Verisign увеличава цените на .com и .net от 1 юли 2010: http://www.webmasterbg.org/showthread.php?t=7182

Listen to the second half of our interview with VeriSign’s Adam Geller and Nick Piazzola.

On alleviating security concerns

Nick Piazzola: We provide PKI for federal agencies as a service. They have already defined for us security standards in the forms of policy.

For example, PKI has to follow the same business certification and accreditation requirements that you have for a federal agency.

Also, we have to get annual external audits to be able to demonstrate for the federal government that we are operating our services and are compliant with their standards.

So, for some of these security services, we are doing exactly what the federal agencies have to do for their own systems.

That’s intended to alleviate the concern that a federal agency might have about outsourcing their services to somebody who’s got a security service in the cloud like VeriSign’s.

Adam Geller: We’ve been having this classic debate with people — and we’ve been having it for a dozen years already. It’s not really new to us when we have these kinds of discussions.

I do think that there is a softening of stance, but, probably a lot of what it comes down to is, and this may sound funny, but there are standards out there — there are even government guidelines and recommendations to use managed services in certain areas, including PKI — but a lot of it, ultimately, comes down to personalities and people who are in positions within agencies or enterprises. At the end of the day, people still have a little bit of a religious feel to — do I want to outsource services or do I want to tightly control them?

I think where there’s the most hold-up or hang up about it is still probably just related to legacy.

But . . . almost anywhere you can look at an application or use case, you can now find an example of it being done as a cloud service in a very secure way for a major organization.

You can also find somebody who will do the opposite and say — I’m a major organization and I refuse to use it.

But, all the proof points are starting to line up — and they are there — with major organizations making these decisions.

On a VeriSign specialty for the federal government

NP: We provide a major piece of the Net Service for dot com and dot net.

We recognized years ago that we weren’t going to be able to provide 100% availability that was required for that unless we could do something to mitigate and protect against distributed denial of service (DNS) attacks.

What we did was we went ahead and we developed the capability that we provide for our DNS and all of the services that we provide in our data center.

Then, we’ve recently taken that service and made it available as an in the cloud offering for federal agencies.

Now, federal agencies can buy from VeriSign the same services that we use to protect ourselves for mitigating distributed [DNS] attacks

Listen to the first half of our interview with VeriSign’s Adam Geller and Nick Piazzola.

Today and tomorrow we’ll talk with two representatives of VeriSign, a company that specializes in protecting data.

Adam Geller is their vice president of Enterprise & Government Authentication and Nick Piazzola is their vice president of Government Programs.

The two sit down with FCB and discuss more about the cloud.

On the definition of cloud computing

Nick Piazzola: I think our definition of cloud computing fits in the generalized definition that NIST has put forth about a shared set of digital computing resources — but, for us, it’s more specific in that we provide applications for specific shared computing services.

Adam Geller: And I would just add, from a cloud computing perspective, I think that it’s sort of a combination of a lot of different initiatives — or projects — that have caught on in the past: great computing, utility computing, software-as-a-service. They sort of all bundle up, but the characteristic that I would apply to cloud computing are terms, like on demand that’s going to be scalable; virtualized, leverage-existing service infrastructure — and generally it’s going to take something, package it up and offer it as an Internet-facing surface.

On why cloud has seemingly taken off in the past year

NP: I would say that, from VeriSign’s perspective of what we’ve been providing, we’ve been doing cloud computing for many years.

Actually, all of the services that we provide for the federal government today are some form of network-based, shared application services.

So, from our perspective, we’ve been doing cloud computing in that definition since our inception.

I think it’s in vogue now today for a variety of reasons, including the fact the feds themselves now have that part of the President’s initiative for common services . . . [and] shared services and they’ve labeled that cloud computing.

AG: Certainly at VeriSign we’ve been doing it since our inception, but I think what’s changed about it is that VeriSign and other people who’ve done cloud or service-based offerings in the past, I think they’ve been a little bit more point-solution based. We’re a cloud authentication solution, which is good, but it’s narrow and it’s for a specific use case.

I think what’s fundamentally changed the attitude around cloud computing is that there were a couple of killer apps, like SalesForce and some other solutions out there that were full on applications, or, really, full solutions to be provided for somebody, not just a point component of it, [but] being fully provided as a service. I think that’s what’s sort of changed people’s perspective.

