Monthly Archives: August 2011

August Blogger’s Digest

August 31, 2011 by Elan Sherbill.

In the coming weeks, Building Keystones will focus on the state of online video gaming, optimizing pay-per-click campaigns, and providing tips for getting the most out of your business intelligence. Subscribe now to the Building Keystones email list to receive a notification of every new post.

In this Blogger’s Digest, we direct your attention to U.S. retail e-commerce spending for the second quarter, cloud-based Salesforce integration, changes to Google Analytics, how load times affect conversion rates, and different options for foreign online payment methods.

Internet Retailer – E-commerce Spending Jumps 14% in Q2: This analysis of our industry’s market performance, based on a report from comScore , shows U.S. retail e-commerce consumer spending grew nearly 14 percent compared to the second quarter of last year, marking the seventh consecutive quarter of growth for e-commerce retailers, with small to medium sized retailers recovering market share previously lost to the Top 25 online retailers.

E-commerce SMB Market Share


E-commerce Times – Innovation in the Spotlight: For those in the B2B sector, we include a piece related to the Dreamforce ’11 event and cloud-based Salesforce integration. This article explores options for companies looking to fully contextualize social networking data by utilizing cloud-based technology integrated with Salesforce.

iMedia Connection – Google Analytics Changes the Rules of the Game: Brandt Dainow shares an important change in how Google Analytics calculates the end of visits/sessions and educates us on how this change impacts the way we report and analyze our website traffic.

ClickZ – How Your Website Loses 7% of Potential Conversions: Fact: faster load times improve your Google ranking. This post will teach you how to track load times using Google Analytics, understand the adverse affects that Google “+1” and Facebook “Like” buttons can have on your site’s performance and how to combat these dangers.

E-Consultancy – Choosing the right online payment system for foreign markets: The foreign language internet is growing. Are you ready for global business? Christian Arno  puts forward various preferred payment methods available around the world.

Thanks for engaging. We hope this Blogger’s Digest has been valuable to you. Leave a comment, or find us on Twitter and Facebook to let us know what topics you would like covered in the future.

We are pleased to announce that you can now find Building Keystones on’s e-commerce feed.


Protect Your Intellectual Property

August 24, 2011 by Craig Vodnik.

If you were a global merchant 300 years ago, you were probably using a wooden ship as your delivery method, and there was always a danger of lurking pirates ready to steal your goods. With the emergence of e-commerce, we are no longer entirely dependent on ships and boats in global trade, but the danger of piracy, in the form of unauthorized use or access to digital content, is still prevalent.

Last week, we discussed the vulnerability of e-commerce sites to hackers and the benefit of complying with external security standards, like PCI-DSS and SAS-70. This week, we focus on protecting digital content from unauthorized access or copying.

Like the common cold, there is no cure for hackers, and digital e-commerce companies need to have preventive measures in place to protect their revenue stream. We begin by analyzing different types of digital content and understanding that each type of digital content has it own challenges in keeping it’s copyright protected.

SaaS, for example, is relatively easy to prevent unauthorized access to, because SaaS keeps the provider in control of the digital content, while users pay for access to a product or service. Nevertheless, a wily hacker can steal access to the service or the content (e.g., if you offer video courses or flash-based applications through a web portal, a hacker can screen record the content).

Software is probably the most common digital asset sold today and is moving more towards the cloud, but the vast majority of software is still downloaded on to a machine. On premise software, (and audio, video, and text products like ebooks), is more difficult to protect. Since oversight of the product is lost when delivered to users, digital e-commerce companies selling these products online need to find ways to control what is done with the product after it is received. Otherwise, a product is susceptible to being “cracked”, and the rightful vendor can be cut out of further sales.

Games have both download and cloud delivery models. The download, or license model, has similar protection issues to software, but cloud delivery is essentially the same as SaaS where the product is harder to steal, so a hacker seeks unauthorized access to the product.

Best Practices

For an expert perspective on different ways to protect digital assets, we spoke with Dieter Hӓrle, owner and managing director of Mirage Systems, a global software provider with a focus on content and copy protection, digital rights management, license management, software activation and copy protection for applications.

“A license key solution was sufficient 10 years ago, but not today,” Hӓrle says, “a good solution covers more than just the licensing mechanism.” Hӓrle recommended the following key practices in developing a complex and useful strategy to prevent unauthorized access.

