From the monthly archives:

September 2009

PCI DSS Security Standards Council Compliance Survey Results

by Bill Cullifer on September 25, 2009

A recent survey conducted by Imperva and the Ponemon Institute reflects that companies still struggle to protect consumer data.

According to the findings of a survey across more than 500 U.S. and multinational IT security practitioners showing that, despite the Payment Card Industry’s (PCI) Data Security Standard (DSS), companies still struggle with data security, putting consumers at continued risk for identity theft. In fact, 71% of companies surveyed admit to not making data security a top strategic initiative, and 55% admit to only securing credit card information and not sensitive information such as Social Security numbers, driver’s license numbers, and bank account details. However, the survey also found that companies taking a strategic approach to PCI compliance have fewer data breaches.

According to press reports, the survey, which covered 560 U.S. and multinational organizations, asked respondents a variety of questions about their investments and deployment of technology to comply with PCI DSS, which was introduced in 2005. It’s an industry standard created by major credit card companies that’s designed to protect customer payment data.

The survey found that 55 percent of organizations only secured credit card information but not other data such as Social Security and driver’s license numbers or bank account details. Also, only 28 percent of smaller companies between 501 to 1,000 employees comply with PCI DSS. That compares with more than 70 percent of large merchants with 75,000 or more employees that claimed they’re compliant.

According to a PCWORLD interview, “If you go the larger organizations to do business, you are more likely to be secure today,” said Amichai Shulman, CTO for Imperva, which makes security software for businesses to comply with PCI DSS. Imperva commissioned the survey from Ponemon Institute, a company that conducts research into privacy and information security policy.

The prime reason that companies don’t comply with PCI DSS is cost, Shulman said. “They don’t go to the effort to be compliant because it’s all or nothing, so they currently do nothing,” Shulman said.

Larger companies find it somewhat easier to handle the costs, he said. On average, companies spend about 35 percent of their IT security budgets on PCI DSS compliance.

Payment card companies mandate compliance, and most merchants are supposed to be compliant by now, according to information on the PCI Security Standards Council’s Web site.

The survey turned up some other disconcerting results. Around 10 percent of the respondents who said they were PCI DSS compliant said they weren’t using basic security software such as antivirus, firewalls and SSL (Secure Sockets Layers), Shulman said.

PCI doesn’t prescribe the use of specific software products but instead promotes practices and general advice, such as using a firewall and antivirus. In recent years, vendors have developed products to make the implementation of PCI DSS easier. Still, the result was surprising and indicative of perhaps continuing confusion or difficulty some businesses are having with PCI DSS.

“I would find it very hard to explain why I’m not using SSL as part of my PCI compliance,” Shulman said. “It seems to me that there is too much room for misinterpretation of the requirement, and companies are abusing it.”

PCI DSS is in the process of being updated, and the survey will be used as input. The PCI Security Standards Council, which was set up by major credit card companies in 2006, is collecting feedback through Oct. 31 on changes to a new version of the standard, due for release in September 2010.

Today’s Web Pro Minute is sponsored by the Adobe Corporation.

Adobe Announces Free eSeminars for Web Professionals

The time is now to be brilliant with your web design and development. Take an hour to join us for complimentary Adobe® Creative Suite® 4 online eSeminars and discover how to redefine the extraordinary in web design and development with Adobe® Creative Suite® 4 Web Premium Software.

{ 0 comments }

Adobe Acquires Omniture: What will it mean for Web professionals?

by Bill Cullifer on September 17, 2009

Earlier today, I received a few press breifings regarding Adobes acquistsion of Ominuture. For today’s podcast, I’d like to share with you one of them.

According to a press report provided by Covario.com, Ann Lewnes, the Chief Marketing Officer of Adobe, has said that “Marketing is the new Finance” – meaning that the digital age is driving the corporate marketing function to become accountable for spending in a far more rigorous way than the old “reach and frequency” metric days. Adobe officially put its money where its marketing is by purchasing Omniture for $1.8 billion. According to Adobe CEO Shantanu Narayen, the goal of the merger is to create a holistic way in which to develop creative content and measure the value of that content – be it video, web pages, mobile content, or social media content, and to “close the loop” in the content creation and content measurement worlds.

The report also reflects the following:

We believe this is a brilliant strategic move for Adobe, one that could change the rules of the game for digital
media -from creation to measurement to monetization.