Not only can you [now] get a point service, like an alarm monitoring service or a managed security service or authentication, like what we’re doing, you can all of a sudden take a full on application from start to finish and offer it as a service. That’s being commonly accepted now.

I think that’s what’s gotten everybody to push and realize there are lots of things that can be provided for in the cloud, but, of course, this also opens up lots of interesting security questions, which is where we focus.

What the CIO should consider before moving to the cloud

NP: I think the obvious things are that the kinds of security concerns that you would have about a service in the cloud are at least the same as what they are if you would provide that service on your own when hosting your own application. So, you need all the kinds of things, like authentication, confidentiality for your data, protection of privacy.

In addition, you have to worry about the reliability and availability of the service, [especially] if it’s going to be mission-critical applications.

What you have to recognize as a federal agency is that it may be possible that that cloud service could do that better than if you were doing it yourself.

I think that’s the thing that the management needs to understand. If they pick the right application and the right service provider, they’ll actually get enhanced availability for security than if they did it themselves.

AG: I think this is a really interesting part — or an interesting fork in the road.

You’ve got the early adopters — people quickly adopting services, but, again, since we focus on security, what we’re hearing and what we’re seeing with people — the cloud providers and the people who want to use them — is that enterprises (and government also) — built up over a number of years internal compliance programs to meet regulations, to meet guidelines. . . . They built their own compliance programs internally, and they’ve had control over all of their touch points.

What we’re seeing with people who have moved to cloud services [is that] that’s sort of lagging a little bit.

So, as an example, you may have a great password management policy for your internal applications that you can document, you can get on it again and people can feel comfortable that you’re living up to a certain policy.

When you change over to a cloud service, all of a sudden you may not have as many options or the ability to synchronize the two. There’s sort of a very interesting market emerging for services that can bridge the enterprise or the agency infrastructure to the cloud so that you’re not replicating the two and having to maintain, let’s say password policies or account creation and teardown in two separate locations.

I think this is going to become a real interesting area as the auditors, I think, have to get caught up. I think it’s a new thing to audit in that level of detail. Certainly, not auditing cloud providers — people have done that in the past — but now this is getting very specific because there’s a lot of data moving over and I think it’s going to open up some eyes when the policies that people worked so hard to set internally aren’t necessarily easily applicable to the cloud.

That gap is going to have to close.

Tomorrow: advice on closing that gap, as well as how VeriSign is helping federal agencies.

Happy eCommerce and Happy Holidays!

Wow, it’s been a very long time since I posted, but I just haven’t been motivated to write and I truly believe unless you have something of value to write – don’t!

Since my last post my life has been quite a roller coaster.  I got into the DR space for awhile, wow! what a whirlwind that is.  It was a breakaway from my traditional knowledge of eCommerce, but I embraced it and fell into the excitement of the “And wait there’s more!”  The DR industry is truly a breed unto itself and it is quite amazing.  I will save my comments and insight for another post, as it truly deserves a post all it’s own and boy, do I have a lot to say and many people to thank for the knowledge I gained.

I then joined a truly phenominal company, buySAFE, who I actually partnered with while at HackerSafe.  I am now their Director of Business Development.  As many of you know Verisign recently made a strategic investment in buySAFE….now many of you know that I wasn’t fully bought into buySAFE’s business model, but they made some great changes that really got me excited and made me want to come on board.

Unless I truly believe in a product I am no good…so I had to make sure I had a passion for their service in order to come fully on board.  I can truly say that not only am I passionate about their service but my colleagues are some of the best people I have had the pleasure to know and have in my life.

In October I jumped over a tennis net, well actually hurdled it..trying to relive my track days and show off to my 3 year old son, in doing so I dislocated my knee and tore not one, not two but all four of my ligaments…it has been a month since my surgery and I am now doing outpatient PT..been in house for awhile.  I won’t walk on my own for quite sometime, but an injury like this makes you really look at your life and reevaluate your life and your life’s goals as well as the people you surround yourself with.

