Tag Archives: Eastern Europe

About 606 days ago Internet and Online Business | Servers and Routers

Study Shows America’s Internet Speed Far From Tops

Pando Networks

Moldova, Ukraine and Bulgaria are just three of 25 nations that top the U.S. when it comes to the fastest internet connections by country, according to Pando Networks’ 2011 Global Download Report. READ MORE »

About 1753 days ago Computer Security

New Tools for Stopping E-commerce Fraud

our beautiful site

Javed Ikbal is in the IT security business. But it wasn’t until his credit card number was stolen in the Frankfurt, Germany, airport last summer that he realized how vigilant companies have to be about keeping online transactions safe. Ikbal, who runs a Boston area IT security consulting firm, says whoever stole his credit card used it to buy $1,700 in merchandise online from Circuit City, the home electronics retailer. However, Circuit City flagged the transaction because the order didn’t include his phone number, came from a computer logged onto the Internet through a German IP address, and was supposed to be mailed to Illinois, even though Ikbal’s billing address is nowhere near there. Based on those warning signs Circuit City called Ikbal, who alerted the retailer it was a bogus order on a stolen card number. Even though it involves a large business, Ikbal uses the example to show how stopping e-commerce fraud is feasible for even a very small online merchant or other company handling financial transactions online. Measures to stop e-commerce fraud are out there and many of them are cheap — or even free, such as checking the country of origin of an online order against the buyer’s credit card billing address, he says. That’s important because many small businesses can’t or won’t spend a lot on security, says Ikbal, a principal of zSquad, in Plainville, Mass., a firm that creates and audits corporate IT security plans. “They think they have a firewall or that their hosting service will provide security,” he says. “Even for companies that make $10 million a year or more, we find shocking lapses in security.” Protecting the online store According a December 2007 report on e-commerce fraud from The Aberdeen Group, a Boston technology researcher, companies that are most successful at reducing their risk of fraud and simultaneously make customers feel safe do the following to protect online transactions: Monitor and authenticate transactions in real- or near-real time Check that customers are who they say they are, either when they open an account or during a purchase transaction Use encryption, either SSL or EV SSL, a newer version of SSL that requires certification requests to go through a more rigorous identity check and authentication process before being approved Create and enforce security policies and educate customers about safe online behaviors Create marketing to explain how safe their website is for shopping, banking, etc. Ikbal also suggests companies do the following: Warn users to upgrade buggy Web browsers. Shoppers who use older Web browsers, such as Internet Explorer 4 or 5, put themselves and online merchants in danger of being hacked because of known security breaches in those programs, Ikbal says. Since Web servers automatically detect the browser someone uses to log on, a company can redirect anyone with an older browser to a special page on the website that notifies them they need to upgrade before they can continue, Ikbal says. “They could make viewing it a condition for establishing an account,” he says. “It costs nothing. You just have to program your website to respond according.” Set strict credit card policies and stick to them. Require that the address a buyer inputs for an order matches the one the credit card processor has on file for that individual. Also require that anyone making a purchase enter three- or four-digit CCV security code found on the back of the credit card. When an order is placed, the merchant can send the data to the card processor to see if it’s a match. If it’s not “the order shouldn’t be denied, but the merchant should call the person and ask about it,” Ikbal says. Check IP location of incoming orders. Companies that process orders in real time — if they’re selling software buyers pay for and download for example — can use an IP location service such as IP2Location or Akimai to instantly identify a visitor’s geographical location. The cost is usually 30 or 40 cents per transaction or less, Ikbal says. Online merchants who don’t process orders in real time can manually look up IP addresses. “If someone sells only in the US, they should be careful if they see a transaction coming from Eastern Europe or North Korea, which are hotbeds of fake credit card transactions,” Ikbal says. SIDEBAR: Create a Security Policy One of the cheapest things a small business can do is create a security policy and post it online, according to security experts. Security policies aren’t hard to come by. The Anti-Phishing Working Group, a five-year-old industry association, posts links to security policies at several large companies on its website including: eBay, whose consumer education section includes instructions for recognizing fake eBay websites and a spoof e-mail tutorial. Citibank, which maintains a series of pages explaining, among other things, how customers can avoid getting spoofed by hoax e-mail and steps to take if they do. US Bank, which maintains a section called “E-mail Fraud: Information and Help.” Companies can also point customers to the following Anti-Phishing Working Group documents: How to Avoid Phishing Scams and What To Do If You’ve Given Out Your Personal Financial Information.