In the new Adobe media world,

• Video developers and agencies will build Adobe Flash creative with Omniture tracking codes implanted
from the beginning. This will enable them to track the views and virality of that creative across the web,
and perhaps begin to micro-charge for every view, partial view or forward of their content. This creation
and tagging could even provide the onset of a new type of digital watermarking and intellectual property
management.
• Web design firms and companies with large or commerce-focused websites will create dynamic
landing page and rich internet ads and apps leveraging Adobe technologies that will have tracking and
multivariate testing code from Omniture Test & Target (formerly Offermatica) implanted from the beginning,
to create not just pages, but entirely new forms of creative and engagement that shape-shift to the user’s
interests, demographic and conversion patterns, yielding action maximization for the website publisher
• As PDFs are built, the components of the PDF can be tracked, providing valuable “additional use” metrics
for the creators of such content, again creating entirely new forms of measurement of written content
• Exciting new application types will be built in Adobe AIR, with new forms of engagement for consumers.

These will all have measurement and metrics pre-considered and incorporated.

• The need for expensive and difficult maintenance of tracking codes after the fact would be eliminated, providing a more accurate read on the value of creative.

We also believe this combination will have the most potential traction in the mobile arena where the tagging infrastructure is often far less mature than what’s available for web pages. Being able to eliminate the retagging of existing mobile pages by having creative rendered with embedded tracking is of potentially huge value – particularly in APAC and EMEA where mobile is dominant.

Beyond the potential long-term product synergies, this deal has great short-term business value for both Adobe and Omniture:

• An Adobe-Omniture combination “closes the loop” between CIOs and CMOs, and their agencies and staff. Adobe has historically sold directly to marketers and agencies, while Omniture traditionally sold to CIOs (and recently, has been more aggressive in selling to CMOs). This combo helps bridge the divide with an end-to-end solution.
• Adobe has seen growth in its direct B2B business over the past few years, and Omniture’s focus on B2B
CIO level sales will augment this process. Adobe also has much larger scale and scope by geography and
vertical, and this will help drive Omniture sales and adoption more quickly.
• Adobe gets financial benefit. On top of Adobe’s $3.6 Billion in annual revenue, Omniture’s additional $330 Million will add 10% -with almost all of it recurring revenue. As this transaction heightens the co-opetition in the interactive marketing world, here are some interesting points to consider for everyone in the digital marketing industry:
• What does this mean to the WPP/Omniture Deal? In Q2 Omniture and WPP announced a $25M deal whereby Omniture became the preferred web analytics system for the WPP agency family. From a purely financial perspective, WPP just doubled its money. At the client level, the WPP/Omniture deal was just starting to get traction, and that relationship seems to be independent of the combination with Adobe –
however, we would expect to see Abode try to build some level or preferred arrangement with WPP and other agencies around the integrated offering in the future.
• What does Microsoft think of all this? Microsoft, which offers competing products to Adobe, and has its
own web analytics (DeepMetrix) and media management system (Atlas), will likely evaluate what moves it needs to make as a result of this merger. Do they acquire a web analytics system and multivariate system themselves (Webtrends/Widemile)? Or do they look to expand the integration of the Atlas tagging processes into their creative products? Their natural counter will be that “this is not a creative development problem, but rather a content management problem.” Tagging should be done during the content development process, of which the creative pieces are a small part. The content deployment process, managed through content management systems (for which Microsoft is one of the leaders), is a key component that Microsoft controls with various technologies – and Adobe does not.
• What does Google think of all this? This relationship poses a very interesting quandary for Google on four fronts: Analytics, Landing Page Optimization, Bid Management and Mobile OS. Google has been aggressively going after all three of Omniture’s core businesses – Google Analytics offered for free against

Omniture SiteCatalyst, Google website optimizer offered for free against Omniture Test and Target, Google AdWords (and also DART) offered for free against Omniture SearchCenter. Free has always been compelling, but sophisticated enterprise clients like Covario’s have been concerned about Google having too much information, and have also wanted compelling, end-to-end, best-of-breed solutions, even if they come at a premium price. The Adobe-Omniture combination will create an even more compelling alternative.

Add in that Android, Google’s new mobile operating system, does not offer Adobe Flash support, creates an interesting dynamic between Adobe/Omniture and Google. The emerging relationship between these technology powerhouses will be one of the most interesting to watch.