Hence my passion and loyalty for the people that work at buySAFE.  They could not have been more supportive.  They have been beside me every step of the way and it makes me just more passionate about buySAFE!  They have truly earned my loyalty and I am proud to be a part of the buySAFE team!  A lesson to employers…if you want loyal employees…it isn’t about the paycheck, or the stock options but it’s about treating them like family and making them feel special…just taking that extra step to let them know that you care about them outside of what they can do for your company will earn you a loyal employee who will give you above 100%.

So, enough about that, but I just had to get it off my chest.  I truly feel blessed.  I want to talk to you about buySAFE now, many of you may know their older model…but how many of you know the great changes they have made to their service that makes such a HUGE impact on the merchants conversion and overall profit?  Well let me tell you….I will keep it short as to not have a pitch fest …but really just exude my passion for the product…LOL, no truly I am passionate about it because I have seen the results that merchants are seeing.

Not only does buySAFE have an impact on first time visitors converting into shoppers, but that typically a majority of first time buyers choose to buy the bond.  We also know that bonding increases overall customer satisfaction, as buySAFE Merchants see, on average, a 14% increase in the repeat buyer rate when buySAFE is present vs. not  … now how valuable is that?  The merchant doesn’t have to do additional advertising to get the consumer to come back, but use a service that is free and increase their return rate by 14%.

Ok, so for the bullet points for those of you that are asking what is buySAFE
1.  buySAFE is free
2.  buySAFE will pay for the intgegration of buySAFE which is about 20 hours of development
3.  buySAFE increases conversion an average of 10.6% even with McAfee on the site
4.  buySAFE is currently running a promotion where it will pick up the cost of McAfee & VeriSign EVSSL
5.  buySAFE will do an AB test on all of your sites
6.  buySAFE will pay larger merchants a revshare of the bond fees collected from buyers who choose to include the bond
8.  Their are no contracts or long term commitments

Bottom line is buySAFE offers merchants a unique way to immediately improve their website’s conversion rate, revenue and profitability – Website Bonding. buySAFE is used by thousands of online merchants, including many ranked in the IR Top 500.

Not only that but it is a PROVEN SOLUTION

Consumers have two primary concerns when shopping online – personal information security and merchant reliability.  While security solutions like Verisign® SSL reassure shoppers that their personal information is safe, buySAFE guarantees shoppers they are shopping with a reliable, trustworthy and stable merchant.  As the Internet’s most effective trust solution, buySAFE has proven to increase conversion by up to 20%.

So as I titled my blog post..as you can see buySAFE truly puts their money where there mouth is.  They know it’s a proven solution, they know it works..that my friendly merchants is why we don’t charge for it and why we are willing to pick up the cost of the integration….any questions?

If you are intrigued as you should be..give me a call or email me.  The bottom line is I am not asking you to make a decision to use buySAFE, but how can you ignore the test results?  What I am asking you to do, because it is in the best interest of you the merchant is TEST it…if it works like I know it will you will be extremely happy and if I am wrong, and all the extensive testing buySAFE has done in the past 6 years is wrong then don’t use it…easy!

For further reference go to www.buysafe.com, www.buysafe.com/demo/home.htm to view a merchant using it go to www.efaucets.com

I hope to hear from you all soon..you have nothing to lose and everything to gain!

Happy Holidays Everyone!!  May it be the best year ever for you!!!!

Happy Ecommerce,

Cresta

Bit.Ly partners with Verisign, Websense and Sophos to boost security measures for potential threats using the URL shortening service for Twitter. Articles from:

Wired

eWeek

Washington Post

ReadWriteWeb

According to a YouGov survey commissioned by VeriSign, online identity theft and lack of trust in web security will contribute to shoppers spending than a third of their total holiday shopping budget online.

Consumer spending over the festive season is often cited as a measure of the overall level of confidence in the economy, but caution over taking on excessive debt (an idea supported by the government) may deter some consumers from spending beyond their means.

22% of Britons say they are being held back from shopping online this Christmas due to reservations over online ID theft and fraud, while 14%  stated that they will not shop online because they do not trust ecommerce sites.

It also found that 32% of consumers are deterred from shopping online due to not being able to try before they buy, with 27% concerned that goods bought online will not arrive in time for Christmas. The postal strikes can only have exacerbated this concern.