Protect Against Decompiling

Decompiling is the process of taking a software program and reverse engineering it until the source code is revealed. Manipulating the source code to remove the copy protection or licensing mechanism results in the hacker gaining a free version of your product. Dangerous indeed! One preventative measure against decompiling is to obfuscate your source code. Note that programs written in .Net and Java are vulnerable to this type of hack and harder to obfuscate, while Delphi and C++ are less vulnerable and easier to obfuscate.

Develop a Strategic License Model

Asking which licensing model is best for copyright protection is like asking which chess move is best. The answer is entirely dependent on your situation, and there will be trade-offs between your desire for control and the user’s desire for unrestricted access. Several important license models are listed below.

  • Per computer  – A very strict licensing model that restricts installation to a single computer.  The upside is that users buy more licenses for other computers… if there isn’t a cheaper option available elsewhere. The downside to this scenario is that with such strict limitations, a higher percentage of installations turn into customer contacts and user frustration. If the license is restricted to one PC, an important feature to include is the ability to move the license to a new PC in case the PC is replaced.
  • Per user license model –(e.g. switch between office PC, home PC and mobile PC.) This gives the user a great additional value as he can use a product on multiple devices.
  • Family License – Allow users to install software on e.g. three different computers.
  • Network license - (e.g. per PC/seat or per user) lets a company a central point of license administration. Only the administrator handles licensing issues — the end user does not even know that a license exists.
  • Floating license – A floating license is available to different users within a company, resulting in a shared model between employees. As long as enough licenses exist, other users can run the program legally.
  • Individual feature enabling – Use this strategy to get customers to buy at a cheap price and upgrade with more features later.

In all models, a combination of several computer identification points is used to strictly limit the installation and identify a computer. An activation process (online, e-mail, fax or phone) is necessary to send the hardware information to an activation server.


Protecting your intellectual property is a complex topic and needs careful attention and thought before releasing a product to the market. Hӓrle notes, “Depending on the kind of software you sell, the focus can be different. A network license is essential for business software where a game vendor may  focus on decompiling and copy protection.” Here are some of Hӓrle recommendations:

Selling B2C software

  • Allow a license key two-three installations before locking to avoid unnecessary customer contacts.
  • Market a higher-priced family license that permits installation on all household computers. This is a good way to increase the average revenue per order or household!

Selling B2B software

  • Offer a concurrent licensing model, which is more flexible.
  • The typical alternate to concurrent is a per-computer model, which results in more seats and cost; good if you can get it, but companies usually have alternatives.

Global Distribution

  • Digital product distribution is global, so make sure your system supports a wide variety of languages. Ensure that your licensing product is also multi-lingual.

Keystone: In the words of Dieter Hӓrle: ” A customer expects that software just works – no matter if the PC is replaced, used on a virtual machine or on his mobile PC. A software vendor wants revenue from each sale.  To balance both requirements you need a comprehensive licensing and copy protection solution. A simple system is insufficient. As the requirements to use software get more and more complex, you need a protection system that covers every usage scenario.”

If you enjoyed this post and want to learn more e-commerce tips, sign up with Building Keystones to receive an email when new articles are posted.

Safety First: Security Standards For E-Commerce

August 16, 2011 by Craig Vodnik.

Identity theft and fraud attempts are global problems. Since 2005, the Privacy Rights Clearinghouse estimates that more than 500 million records containing sensitive data have been breached. To combat this threat, the big five credit card companies (Visa, MasterCard, American Express, Discover and JCB) partnered in 2006 to create the Payment Card Industry Data Security Standard (PCI DSS).

For those conducting business online, complying with these standards is crucial to protecting your organization and your customers.

“Customers are increasingly aware of the need to guard their personal information and demand a high level of data security around any electronic transaction they make,” says Daniela Hagen, a compliance manager at cleverbridge, a global e-commerce provider for digital products. “PCI DSS compliance allows organizations to stay ahead of security vulnerabilities, prevent fines, and increase overall security levels; this not only allows them to be compliant but also makes them more trustworthy and competitive.”

In this post, we highlight three prominent security standards and explain why you should strive for compliance as soon as possible.

PCI Logo

In 2005-2006, hackers stole more than 90 million customer credit and debit card numbers from TJX Companies. Investigators discovered that TJX did not adequately follow PCI standards, and as a result, the U.S. government estimated that companies, banks and insurers lost close to $200 million.