About 1753 days ago E-Commerce

New Tools for Stopping E-commerce Fraud

our beautiful site

Javed Ikbal is in the IT security business. But it wasn’t until his credit card number was stolen in the Frankfurt, Germany, airport last summer that he realized how vigilant companies have to be about keeping online transactions safe. Ikbal, who runs a Boston area IT security consulting firm, says whoever stole his credit card used it to buy $1,700 in merchandise online from Circuit City, the home electronics retailer. However, Circuit City flagged the transaction because the order didn’t include his phone number, came from a computer logged onto the Internet through a German IP address, and was supposed to be mailed to Illinois, even though Ikbal’s billing address is nowhere near there. Based on those warning signs Circuit City called Ikbal, who alerted the retailer it was a bogus order on a stolen card number. Even though it involves a large business, Ikbal uses the example to show how stopping e-commerce fraud is feasible for even a very small online merchant or other company handling financial transactions online. Measures to stop e-commerce fraud are out there and many of them are cheap — or even free, such as checking the country of origin of an online order against the buyer’s credit card billing address, he says. That’s important because many small businesses can’t or won’t spend a lot on security, says Ikbal, a principal of zSquad, in Plainville, Mass., a firm that creates and audits corporate IT security plans. “They think they have a firewall or that their hosting service will provide security,” he says. “Even for companies that make $10 million a year or more, we find shocking lapses in security.” Protecting the online store According a December 2007 report on e-commerce fraud from The Aberdeen Group, a Boston technology researcher, companies that are most successful at reducing their risk of fraud and simultaneously make customers feel safe do the following to protect online transactions: Monitor and authenticate transactions in real- or near-real time Check that customers are who they say they are, either when they open an account or during a purchase transaction Use encryption, either SSL or EV SSL, a newer version of SSL that requires certification requests to go through a more rigorous identity check and authentication process before being approved Create and enforce security policies and educate customers about safe online behaviors Create marketing to explain how safe their website is for shopping, banking, etc. Ikbal also suggests companies do the following: Warn users to upgrade buggy Web browsers. Shoppers who use older Web browsers, such as Internet Explorer 4 or 5, put themselves and online merchants in danger of being hacked because of known security breaches in those programs, Ikbal says. Since Web servers automatically detect the browser someone uses to log on, a company can redirect anyone with an older browser to a special page on the website that notifies them they need to upgrade before they can continue, Ikbal says. “They could make viewing it a condition for establishing an account,” he says. “It costs nothing. You just have to program your website to respond according.” Set strict credit card policies and stick to them. Require that the address a buyer inputs for an order matches the one the credit card processor has on file for that individual. Also require that anyone making a purchase enter three- or four-digit CCV security code found on the back of the credit card. When an order is placed, the merchant can send the data to the card processor to see if it’s a match. If it’s not “the order shouldn’t be denied, but the merchant should call the person and ask about it,” Ikbal says. Check IP location of incoming orders. Companies that process orders in real time — if they’re selling software buyers pay for and download for example — can use an IP location service such as IP2Location or Akimai to instantly identify a visitor’s geographical location. The cost is usually 30 or 40 cents per transaction or less, Ikbal says. Online merchants who don’t process orders in real time can manually look up IP addresses. “If someone sells only in the US, they should be careful if they see a transaction coming from Eastern Europe or North Korea, which are hotbeds of fake credit card transactions,” Ikbal says. SIDEBAR: Create a Security Policy One of the cheapest things a small business can do is create a security policy and post it online, according to security experts. Security policies aren’t hard to come by. The Anti-Phishing Working Group, a five-year-old industry association, posts links to security policies at several large companies on its website including: eBay, whose consumer education section includes instructions for recognizing fake eBay websites and a spoof e-mail tutorial. Citibank, which maintains a series of pages explaining, among other things, how customers can avoid getting spoofed by hoax e-mail and steps to take if they do. US Bank, which maintains a section called “E-mail Fraud: Information and Help.” Companies can also point customers to the following Anti-Phishing Working Group documents: How to Avoid Phishing Scams and What To Do If You’ve Given Out Your Personal Financial Information.