Attitudes to online shopping are also aligned with age: respondents over the age of 55 are the most fearful of online identity theft and fraud, with 32% saying this will hold them back from shopping over the internet. However the 35-44 year old age range is the most brazen, with 47%  saying that nothing will hold them back from buying online this Christmas.
US vs UK Differences

There are some fundamental differences between the US and the UK, as noted here. The US has approximately five times the population of the UK, yet both eBay US and eBay UK expect to see about one million sales each on their two biggest shopping days.

Yes!  This will make things much better.  Click here to read.

MOUNTAIN VIEW, CA — (Marketwire) — November 12, 2009 — VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services, will host its 2009 Analyst Day on Thursday, November 19 in New York City. The event will begin at 8:30 a.m. (EST) and is expected to conclude at approximately 1:00 p.m. (EST). During the event, VeriSign’s executive management team will discuss the company’s go-forward strategy.

The live webcast of the event can be accessed at VeriSign’s Investor Relations website at http://investor.verisign.com beginning at 8:30 a.m. (EST). A replay of the webcast will also be available at http://investor.verisign.com after the event.

Weave a Profitable Web
By Ashley Puderbaugh
Published November 2009
Lawn & Garden Retailer magazine

“If you build it, they will come”? The process of building an e-commerce site is only the beginning for a garden center retailer.

Setting up an e-commerce site might seem daunting at first, but there are many ways to go about it, depending on your needs and experience level.

The Internet is gaining momentum as a leading distribution channel, and brand presence in the virtual space is becoming more important for your business’ success. Not only are you able to share valuable information such as special discounts and events with your customers, thus driving traffic to your store, but e-commerce can also increase your potential of reaching a larger customer base.

Online retailing in general continues to be a significant merchandising channel, with online retailers growing in sales, average ticket, conversion rates and more. In fact, projected total online sales of goods and services in 2010 will reach $268 billion, a 14 percent increase from 2009, according to a survey by Forrester Research. While garden center product sales obviously make up a small percentage of those total projected sales, these data show that there is still an opportunity to widen your reach and grow your business.

Having a website with just your location, directions, phone number and minimal information about your products will not necessarily translate into a practical revenue maker. Studies show that consumers like to research product features and price points before making a purchase. According to the Consumer Behavior Report from comparison-shopping company PriceGrabber and market research firm Market Reporter, 91 percent of online consumers said they felt reassured that they were getting the best deal after comparing prices online. This means that if you want to capture the interest of consumers and retain them as loyal customers, then you need to make sure customers see your website as the best source for helpful, fresh information, which includes offering prices for all your products online.

“The majority of consumers are now very comfortable with e-commerce,” says Graeme Grant, COO at Allurent, an online shopping experience provider. “The question retailers now must ask themselves is, ‘What are we doing to meet the higher expectations of these sophisticated shoppers?’”

Choose the Right Merchandise

The first thing to consider is what products you’ll offer in your online store. Garden centers face a unique situation in that a large part of many stores’ sales come from live plants. As a result, many businesses choose to sell only gift cards and other small products.

David Williams, title partner at Williams Nursery in Westfield, N.J. says he started out selling flower bulbs online, “but the problem with flower bulbs was that they were low-cost and high-weight items. “Most of the products we sell — the green goods — they do not lend themselves to the e-commerce very easily. They’re perishable, don’t stack well and we weren’t getting a high enough turn where it was worthwhile.” Now, Williams Nursery sells only collectible Christmas ornaments and gift cards online; Williams says the nursery’s profit from online sales isn’t too exciting.

Barry Christian, retail manager of Berns Garden Center in Middletown, Ohio, says his company partnered with Arett Sales to create an e-commerce site. A thousand items are available through Berns’ online store, but the products are actually being shipped to customers from Arett.

The e-commerce site went live earlier this year, Christian says, but it hasn’t been as successful as he was hoping. “Maybe it’s a different product line we need,” he says. “I’m still learning.”

Nature Hills, however, is an online-only nursery based out of Omaha that’s been crafting its online strategy for years, says president Jeff Dinslage. When the store went live, they had only two sales that day. “But we felt that there was a need for an online merchant that sold larger materials than the traditional mail-order companies. After the Internet bubble burst and companies like garden.com failed, there wasn’t much online competition for live trees and plants.”

