
    • Step 3: The Merchant Bank's Processor submits the transaction to the Credit Card Network (a system of financial entities that communicate to manage the processing, clearing, and settlement of credit card transactions).
    • Step 4: The Credit Card Network routes the transaction to the Customer's Credit Card Issuing Bank.
    • Step 5: The Customer's Credit Card Issuing Bank approves or declines the transaction based on the customer's available funds and passes the transaction results back to the Credit Card Network.
    • Step 6: The Credit Card Network relays the transaction results to the Merchant Bank's Processor.
    • Step 7: The Merchant Bank's Processor relays the transaction results to the Merchant Payment Gateway.
    • Step 8: The Merchant Payment Gateway stores the transaction results and sends them to the customer and/or the merchant. This step completes the authorization process – all in about three seconds or less!
    • Step 9: The Customer's Credit Card Issuing Bank sends the appropriate funds for the transaction to the Credit Card Network, which passes the funds to the Merchant's Bank. The bank then deposits the funds into the merchant's bank account. This step is known as the settlement process and typically the transaction funds are deposited into your primary bank account within two to four business days.
    Advantages:  merchant payment services is that it provides the merchant with a fully functional, externally managed payment processing system that allows: 
    • Risk Management – Sensitive data is stored in the payment service data center, never on your computer.
    • Accept a Variety of Payments – Most merchant services will allow you to accept all major credit cards, eCheck.Net (electronic checks from bank accounts), gift cards, and signature debit cards.
    • Manage Your Transactions – Most merchant services provide a Merchant Interface which will allow you to to monitor and control payments through your Web site.
    • Prevent Fraud – Many tools can help to identify suspicious transactions using fraud tools.
    • Receive Payments Quickly – Your funds are automatically deposited into your merchant bank account within days.
    • Free Help – Most services provide live technical and account support to merchants, as well as access to online documentation and user guides
    • While you have access to all transaction-critical information, VeriSign protects credit card data with the highest level of security, so you never have to worry about compromising your customer's sensitive credit card data.
    Disadvantages: Setting up a merchant account generally requires you to pay set-up fees, monthly fees and per transaction fees which may not be cost effective for new ventures with small volumes or for small purchases, such as "pay per play" on-line video games:
    • Setup Fee: $99.00
    • Monthly Gateway Fee: $20.00
    • Per-Transaction Fee: $0.10

    Personal Payment Services

    PayPal, Amazon Payments & Google Payments enables any individual or business with an email address to securely, easily and quickly send and receive payments online.
    Personal payment services cater to small businesses that do not want to set-up their own online payment mechanisms.
    Personal payment services cater has a number of options that allows users to quickly set-up online payment mechanisms on their Web sites:
    • Request Money  just enter the recipient's email address and the amount you are requesting. The recipient gets an email and instructions on how to pay you using PayPal at www.paypal.com.
    • Buy Now Buttons Buy Now Buttons or Pay now buttons are a low-cost way for you to accept credit card and bank account payments, and can be fully integrated with your website in a few easy steps.
    • Subscriptions allows you to set-up subscriptions for recurring payments from customers.
    On PayPal:
    • When a buyer clicks the Buy Now button, he will be taken to a secure PayPal payment page, where he can log in to an existing PayPal account or sign up for a new one, and quickly complete the purchase.



    If you dynamically generate portions of your site, you can populate your Buy Now buttons dynamically and save time by updating the variables with information from your database. To use the button above for a different item, you would only need to edit two variables: item_name, and amount.


    PayPal Shopping Cart: When you use PayPal's free Shopping Cart on your website, your customers can purchase multiple items with a single payment, browse your entire selection, and view a consolidated list of all their items before purchasing. The PayPal Shopping Cart is a low-cost way for you to accept credit card and bank account payments, and can be fully integrated with your website in a few easy steps.



    When a buyer clicks the "Add to Cart" button, a new window will appear listing the contents of the buyer's PayPal Shopping Cart, including the item just added. To make the purchase, the buyer clicks "Checkout" from this window.