About 2423 days ago Telecom and Wireless

Inc. 500 Interview: Telecommunications Trends

The telecommunications business is growing by leaps and bounds. Just look at how many people have cell phones these days. Telecom suppliers need to be able to ramp up quickly to keep up. Purcell Systems makes outdoor cabinets to house and power wireless network equipment for the likes of Cingular, T-Mobile, Verizon, and Sprint. Purcell, based in Spokane Valley, Wash, was No. 21 on the Inc. 500 in 2005. Co-founder Peter Chase talks about the future of high bandwidth. Inc. Technology: Where is the telecommunications industry headed? Peter Chase: When I watch my three girls at a basketball game using their cell phones, sending text messages, taking pictures and sending them, and then watching the local cell tower burn up and fall over from all the bandwidth needed, I know that as long as parents will pay, someone’s got to provide kids with bandwidth and delivery systems.  And we can provide and service the equipment for those systems. We’ve currently got sales and support offices in Texas, Virginia, Georgia, North Carolina, and Poland, are looking to expand into Eastern Europe and the Caribbean. Inc. Technology: How do you service a sector that’s growing so fast? Chase: We like to say that we offer speed, flexibility and “fanatical service.”  It’s fanatical because we do what we say we’re going to do. I can’t tell you how many times I’ve seen a major market launch fall apart because some construction manager is sitting out in the field waiting for a piece of equipment that doesn’t appear. Having a successful business can be as simple as answering the phone, or having a person there to answer the phone and find out what the problems are, and then backing up your promises with action. Inc. Technology: Any advice for companies serving fast-growing industries? Chase: “It’s Not the Big that Eat the Small…It’s the Fast that Eat the Slow.” Actually it comes from an inspirational entrepreneur’s manual by Jason Jennings that me and my associates read when were starting Purcell Systems.  “Do more with less and do it faster,” is its basic advice. We saw how the competition was doing — lousy service, poorly made equipment — and saw our way to break into the market. Inc. Technology: How do you keep the business? Chase: We offer a really good value for our customers. Our equipment is mostly a turnkey system. When it shows up at the site, it just needs to be plugged in, a few wires attached, and it’s ready to run. We also are really good at servicing our equipment and answering the phone.