PCI DSS provides a comprehensive road-map to help organizations ensure the safe handling of cardholder information. This road-map comprises technical and operational requirements set by the PCI Security Standards Council (PCI SSC) that rule over the entire payment process and data storage organization. Merchants and service providers are classified by transaction volume over a 12-month period to determine the level of PCI guidelines to follow.

PCI is organized by six overarching steps:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

In 2011, PCI SSC implemented version 2.0, enhancing standards to reflect changes in technology and emerging security pitfalls. This latest version provides even more guidance and clarification on the earlier edition of the regulations.

If your e-commerce system is maintained internally, your organization should comply with PCI DSS. If you outsource your e-commerce solution, make sure your e-commerce provider does. Visit PCI’s website and take the Self-Assement Questionnaire to determine your security readiness.

SAS70 Logo

The American Institute of Certified Public Accounts (AICPA) developed the Statement on Auditing Standards No. 70 (SAS 70) to act as a resource for independent certified public accountants (CPAs).

Specifically designed as a guide to auditors, SAS 70 requires that hosts of data centers and service organizations demonstrate extensive controls and safeguards against security threats. The review is conducted by an independent auditor, and companies must demonstrate that they have designed control objectives effectively. By passing the audit, an organization makes customers aware that the appropriate security defenses are present where customer data is held.

This June, the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) replaced SAS 70. The SSAE 16 will update the reporting standard so that it complies with international reporting standards. Is your company ready for a SSAE 16review? Take Deloitte’s SASAE 16 Readiness Assessment to evaluate your company.

 USEU SafeHarbor

US-EU Safe Harbor is an adaptation of the European Union Directive 95/46/EC code that protects personal data. Though the U.S. and Europe take a different approach to privacy, the Safe Harbor framework is a streamlined way for U.S. organizations to comply with U.S. Department of Commerce and European Commission regulations. Compliance with Safe Harbor is essential for companies doing business in Europe. Safe Harbor adherence ensures that your organization follows the European Union Directive on Data Protection, allowing your business to establish credibility with European customers.

The governing elements of these standards, the Safe Harbor Principles, were developed to prevent accidental information disclosure or loss. There are seven elements that participants must adhere to:

  • Notice – Individuals must be informed that their data is being collected and how it will be used.
  • Choice – Individuals must have the ability to choose whether their personal information will be disclosed to a third party.
  • Onward Transfer – To disclose customer information with a third party, organizations must apply notice and choice principles.
  • Security – Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity – Data must be relevant and reliable for the purpose it was collected.
  • Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement – There must be effective means of enforcing these rules

Visit the US – EU Safe Harbor guidelines to learn more.

Commitment to Security

All three classifications require that followers re-apply every 12 months. Though they all come with cost, compliance with these three data security standards is an invaluable reputation builder.  These organizations have done the hard work for you and following their rules indicates that you have set a high standard of security.


Commit to data protection, improve your security standards for e-commerce, and combat customer fear of identity theft by complying with objective security standards like PCI DSS, SAS 70, and US-EU Safe Harbor.

Samantha Vizer contributed to this blog post.

New Feature: Choose Your Keystone

August 9, 2011 by Elan Sherbill.

Today we’re bringing you a new series in Building Keystones called “Choose Your Keystone.” We will present opposing views on relevant e-commerce topics with the goal of prompting intelligent discussion and debate. These posts will help you critically analyze different sides of a topic, and decide which practice is best for your business.

This week’s topic: should digital product sellers make significant investments in social commerce right now?

Craig’s View: Embrace social commerce now
As technology has evolved, so has communication in the marketplace. From the early days of email and instant messaging to the world of social media, new ways for individuals and businesses to interact are constantly emerging.

The next stage in this evolution of interaction is “social commerce”. Defined as the use of social media to assist in the buying and selling of products and services, social commerce presents  new opportunities for digital vendors to increase their e-commerce revenues.

With millions already using sites like Twitter, Facebook and Linkedin, these social media giants continue to display astronomical growth. Facebook continues to post big user gains in developing nations such as Brazil and India.  We’ve also witnessed an expansion of the number of services offered by these sites.  More services means more time spent on the sites and more opportunities for e-tailers to market their products to customers. Worldwide social commerce revenues are expected to skyrocket in the next five years, with an estimated 93.4 percent annual growth rate.

Digital products may be the most natural fit for companies selling via social commerce.  Social media users are more comfortable with the concept of purchasing a digital product online, paying with a web-friendly payment method, and receiving their product in the form of a digital download or web service. With the ability to promote, share and discuss your products and services, social media customers can serve as new marketing channels.