    Personal payment services charge fees based on the type of account you set-up and how much you sell.  Currently the fees for PayPal, Amazon Payments and Google Checkout are the same and are paid per transaction:
     
     Premier/Business Account
    Open an Account Free
    Send Money Free
    Withdraw Funds Free for US bank accounts
    Add Funds Free
    Receive Funds 2.2% + $0.30 USD to
    2.9% + $0.30 USD
    Multiple Currency Transactions Exchange rate includes a 2.5% fee*

    Advantages
    : The advantages of personal payment services is that they are lower cost for small payment volumes and they are very easy to set up.

    Disadvantages
    : The customer completes the transaction on the payment service website - which can look less professional than having your own integrated payment mechanism.

    Whatever payment service you choose, it is your responsibility as an Internet merchant to use a reputable payment service that will handle credit card information with care, minimizing the likelihood that information for your customers will be lost, stolen or misused in any way.

    Labels: ,

    Monday, February 15, 2010

    Web Analytics

    As an entrepreneur developing your website you need to know Who is visiting which pages? How much traffic is your site getting, How does it measure up against traffic going to similar sites? and How has your traffic changed over time (e.g. as a result of some advertising campaign)?

    Web analytics is dedicated to collecting, measuring, and reporting on web and Internet data. As an entrepreneur you are concerned on-site analytics, which is targeted at understanding the journey of each user through a website. Analytics are used to record information ranging from a which pages are being visited as well as which pages garner more purchases from visitors. Analytics is the process of gathering and using statistics to:
    • Improve the design and content of your website
    • Increase conversion (orders)
    • Increase traffic to your site.
    Web analytics is concerned with using statistics to improve the design and content of your website. Here are some things you should search inside your statistics for, when you want to decide what content to improve:
    • Entry pages – what are the pages used to enter your site? Do visitors continue to surf the site from these pages? For example, a link to a good article might bring a lot of users but they leave immediately after reading it. You can add text to the article which will make visitors want to continue to search your site for more information.
    • Exit pages – from which pages do visitors, leave your site? Check carefully to see if there is something on these pages that causes visitors to leave. Try to fix the problem and then see if there is an improvement.
    • Online time – how long do visitors stay on your site and at each page?
    If you are using statistics to optimize your order process, here are the points you should analyze:
    • Conversion rate – the most important of all measurement. Do people buy (or sign up for trials or newsletters)?

      • To improve conversion you need to work step by step and check improvements.
      • Try also to segment the conversion by referring website, referring keywords and entry pages.
    • Order process segmentation – how many people proceed from shopping cart to order form?
    You can use analytics to increasing amount of good visitors to your website.  In order to do this you need to analyze the site statistics from the point of view of the site's target. A good visitor is someone interested in what you have to offer. Here are few steps you should take to increase the number of good visitors to your website:
    1. Optimizing for search engines
    2. Advertising campaigns in different sites
    3. Advertising campaigns through email
    4. Promoting the site in forums
    5. Attaining links from relevant sites
    You should check to see which means are best for increasing the number of good users. To find this out, you need the following statistical information:
    • Where did the good visitors come from (a combination of referrers, online time and conversion rate)?
    • Returning users – check to see which visitors return again and again.

      • How did they reach you the first time?
      • Is there a way to find more visitors like these?
    The easiest way for an entrepreneur to get started with web analytics is to use Google Analytics .  Google analytics is a great FREE tool for capturing a wide variety of web site statistics. It provides colorful charts and graphs make traffic information accessible and easy to understand. A quick weekly (or daily) check of your web traffic statistics provides feedback for how your site is doing, and helps you better understand the effectiveness of your online marketing efforts

    -----------------------------------------------
    References

    Enzo F. Cesario, Web Analytics and Your Website – What You Need to Know
    http://ldfeeds.com/statistics/web-analytics-and-your-website-%e2%80%93-what-you-need-to-know/
    Who visits your website? Use Google Analytics, http://www.creativetechs.com/iq/google_analytics.html
    How to Use Google Analytics for Beginners, http://www.mahalo.com/how-to-use-google-analytics-for-beginners

    Labels: ,

    Friday, February 05, 2010

    Using Webinars for Sales and Marketing

    Webinars are online seminars or presentations used to provide information about any subject your company feels your potential customers might be interested in. They can be interactive or not.  One big advantage of webinars is they presented live and then placed in archives for others to view later.