• What will Agencies think about this? Most large companies, and Covario clients are no exception, outsource much of their creative development to agencies. Traditionally, there has been a sharp division between the creative and analytic aspects of agency work. SEO professionals are all very familiar with the “Flash’ed out” page with no tagging built by the creative agency. It may be that this problem is eliminated if/when agencies embrace the creative products with embedded Omniture tagging. This is not enough, in and of itself, to address completely the problem of making marketing accountable – but it is foundational and a basic requirement. If agencies become part of this process, it will work to their advantage and hasten the integration between the creative and analytic parts of these firms.
• Any other interesting angles to watch for? Most interesting to see will be whether Adobe/Omniture will invest in or buy a display, rich media or video advertising network, ad exchange or ad serving solution to parallel SearchCenter, such that the creative content for advertising media created in the Adobe suite could be immediately activated in various advertising channels. Such a play would be even more of a direct challenge to Google’s buy of DoubleClick/Dart and Microsoft’s buy of aQuantive/Atlas- and would be a bold move by Adobe, but not at all unthinkable.

3 ACTIONABLE INSIGHTS FOR COVARIO CLIENTS

Actionable Insight #1 for Covario clients who use Omniture: This combination will be a great opportunity with little to worry about. This deal gives Omniture the opportunity to worry less about new customer acquisition and to focus more on maximization of satisfaction and retention in the short term. So current Covario clients leveraging Omniture can feel comfortable in their long-term investment, but should use the opportunity to get more out of Omniture in the short term. Look for great deals and innovative new products in the mid- to long-term (6 months to one year after the transaction is approved and completed).

Actionable Insight #2 for Covario clients who use WebTrends and Coremetrics: The Adobe acquisition of Omniture may cause another large player to buy one of the two remaining independent web analytics players. Depending on how this plays out, clients may want to consider a “Plan B” with either Adobe/Omniture or Google Analytics –both of which will have more stability and long-term innovation plans.

Actionable Insight #3 for Covario clients who use Google Analytics: You will probably remain happy with “free” for the short term. The Adobe/Omniture relationship likely will cause Google to invest even more in innovation around the three products mentioned, so that will be a benefit. Google will probably also make a big push to gain share while Omniture clients and prospects digest the transaction information. In the mid-longer term, however, it will be very interesting to see what innovative new products Adobe and Omniture can create together, what new pricing models they come up with, and whether they will be able to create such compelling solutions that clients will switch from a free product set to a paid services end-to-end solution.

Actionable Insight #4 for all Covario clients: Covario already has strong relationships with most of the companies named in this note. Covario’s Marketing Action Platform (MAP) and products Paid Search Insight (PSI) and Organic Search Insight (OSI) are complementary, not competitive, with the products mentioned here and are already integrated with most the products described in this note. Covario SEM and SEO staff have certifications and operating familiarity with all products mentioned as well.

Thus, as a provider of one of the leading business intelligence platforms for online marketing that provides seamless ETL (data integration), visualization and advanced analytics, Covario will continue to develop and support for all the productsmentioned, as appropriate for and requested by our clients.

Thank you Covario.com for this in depth report and insight.

{ 0 comments }

Cyber Fraud: A Few Fast Facts

by Bill Cullifer on September 16, 2009

Greetings WOW Members and Web Professionals everywhere!

Last week we podcasted an interesting interview with Laura Mather, PhD Founder and VP of Product Marketing Silver Tail Systems an anti fraud company and a volunteer for the anti phishing working group APWG. The topic was the size and scope of cyber crime and what to do about it. To add additional perspective to the topic, for today’s podcast, I’ll hone in on a few of the specific online fraud details that you should be aware of.

According to an 2008 report on Cyber Fraud conducted By CyberSource.com, “Managing online fraud continues to be a significant and growing cost for merchants of all sizes.”

According to the surveys executive summary, total losses from online payment fraud in the U.S. and Canada have steadily increased and in 2007, the report estimates that $3.6 billion in online revenues will be lost to online fraud up from $3.1 billion in 2006.

A few key findings:

* The percent of accepted orders which are later determined to be fraudulent increased slightly.
* The share of incoming orders merchants decline to accept due to suspicion of payment fraud was also up slightly.
* Merchants with order rejection rates near or above the 4.2% rate are rejecting a significant number of valid orders.
* Chargeback’s Understate Fraud Loss by as Much as 50%
* International orders is over two-and-one-half times as high as domestic orders.
* Merchants also reject international orders at a rate two-and-one-half times higher

Whether you’re designing or developing for the eEnterprise or small business, it would be worth your time to review the entire survey.