About 2788 days ago Computer Security

Don’t Get Hooked

Everyone’s seen the subject lines in his or her inbox: “Chase Customer Service” or “EBay account suspension.” The subject lines are meant to prompt you to action, using formal business language to get you to go to a website to confirm who you are, change your member settings, or for some other reason that involves your personal information. It may appear as correspondence from eBay, a credit card company, or even your bank. But beware. These e-mails are not always as they appear, and taking action on them could cost you your identity. Phishing for information More and more frequently, these emails are phishing scams: e-mails characterized by the use of spam-like techniques to mass distribute fraudulent requests for information. The e-mails prompt unsuspecting users to go to a fraudulent websites to confirm personal information, update member settings, or something similar, in an effort to steal private information. The Anti-Phishing Working Group, an industry association focused on monitoring and eliminating this form of identity theft, has received over 110,000 reports on phishing this year. A study by Gartner reports that from May 2004 to May 2005 about 1.2 million Americans were victims of phishing fraud, with a total loss of $929 million. Defending yourself and your company against phishing scams requires that you and your employees recognize a few key traits these e-mails have in common, and set up safeguards to prevent falling victim. First, phishing e-mails generally reveal a few tell-tales signs that they are not from a legitimate business’s website, including: A large number of spelling errors, A salutation that addresses you as a “customer” or “member,” not by your name, Links that are not the exact businesses’ websites: google.xxxx.com, for example, and URLs that are only numbers after you click on a link, such as http://111.222.333.444, are likely fakes. Second, an ounce of prevention can do a world of good when it comes to protecting your critical information. There are several ways you and your company can prevent falling victim: Never respond to e-mails requesting information or to verify information. Avoid filling in forms on websites when prompted to do so from an e-mail. Ignore e-mails with forms inside them. Use an e-mail program with robust spam blocking features to weed out phishing messages. If you believe a message may be legitimate, call up the company. Type in the company’s homepage URL (obtained through a reputable search website) to verify problems. Have the latest security updates installed in your and your employees Web browsers. Employ optional browser plug-ins or toolbars to alert users that they are visiting a site reported to practice phishing. The next threat Phishing may be ubiquitous, but another scam, pharming, can do greater damage. It is similar to phishing, but rather than using some kind of e-mail lure, a hacker modifies a company’s DNS software, so a user is directed to a copy of the website he or she is seeking. If pharming becomes ubiquitous, hundreds, even thousands, of users could give up personal information to criminals during routine of online-banking or similar actions. Pharming and phishing share the same goal of redirecting an unsuspecting user to a fraudulent website, according to Joseph Steinberg, co-founder and CEO of Green Armor Solutions, a start-up selling visual cue software to help a user recognize an authentic site. Further, he adds, these techniques endanger not only financial institutions or hospitals, whose clients might have their identities stolen, but also any company with an internal online network of employees. To protect businesses, their employees, and their clients from pharming attacks, Green Armor has developed a software that institutions use to help their websites’ visitors determine that they are, in fact, at a legitimate website. Based on each different user’s information, the software generates simple, unique visual signals, which fake sites cannot replicate, and which a user quickly comes to recognize as associated with the legitimate institution’s website. “Historically, end users have had to authenticate themselves, while websites were never forced to authenticate themselves to end-users,” says Scott Chasin, CTO of Denver-based MX Logic, a provider of e-mail security solutions. Client-side solutions like Green Armor’s are a step in the right direction. However, according to Chasin, more technology needs to be developed along these lines. Even the Secure Sockets Layer (SSL) certification developed by Netscape that tags a website and promises an encrypted transfer of data, is not foolproof, he adds. Another layer of protection includes installing browser plug-ins that recognize fraudulent sites on individuals’ machines. There are also browser plug-ins that inform users they’ve been directed to a site in, for example, Eastern Europe, even though they were initially surfing a U.S. site. To prevent a pharmer from hacking into a domain name server (DNS), company’s can install software that prevents or detects unauthorized changes. Additionally, according to Chasin, some institutions are turning to “multifactor authentication,” which means requiring two or more elements to authenticate users. For example, a bank could require both a memorized password as well as a separate one coded on a physical token, like a card or keychain. No single solution works all of the time, Chasin warns. Rather, he recommends what he calls “defensive depth,” with multiple layers of defense along every node of information flow, from greater vigilance by end users to monitoring software on the server and password protection. “The more layers of defense you have, the more you can mitigate the risk,” he says.