    I personally have used webinars extensively for training, usually when we launch product upgrade we take the opportunity to conduct a webinar on how to the new features. We also conduct periodic webinars just to stay connected with our user base. The response to our webinars varies depending on the topic, ranging from only a few participants to fifty or more. Based on the number of registrants and attendees we have had at our webinars demonstrates that most of our users are comfortable with the technology.

    During the course of the webinar, we get the opportunity to ask questions of our audience. We also record all our webinars (minus the audience interaction) and made it available on our website for people to view at their convenience. Given the positive response to the webinar and the positive feedback we have received, we believe that our webinars will increase our subscriber “stickiness.”

    In addition, offering instructional content on your website can significantly increase the likelihood of visitors “returning another time to learn something more, and ultimately make a purchase.” According to Ken Zwerdling (CEO of Foreign Translations)  “Some visitors just want to learn more about the service and the industry before they make the decision to [make a purchase].” Stephanie Chandler, author of From Entrepreneur to Infopreneur, agrees, saying that by adding informational content to your company’s website you have greater power to attract traffic from search engines. Chandler has built her business around the power of marketing with web content. webinars can be an important part of the instructional content you offer on your site.

    While training is the most common use for webinars, they can also be used to reach your target audience and help you increase sales of services or products.  Some Internet marketers use them to help teach potential customers about the products they are selling.  Most webinar tools have a registration feature which allows you to identify prospects who register and then see if they actually attend the event and for how long.  This can give you a pretty good feeling as to how interested a prospect is in the products you are selling.

    Many Internet users are more willing to view a webinar about a subject than to just read about it.  This allows Internet marketers can to use them as teasers or bait to help convert prospects.  Webinars gives you a portal to provide information in a way that helps you build branding, image, and customer loyalty.

    There are a wide variety of webinar tools available online and I have tried several of them.  When choosing a webinar tool things to look for include the number of concurrent visitors the tool allows, polling capabilities, ability to invinte participants, require registration, track attendance and record the webinar.  If you are interested in exploring how a webinar tool might be used for your organization, you might want to look at DimDim. They offer a webinar tool that is free for up to 20 participants.  While the tool lacks some of the features of some of the full feature commercial tools, it is more than adequate for webinars for a small number of attendees.

    I have found webinars to be a great way to connect with customers and potential customers and to build a library of content that contributes to the credibility of my company.


    ---------------------------------------------------------------
    References:

    Free Coaching on How to Market Using Webinars http://www.squidoo.com/marketingwithwebinars
    A Case for using Webinars: http://www.ctinnovations.com/blog/?p=355
    Drive Sales with Tutorials http://bestwebtutor.com/wordpress/?p=383

    Labels: , ,

    Tuesday, January 05, 2010

    Should you use personal payment services?

    Personal payment services are an easy way for small businesses to take payments online.  Personal payment services like PayPal, Amazon Payments & Google Payments enables any individual or business with an email address to securely, easily and quickly send and receive payments online. They can provide a number of benefits to small online businesses, including:
    • Personal payment services cater to small businesses that do not want to set-up their own online payment mechanisms.
    • Personal payment services cater has a number of options that allows users to quickly set-up online payment mechanisms on their Web sites:
    • Send Money allows you to pay anyone with an email address.
    • Request Money just enter the recipient's email address and the amount you are requesting. The recipient gets an email and instructions on how to pay you using PayPal at www.paypal.com.
    • Buy Now Buttons Buy Now Buttons or Pay now buttons are a low-cost way for you to accept credit card and bank account payments, and can be fully integrated with your website in a few easy steps.
    While there are advantages to personal payment mechanisms, there are also disadvantages. These include:
    • Personal payment services usually only accept debit and credit cards
    • Because PayPal, Amazon Payments and Google Checkout true payment gateway, there are some extra steps you need to go through in order to deposit money from your personal payment account into your bank account.
    • Perhaps the biggest disadvantage is that using a personal payment service establishes you as a small vendor which could negatively impact your credibility online. 
    For many small businesses that can’t really justify the expense of a more traditional payment gateway, however, PayPal, Amazon Payments or Google Checkout can be essential to setting-up your online business. When making a payment service decision,  it is a good idea to review your business needs. Different payment options can be compared based on simplicity for you (the entrepreneur), ease of use for the customer, cost as well as any potential impact on your credibility.  Compare a number of different options, and understand what would work best for your particular situation. Remember, no decision is forever, if you need to, you can add a true payment gateway at a later date as your online sales grow.