Dinslage says the company’s shipping practices continue to improve each year, and each generation of packaging is better than the last. One consideration when shipping live goods is making sure the media’s moisture is just right. “Not too wet,” Dinslage warns, “but the challenge is that the plant can’t dry out during the different transit times to various parts of the country.” Other potential problems include package damage from the carrier or a missed staple from a packager. Product selection is challenging as well, he says, as different plants react differently to being boxed and shipped across the country. Many company- and state-enforced rules help prevent damaging items during transit, too, such as state agricultural restrictions and oversize and weight rules.

Nature Hills is confident in their packaging and UPS’s shipping practices: The company doesn’t have a return policy for live plants. “We are vigilant to send out the best product available, so we have very few complaints versus the volume of packages that are sent every year,” he explains. Nonetheless, if a plant does arrive damaged or in poor condition, Nature Hills ships a new plant immediately.

Set Up Shop

Nature Hills uses a customized version of dashCommerce, an open-source e-commerce platform. Dinslage says the company initially used a local contractor to help customize the application but now contracts with an offshore ASP.net consultancy called UruIT, which helps maintain the platform and makes ongoing enhancements.

However, there are many types of e-commerce solutions you can use for your website, from hands-off, shopping cart–only companies that allow you to build your own site to full-service partners that take care of everything, from ordering to shipping.

If you’re a small garden center and are planning to sell only a few products online, you can most likely add a shopping cart to the site yourself, especially with the variety of out-of-the-box solutions available. Shopping-cart software allows you to take orders, calculate shipping and sales tax and send order notifications. These usually cost about $30 to $80 per month, and some popular options include ShopSite Inc., GoEcart.com, Agoracart and Americart.

Next, you’ll want to set up an Internet merchant account from your bank, which will allow you to accept credit card payments online. If your bank turns you down or you’d prefer to go with a separate institution for online payments, do an online search for “credit card processing” to find companies offering accounts to budding online businesses.

You’ll also need a payment gateway account. This online processer will hook into both your customers’ credit card accounts and your Internet merchant account to verify information, transfer requests and authorize credit cards in real time. Christian at Berns Garden Center uses authorize.net for this, but you can also try VeriSign or Fast Charge Payment Gateway.

One downside of setting up your own shopping cart program, however, is that your inventory in the store and online may not match. Williams Nursery had that problem: “I didn’t have the same inventory numbers in the store and the website, and it wasn’t updated in the online store, so we disappointed customers by not having products in stock.” Williams remedied this problem by switching to the online version of his POS software, CPOnline by Radiant Systems. “It is quite a bit easier to integrate with our actual store inventory,” he says. “Now we can seamlessly download our orders directly into CounterPoint with minimal keystrokes.”

Try Fully Integrated Solutions

If you’d rather not build your site yourself, there are many hosted web or e-commerce companies that can help. Web-hosting companies commonly offer a combination of site-building tools; product catalog tools; shopping-cart technology, payment, shipping and marketing strategies; tracking and reporting capabilities; domain registration; and hosting.

One such store is eBay’s ProStores, which is available to everyone, not just eBay sellers. You can create a professional store, customized with your own branding and domain name, and you won’t have eBay branding anywhere on your site. It also has built-in marketing tools that will help you promote your new online store.

Nexternal Solutions also offers fully integrated program, says president Alex Gile. “We host and manage all the technology, which alleviates ‘the technology headache’”: issues including security, backups and redundancies. Nexternal Solutions acts as an extension of your website, and some of its clients include USA Today and San Francisco’s high-end Boudin Bakery. Nexternal also offers tools that help streamline options such as shipping-label generation, marketing tools such as data feeds, comparison-shopping engines and other channels that can generate traffic.

Take the Next Steps

And that is key for any e-commerce site: You must have a marketing plan set up for your online store. How else will people know it’s there? “A lot of people have the attitude of, ‘If you build it, they will come,’ but you need to really have a plan so that people do visit and purchase,” says Nexternal’s Gile. He recommends a combination of online marketing and offline advertising. You can also optimize your site to rank well organically in search engines, Gile says, which can be a good source of free advertising.

In-store fliers and signage, adding the URL to your print advertising or linking to the site in e-newsletters are great ways of letting customers know about your site. Williams also buys Google Adwords and pays for click advertising on Yahoo!.