About 3245 days ago Computer Security

The Next Best Thing to Being There

Douglas Mcbride’s life had become a blizzard of faxes and e-mails, and the owner of Alaska Indoor Sports Distributing Ltd., a distributor of gaming equipment such as Bingo cards and lottery-style games based in Ketchikan, Alaska, felt as if he was being buried. His suppliers faxed samples of 20 to 30 new products a week. His salespeople, meanwhile, were sending in at least as many daily schedule updates and sales reports, all of which needed reconciling with the company’s records. Some days, more than 100 important documents crossed the machine. Such an onslaught would be a pain for any business owner. Complicating matters for McBride was the fact that his 18 employees are scattered across five locations in the vast state of Alaska. His two warehouses are located some 750 miles apart, in Ketchikan and Anchorage, and each one required a full-time staffer just to send and track faxes. Face-to-face meetings were nearly impossible, and even getting a colleague on the phone was a hassle. McBride’s business was growing, but the communications woes were taking a toll. Faxes and e-mails were getting lost, and new orders were no longer being processed efficiently. There had to be a technological fix for the problem, he figured. But the products he found — including Microsoft Exchange, the software giant’s heavy-duty corporate server, and wide-area virtual networks — were either too pricey or too difficult for his nontechnical staffers to use. He was on the verge of giving up hope when he stumbled onto Groove, one of a new breed of relatively cheap, easy-to-install collaboration tools. He downloaded a free trial version one Saturday. Within a couple of hours, he had what Groove calls a virtual “workspace,” in which he could post documents, spreadsheets, and images, solicit employees’ comments, and make notes and changes. The software tracked the various changes automatically. Suddenly, a mundane task like the daily sales report, which had long meant gathering faxes from four field sales staffers and three phone salespeople and pulling together the seven reports into one, could be done with a simple spreadsheet housed in Groove — which sent McBride an instant message notification every time the numbers were updated. McBride was sold. He spent $600 for a 10-user license. “Now, we communicate like we’re in the same office building,” he says. Groove is one of a powerful new generation of software tools designed to help businesses collaborate. Computers, of course, have long helped people work together. But previous versions of collaboration software have tended to assume that all users were in a single location and generally required all the information to be stored on a central server. These latest products distribute data across the Web, allowing colleagues thousands of miles apart to work together on projects as if they were in the same room. Such tools have the intuitiveness of e-mail but add new features, like instant messaging and voice over Internet capabilities, as well as better ways to organize messages, documents, and calendars, says Kevin Werbach, founder of tech trends watcher Supernova Group. Alternatives to Groove include Microsoft’s SharePoint Services, a Web-based document and communications manager that is easy to use and works with PCs that run Apple or Linux software. IBM offers Lotus Team Workplace (formerly QuickPlace), which is similar to SharePoint but works with Lotus products like Notes and the Sametime instant-messaging tool. Finally, there are open-source software tools known as wikis, which combine e-mail-like message posting with the ability to track documents. Most of this Linux-based software can be downloaded for free, although some vendors offer their own systems. Such software has made all the difference for Alaska Indoor Sports. When suppliers send new product updates, for example, they’re automatically popped into a workspace in Groove, and notices go out to the salespeople. The same goes for inventory updates. The daily sales update no longer vexes. McBride even wants to set up workspaces in Groove for his suppliers, so they’ll post information there rather than sending e-mail or faxes. Groove has allowed McBride to lay off one of his fax checkers; the other now spends her time in sales support. Communications costs are down by more than 70% (faxes between Anchorage and Ketchikan run 14 cents a minute) — and the newfound productivity helped push sales up some 25%, McBride says. AlgoRx Pharmaceuticals, a Cranbury, N.J., developer of pain management medicine, started using the software in early 2002 to help manage clinical studies and trials, some of which take place in Eastern Europe. Groove lets the company put together internal people and outside consultants to shape the proper protocol for the study and cuts in half the need for face-to-face meetings. In the past, images from patient studies were faxed to every member of a team, perhaps 12 people in all. Each of them, in turn, would comment via e-mail, which engendered several more rounds of electronic messaging. “Before you know it, you’ve got a dozen e-mails and your head is spinning,” says Jeffrey D. Lazar, AlgoRx’s senior vice president of clinical research and regulatory affairs. Now the documents are uploaded into Groove, an e-mail alert is sent out asking for comment, and all the comments appear alongside the appropriate image in Groove. Colleagues can even gather in the virtual workspace to discuss the matter in real time. Lazar estimates Groove has saved hundreds of thousands of dollars in travel and telecom costs. In Lenox, Iowa, Barker Implement and Motor Co., a five-site John Deere dealer, uses Microsoft’s SharePoint as a sort of electronic water cooler, where salespeople post their latest quotes on equipment. That’s helped cut down on what had been a persistent problem: customers using a quote from one Barker dealership to undercut another. “We have five locations, so it’s important that we get the message out to each employee at the same time,” says owner Todd Barker. “These guys need to know that customer A has been to store A and already gotten a price, so we don’t get into an internal price war.” For all its advantages, collaborative software is not perfect. The programs don’t have very good search capabilities or ways to track content. That might not matter in the first year or so of using it. But digging up three-year-old marketing projections could be a hassle. Vendors say they’re working on adding these features. Wikis, meanwhile, are an emerging type of software particularly popular among tech firms. Andy Stack, senior director of finance and operations at Stata Laboratories in San Mateo, Calif., which makes the Bloomba e-mail program, likens the software to “a big virtual whiteboard” that allows the company to coordinate development and operations among employees and contractors in California, India, and elsewhere. Being open source, wikis are free but can require some technical expertise to set up and administer. So Stata uses Workspace, wiki software made by Socialtext, based in Palo Alto, Calif. For about $5,000 for one year, the company gets a virtual workspace for each project, organizational tools, and sophisticated e-mail capabilities, but it does not have to maintain the software itself. Because all departments use the application, customer service reps can see relevant goings on in marketing that might cause a spike in calls and plan accordingly, Stack says. The payoff: “We’re a fast-moving company and collaborating through a wiki helps reduce our start-up time with contractors and consultants. We think it gives us an edge over slower competition.” Sidebar: Getting Closer Software options for small companies Groove $345 for five users; $69-149 per additional user Built-in voice over Internet protocol; enhanced security features; Web-conferencing Microsoft SharePoint Free, with $599 Small Business Server or $999 Windows Server Manages websites, documents, lists, calendars; integrates with Microsoft Office applications Socialtext Workspace $995 for five users; $30 for each additional user Linux-based but more user-friendly than most Linux applications; includes range of administrative tools, including security