It is important to keep in mind that your competitors are probably already using social media to promote their brands and communicate with customers. While some companies think of social media strictly from a marketing perspective, more and more businesses are using social channels to drive direct sales with Facebook stores or by announcing new products and promotions through LinkedIn and Twitter.

The costs to enter the social commerce environment are relatively low, and while it’s important to avoid a half-hearted approach to this new channel, nearly any business can find the personnel and resources to run a successful social commerce campaign.

Keystone: Nearly any digital seller can benefit from investments in social commerce. Failure to act on this opportunity will leave your business at great risk of losing customers to more social-savvy competition.

Elan’s View: Take a wait-and-see approach
Online vendors should take a “wait and see” approach before making heavy investments in social commerce.  Social commerce makes up only a tiny fraction of global e-commerce revenue and the long term viability of social media as a vehicle to drive direct sales is still in doubt.

While user counts are impressive, the actual revenue generated through social commerce is still relatively low.  “Nearly 60 percent of retailers agree that the returns on social marketing efforts are unclear,” according to Forrester’s eBusiness Professional, Sucharita Malpuru.  Perhaps even more shocking, “only 7 percent of retailers say it’s an effective customer acquisition source.” It’s clear that many businesses are doubtful about social commerce as a legitimate sales and marketing channel.

Another reason to be skeptical of social commerce is the increase of aggressive discounting and special promotions. If your deal isn’t aggressive enough, you can lose customers in a heartbeat. This has created an almost perverse incentive for online sellers to drastically discount their product, sometimes to the point where they can barely make a profit. There is now strong evidence suggesting that the primary reason customers choose to “friend” a brand is to gain access to exclusive deals and offers.

Another major weakness in the social commerce model is the high level of risk that retailers take when they invest in social media activities. Social Commerce risk manifests itself in two ways:

  1. Damage to your brand image – If you make mistakes as a company it can be magnified exponentially with social media.  For example, Redner Group, a PR firm specializing in video games, tweeted a controversial statement that prompted their client 2KGames to fire the agency.
  2. Lack of control of the social commerce channel – Nearly every part of the social media experience is closely regulated, from the way content is displayed, to the ways customers can conduct transactions on the site. By investing in social commerce and building out campaigns and strategies to take advantage of the social graph, you take the risk that the “rules of the game” could be changed at any time.

Keystone: Digital sellers should look at social commerce with a healthy level of scrutiny.  The business value of this new sales channel has yet to be proven, and vendors are wise to withhold heavy investment until the business gains from social commerce are clear and substantial.

Now that you have our views on the topic, we would love to hear from you! Share your experiences with using social media to drive your e-commerce business forward.

July Blogger’s Digest & New Blogger

August 3, 2011 by Craig Vodnik.

The summer sales slow down may have set in, but here at Building Keystones we’re still scouring the Internet for all things e-commerce. This month we found some great reads about SaaS, PPC, social media and email marketing.

Open View Labs – Episode 27: SaaS Marketing Mistakes to Avoid: Read this interview for valuable insights into the differences between SaaS and on-premise marketing strategies.

Practical eCommerce – How to Hire a Pay-Per-Click Manager; 10 Common Mistakes: An expert of PPC advertising shares his recommendations of the 10 key points to look for in your PPC manager. Although up-to-date expertise is a must for a PPC manager, so is the ability to explain and educate non-experts in the organization.

CloudAve – Three Ways to Use LinkedIn for Social Sales: With more than 100 million users, LinkedIn is an important professional networking tool. This article discusses simple and easy ways to use LinkedIn to connect with like-minded professionals, whether at home or on the road.

Return Path – How Inactive Addresses Hurt Deliverability: Direct email campaigns are a great way to reach a broad audience. This article discusses the pitfalls of having too many inactive addresses and how these addresses can lead to a strains on your servers and ISPs mistaking your campaign for spam.

We hope you enjoy these articles as much as we have. We’ll see you next month for our continuing coverage of interesting and helpful e-commerce articles from the best in the business.

New Member of the Building Keystones Team
We’d like to welcome Elan Sherbill to the
Building Keystones team. Elan has experience in e-commerce as a customer service team leader and is now bringing his insider knowledge to this blog as a contributor and editor. Learn more about Elan in his profile. Look for posts by Elan in the coming weeks and months!