      Labels: ,

      Sunday, December 27, 2009

      What are cookies and should you be using them?

      A Cookie is a data file that is written on the user's computer by a program within a Web page. Cookies are often used to store information about:
        • Which pages a user has viewed
        • How many times a user has visited a Web site
        • What information the user has entered on past visits (e.g. login name and password or customer data)
        • What items a user has selected to purchase (shopping cart)

      • A cookie stores information in pairs of variable names and associated values.  Each name/value pair is separated by a semicolon (;):
        userid=mkellog;password=hello;
      • Information in cookies is essentially private.  Cookies can only be read by the same Web site domain name or IP address that created them.
      Cookies are not necessary for many informational websites.  However, if you have subscription based content, are using a shopping cart or have a need to remember a user's identity from page to page.  Cookies are essential.  Generally, using cookies on a website requires a developer with some programming expereince in either JavaScript or in a server side language like PHP.

      Labels: ,

      Monday, December 21, 2009

      Writing for the web: What entrepreneurs need to know

      Creating good content for your website is the essential and most overlooked aspect of website design.  Many people focus on the aesthetic aspects of a site without thinking on what they want to say an how they want to say it.  Many people assume that the same words that work for print campaigns or materials can just be copied and pasted for the web, but that’s just not true. Research indicates that users read hypertext very differently than printed information.  Here are four rules for writing for the web.

      1. Know Your Objective

      One advantage to writing for a website is that it websites are divided into a series of pages, each of which is designed to convey a specific piece of information.  When writing an individual page you need to know what purpose that page serves within the overall context of the site. Once you know the objective, you’ll be able to more clearly articulate what you need to get across to your customers in your copy, and you’ll be able to eliminate any text that does not support the objective.

      2. Know Your Audience

      This should be the the guiding principle behind all aspects of your web design.  You need to know who your customer is and what information they will be looking for on your website.  Knowing your audience and understanding what they are looking for and help you with the next rule as well.

      3. Keep it Short

      Studies have found that the more words you add to a web page the less time people spend reading it. A general rule of thumb is to use half the words that you use in printed material when writing for the web.  One study found that users only spend about 4.4 seconds on a page for every 100 words of content.  That suggests that if you keep your content as short as possible.  Ideally you should limit yourself to one idea per paragraph (users will usually skip over any additional ideas).  Additionally, you should start your paragraphs with the conclusion, then add details.

      4. Make it Scannable

      According to Jacob Nielsen's Alertbox people rarely read websites word by word; instead they scan the page,  picking out individual words and sentences. In research on how people read websites Nielsen found that 79 percent of our test users always scanned any new page they came across; only 16 percent read word-by-word.  As a result you need to make your website scannable this includes:
      • Highlight keywords (hypertext links serve as one form of highlighting; typeface variations and color are others)
      • Use meaningful sub-headings (not "clever" ones)
      • Use bulleted lists
      5. Use Neutral/Objective Language

      Research suggests that website visitors do not like sites that use a promotional writing style with boastful subjective claims ("hottest ever"). Web users are seeking straightforward honest information when they are browsing the web and are more likely to trust sites that use neutral objective language.

      Customizing your writing style specifically for the web can dramatically improve the usability of your website.  It can make users read more of your content, improving the likelihood users will act on the information they find. 
      -----------------------------------
      References:

      Jacob Nielsen, How Users Read on the Web, http://www.useit.com/alertbox/9710a.html
      Josh Catone, 5 Rules for Better Web Writing, http://mashable.com/2009/09/08/web-writing/

      Labels: ,