About 4371 days ago Search Engine Optimization

Talent Scouting

Techniques: Microcases Human Resources Problem: Finding professional staff to help grow the company Solution: Using the Web to let overseas talent bid on projects Payoff: With good teams in place, revenues triple in four years In 1998, soon after Rafael M. Lopes expanded the services offered by the Envien Group, his Los Angeles-based consulting firm, he realized he needed to find cheap programming help — and fast. Envien was pitching business-development services with an emphasis on marketing over the Web but was being continually underbid by computer whiz kids who, Lopes says, offered none of Envien’s project-management and business-development expertise. Moreover, Lopes wanted to expand beyond the United States and sell the company’s services in Latin America and in other overseas markets, but he couldn’t do so without hiring skilled workers to help him. At the same time, clients that Lopes had already cultivated and helped to move online were ready to graduate to more sophisticated Web sites that offered E-commerce and database integration. Lopes’s fledgling firm couldn’t afford to pay for even a part-time programmer with that kind of expertise. So in June 1999, Lopes started to explore bidding out projects piecemeal over the Web. He turned to eLance Inc., a company that allows its customers to post projects and review bids from independent contractors around the world online. Lopes has now assembled an international team of programmers, designers, and translators, which enables him to add streaming media, database integration, and Flash animation to the menu of features that his clients can choose for their Web sites. Now Envien can offer more competitive prices and win more projects. As a result, Lopes’s jobs are getting more ambitious, and he’s expanding his client base deep into Latin America. What’s more, his firm’s revenues have tripled. In 1998 the company had gross revenues of $40,000. In 2000, Envien billed $84,000, and this year Lopes expects the business to bill $120,000. Although Lopes won’t disclose his net income, he happily reports that profits have risen steadily along the way. According to Lopes, eLance has made it effortless for him to find affordable talent in such far-flung places as Brazil and Ukraine. After he receives bids for a job he’s posted, he reviews contractors’ profiles on eLance.com. Then he checks the company’s five-point rating system to see how previous clients have graded the contractors he’s interested in. ELance doesn’t allow Lopes to E-mail a contractor directly until he selects a winning bid. Still, he says, he has always had enough information to be confident about the bids he has chosen. And once the project is finished, Lopes has no trouble paying his international workers. When he first started using eLance, he had to send payments by Western Union. Now the site has a built-in payment system. After receiving Lopes’s authorization for payment, eLance bills his credit card and pays the contractor for him. So far Lopes has posted 11 jobs on eLance.com, and he hasn’t paid a dime to do it. Service providers pay eLance a fee of 10% of the cost of the awarded project. And if Lopes wants to work with contractors again, he signs them up directly. For example, a Mexico City-based contractor whom Lopes found on eLance is now working as a partner with him on a new venture: Mercadotecnia.com, a Web site named for the Spanish word for market. While Lopes reaps the rewards of hiring international talent, he doesn’t believe that he’s exploiting his overseas workers. “The Web allows people in third-world countries to use their technical skills to make money that’s above average for their markets,” he says. Please e-mail your comments to editors@inc.com.