{ 0 comments }

Goodbye 2005 and hello to the Future

by Bill Cullifer on September 3, 2009

If you’ve been following along with this podcast and the WOW organization for any length of time then you’re no doubtably aware of the fact that the WOW website was in need of a makeover.

Today, I’m pleased to announce that a new website redesign is well underway and I’d like to ask that you take a look at WebProfessionals.org

Speaking of out with the old and in with the new, I’m throwing away my plain old telephone (POTS) in favor of Skype for all of my podcasting needs. Moving forward, you can expect to see and hear improved podcast and more website resources such as industry news by the hour, events, job board, professional directory and education and training resources.

A special shout out to those that cared enough to express your thoughts both negatively as well as positively and of those that supported the WOW through the process including WOW member Melvin Ram, Principle at SitesPress Web Design Company for his efforts. We still have plenty to do and a decade of cobwebs left to shake off but we are committed to getting this right.

By the way, if your in need of some training and investing some of that hard earned cash you may want to consider participating in the following events:

Adobe MAX (October 4-7, 2009)
Los Angeles, CA – Adobe MAX is THE place were the Adobe developer and designer community comes together to learn and share best practices, and see emerging technologies and WOW has been authorized to offer a $400.00 discount.

An Event Apart Chicago, Il. October 12–13, 2009 Sheraton Towers. From the makers of A List Apart: An Event Apart is an intensely educational two-day conference for passionate practitioners of standards-based web design. Save $100 when you register with discount code AEAWOW.

Voices That Matter: iPhone Developers Conference (October 17-18, 2009)
Boston, MA – Learn what it takes to build killer iPhone apps, leveraging your existing skills in Objective-C. From Core Animation and Core Data to Push Notification Services and MapKit, we’ve got the bases covered.

You can find the links with disounts on the WebProfessionals.org website

{ 0 comments }

WOW Web Site Redesign Project Announced

by Bill Cullifer on September 2, 2009

Sept, 2009. After months of handwringing, and shout outs to friends, colleagues and WOW members, WOW’s new web site Markover project is well underway.

The goals of the WOW redesign project include refocusing the site on users, making the sites navigation easier and making the sites resources responsive those that practice, aspire and teach within the Web profession.

In making the announcement, Bill Cullifer, WOW’s Executive Director said “that the site was way out of date and touch with best practices of the day. In fact, I can’t believe it took us so long to self examine ourselves” said Cullifer.

WOW hopes to have a greater focus on individual users and to feature resources that are important to practicing professionals, students and those that teach. The new site design will feature industry news by the hour, events, job board, professional directory and education and training resources.

“We still have plenty to do and a decade of cobwebs left to shake off” said Cullifer but we are committed to getting this right.

We’re currently working on migrating the WOW Blog to the Web professional website. In the meantime, please follow along with the WOW on the Web Professional Minute website.

{ 1 comment }

Phishing, Cyber Crime and the Ugly Truth

by Bill Cullifer on September 1, 2009

Phishing, Cyber Crime and the Ugly Truth Play Now | Play in Popup | Download

Greetings Web professionals everywhere! The topic for today’s podcast is Phising, Cyber Crime, the ugly truth and what we need to know and do about it. To assist us in better understanding the size and the scope of the problem, I reached out by telephone to Laura Mather, PhD Founder and VP of Product Marketing Silver Tail Systems an anti fraud company and a volunteer for the anti phising working group APWG.

In this three minute podcast, Dr. Mather, a former EBay executive provides key insights to how prevalent the issue has become, what we need to know as Web professionals and anti phishing educational resources we can share with our customers. She also ask that we participate with feedback as well.

According to Wikipedia, Phishing in the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term “phishing” was made in 1996. The term is a variant of fishing. probably influenced by phreaking, and alludes to baits used to “catch” financial information and passwords.

Today’s Web Pro Minute is sponsored by the crew at An Event Apart Conference taking place in Chicago, Il October 2009 at the Sheraton Hotel and Towers. The conference is from the makers of A List Apart: An Event Apart is an intensely educational two-day conference for passionate practitioners of standards-based web design. Save $100 when you
register with discount code AEAWOW. Check it out today and save!

{ 0 comments }