Or consider setting up a kiosk in the store like Bern’s Garden Center did. The brick-and-mortar store doesn’t carry everything available, so if a customer asks for something that’s exclusive to the online store, employees are trained to guide them over to the kiosk to check. That way, it’s really just an extension of the physical store.

The main thing to remember, Christian says, is not to expect too much from your e-commerce site in the beginning. “It’s a building thing, just like anything else,” he says. “I think we have a great foundation and think it will be successful, but we have to continue to work on it.”

Verisign, the custodian of the .com domain extension, is aggressively marketing its .com extension in India by emphasizing that bigger profits are possible with a .com website.

The company has launched a new initiative called Be A Leader With .Com in India and has several case studies to show how a .com web site has helped businesses thrive on the internet.

Verisign is aiming to showcase to its audience the following benefits of a .com website:

• Competitiveness: A .com domain name is one of the most popular across many geographies and industries.
• Reputation: Many of the biggest and best corporations around the world use and promote their Web sites with a .com extension.
• Customer traffic: A .com domain name is by far the most likely extension to be tried out by visitors from type-in traffic.
• Creates a positive perception: A .com domain name suggests that you are serious about doing business and lends credibility.
• Establishes longevity: .com is one of the oldest extensions and suggests a well-established presence on the Internet.
• Improved visibility: A .com domain name gives you the right advantage in a populated online landscape. Today’s search engines are geared to recognise .com. For example if you type mydomain into a search bar without worrying about the ‘www’ or the .com, you will end up at http://www.mydomain.com.

A tweet from @Allen L. Kelly pointed me to a nice bit of phishing education from VeriSign.  www.phish-no-phish.com runs you through a challenging quiz where you are presented with two ‘identical’ screenshots and have to identify which is the phishing site.

Some of the sites were very difficult to differentiate and I even got one wrong because I was perhaps in too much of a hurry and didn’t spot a couple of minor spelling mistakes.  This though would reflect real life for most people so was an excellent way of demonstrating just how careful you need to be.

I got about half way through and was considering posting a link to the site on the corporate intranet as an awareness exercise for staff.

Then I was hit by the sales pitch.

After the fifth question a screen appeared explaining how Extended Validation (EV) SSL, triggers modern web browsers to display a green address bar when a genuine site is viewed.  Fair enough I thought. Users should be taught about this technology as it can help them identify genuine sites.

I was invited to continue the quiz to “see how easy it is to choose the correct site. Just choose the site that displays the green address bar.“

And yes it was easy after that. No more needing to look for dodgy addresses, missing padlocks or poor spelling and grammar.  As the tips pointed out:

The green address bar is a surefire way to identify the genuine Web site.

When you see the green address bar, there’s no need to scan for typo’s and misspellings.

Criminals can’t fake the green address bar.

Cool! No more need to take care, just watch for the green address bar and any site that doesn’t display it must be fake! And I know I can trust any site with a green address bar because criminals can’t fake it – yet.

You’ll have to indulge me here for while I believe technical solutions can help, I don’t believe they solve the problem.  As Mr Schneier says:

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.

It’s a shame the VeriSign site lets itself down on this point. I know they’re trying to sell a technology solution but there should be a stronger emphasis on EV SSL being only part of an overall solution.  After all it’s not going to help users who are taken to a fake site from an email link – unless of course they’ve bought into the technology so completely that they only trust sites with green address bars. This is after all how the final five questions in the quiz run. You just click on the sites with green address bars.

But then you’d be missing out on all the fun on Facebook, Twitter, Gmail (Thawte i.e. Blue) etc.

Thawte Personal Email Certificates and the Web of Trust will be discontinued on November 16, 2009; http://j.mp/cin6x

A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps[1]. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and general fiddlyness seem to have been fixed, but best of all is the use of a proper strong (soft) token, in the shape of VeriSign VIP Access for Mobile.

I first came across VIP when I saw the news that Verisign and PayPal had teamed up to do a deal on tokens. I wanted one, even if it was going to cost a few quid, but they were initially only available in the US, and I heard nothing more about them. Did the marketing guys lose interest, or did the phishing problem go away, or did something else come along? It turns out that eBay/PayPal will sell you a VIP hard token (a device with a button on it to generate one time passkeys [OTPs]) for $5/£3, but why bother when you can use a free mobile token on your BlackBerry/iPhone/whatever? The soft tokens can be used in a variety of other places, which begs the question of why other sites aren’t jumping on the bandwagon, and why nobody seems to be pushing this? Part of the answer might be the funding model; I’m not sure how Verisign are getting paid for this stuff, but I’m sure they’re not running their service as a charity for the web.

[1] Premier Edition only, as it needs SAML support

The U.S. government and the body in charge of assigning Internet addresses signed an agreement on Wednesday that allows for greater global participation in the Internet domain name process. The U.S. Commerce Department said it reached an agreement with Internet Corporation for Assigned Names and Numbers (ICANN), drawing praise from U.S. lawmakers, who wanted more trademark protections, and companies and international officials seeking greater independence from U.S. control. The agreement, which allows ICANN to become a “private sector led organization,” subjects ICANN to periodic reviews by a panel that includes a U.S. representative and independent experts, essentially allowing the organization to no longer report solely to the United States. Ending an 11-year partnership with the U.S. Department of Commerce, the pact also provides stability for companies such as Verisign Inc and Go Daddy that sell domains and maintain extensions like “.com”. It also comes months after the European Union said ICANN should be delinked from the U.S. government and made fully independent.

Ha Noi — The Bank for Investment and Development of Viet Nam (BIDV) has selected VeriSign Extended Validation SSL Certificates to protect customers’ high-value banking transactions from online security threats.

“Our position and reputation is the driving force behind our internet banking strategy, with security as a critical component,” Bui Thanh Hoai of the bank’s Information Security Department said.

“VeriSign is a highly reputable security brand, and we are confident its EV SSL Certificates are the right solution to ensure our customers feel safe using our online services,” he said.

“We are seeing more Vietnamese banks offering better online services to customers, with security top of mind as they recognise its importance in helping to encourage customers to use this relatively new channel,” Armando Dacal, director of Authentication, VeriSign Asia Pacific, said.

“EV SSL offers banks a visual tool that helps educate customers and takes the guesswork out of figuring out a website’s authenticity.”

BIDV is one of the country’s largest State-owned commercial banks, providing a range of currency, credit, banking and non-banking services.

It also funds projects using sources from domestic and international financial institutions, leading the way in development investment and project financing. —

Source: vietnamnews.vnagency.com.vn

Today I tried to load and activate VIP Access on my iPhone.  The app loaded OK from the app store, but finding the page on PayPal where I could activate it was another story.

For those of you out of the loop, VIP Access provides a means to use your iPhone as a second authentication factor.  When installed, the software provides a different six-digit code every 30 seconds.  This code is used to verify your identity at sites supporting this VeriSign identity management technology—like PayPal.  See Figure 1.

Figure 1

 Installing and launching the free software on my iPhone 3GS was easy.  The first screen included a video and other information about how to use the service.  So, having lost my VIP “football” for PayPal, I was anxious to try this out.  That was where the fun began.

There are no references to this service on PayPal.  Neither searching nor browsing turned up anything useful.  Finally, I searched Google and found someone who had solved this lack-of-information challenge by actually sending a message to PayPal. 

It turns out VIP Access activation uses the same link used to activate the VIP token, as shown in Figure 2.

In the activation form, enter the VIP Access Credential ID into the Serial Number field.  The rest of the form is self-explanatory.  After jumping the activation hurdle, everything worked as advertised.

Figure 2

Sole-source award is for public-key infrastructure and digital certificates

• By Alice Lipowicz
• Sep 22, 2009

The Health and Human Serv ices Department intends to award a sole-source contract to Verisign Inc. to provide managed public-key infrastructure and digital certificate services for the Nationwide Health Information Network (NHIN).

Verisign is the only provider deemed capable of supplying all the required services for secure, encrypted transmission of electronic medical data on the network, states a notice posted Sept. 17 on the Federal Business Opportunities Web site. Vendors and other interested parties that wish to comment or submit alternative proposals may do so until 5 p.m. EST today.

The NHIN is a pilot project run by HHS’ Office of the National Coordinator for Health Information Technology. It is a network that allows the secure transfer of digital health records between doctors, hospitals, health information exchanges, federal agencies and other entities. To ensure security on the network, HHS said it is necessary to select a certificate authority that is trusted in the field of certificate issuance and secure information transfer.

The certificate authority must be recognized and trusted, be a provider of a full array of services, have a large corporate presence for scalability over time and have a prominent PKI infrastructure, the notice stated.

Under the contract, Verisign will provide the PKI infrastructure and digital certificate services for a year, with two one-year options. The notice lists 17 capabilities and services to be demonstrated by the service provider, including:

• Availability of specialized hardware with certificates that are recognized by the Federal PKI Bridge.
• Dedicated support team. 
• Ability to issue certificates rapidly.
• Full reporting and audit trails.
• Ability to support multiple organizations participating in the NHIN.
• Assurance of no errors introduced into the certificate system by the certificate service provider.

“Verisign Inc. is the only known entity which possesses all of the above capabilities, and therefore is considered uniquely capable of satisfying this requirement within the available budget,” the public notice states.

Budget information was not published.

PKI services are becoming more popular with federal agencies. The Defense Department last year authorized broader use of digital certificates and PKI for the purpose of ensuring secure identification on its networks.

About the Author

Alice Lipowicz is a staff writer for Washington Technology.

Check out the latest Domain Industry Report from Verisign

- Domain renewals at an all time low 70%, compared to 76% in 2007

http://www.verisign.com/domain-name-services/domain-information-center/domain-name-resources/domain-name-report-sept09.pdf

Bill would give president emergency control of Internet

Declan McCullagh
CNet News
August 28, 2009

Read Full Article Here

Jay Rockefeller: Internet should have never existed

Top 25 tips for Lead Generation Landing Pages applied to a template. Do not forget the golden triangle which is the most important and scanned part of the page starting from the top left to the top right side of the page then down diagonally to the bottom left of the page just above the fold.

1/ Make sure your graphics match any creating leading to them (e.g. banner ad or email).
2/ Do not overload your landing page with so many choices that they make no choice and bail.
3/ Arial or Verdana fonts were purposely designed for computer screens. Brief your designers…
4/ We still can’t read black on white text as well as we can read white on black text. Avoid the Adobe.com style, please.
5/ We cant’s read WORDS THAT ARE ALL IN CAPS as well as we can read words that combine upper and lower case (the brain has to read them letter by letter).
6/ Making a Web site less navigable will seem horribly counter-intuitive to most people, but that’s what you may need to keep your visitors from getting distracted. You should remove the distracting vertical navigation bars, header tabs, hotlink-heavy footers (e.g. Vonage landing page studied in part #1).
7/ Make sure that critical elements inside the upper 450 pixels of the pages are visible to almost all visitors without scrolling. In short, keep them. TweetDeck and Registry Cleaner are very nice examples.
8/ A click on a product should result in more information about that product or a bigger shot of the item. Still a lot of offer-related graphics on the landing page visited are not clickable.
9/ Your company logo should be in the upper left corner of the screen to establish people are in the right place.
10/ Telephone numbers can help your landing page conversions in two ways: some consumers simply prefer to call in (e.g. for questions or for security/privacy); many consumers simply trust a landing page more if there’s a phone number (e.g. show you are willing to be contacted).
11/ Your headline should exactly match the headline clicked from (or search engine keyword term a visitor used to find you) as much as possible. Exactly matching verbiage is far better than a close match.
12/ Get ride of words such as “we” and “our” in favor of words like “You” and “Your”. Incoming readers want to know about themselves.
13/ People read the tops and bottoms of paragraphs and/or bulleted items before they read the middles (if they bother to read the middles at all) and then they often stop reading and skip on to the next thing. Your 1st and last items will be the most read.
14/ The 2nd most important headline is your call to action on the submit button itself. It should match the headline. Call-to-action-buttons should be in the best sense, be like aggressive sales people. You will find a collection of pretty various call to action buttons on this blog
15/ Put enough content above the fold (20-300 words, critical images, conversion click link) so visitors can make a bail/no-bail decision without scrolling or visiting more pages.
16/ The human eye is happiest reading text in a 10-12 or larger point typeface.
17/ The use of images, especially people, as well as the entire “page clutter” concern, is vastly different between thee US and Asia. This was even understood and overused repeated by Symantec
18/ In initial test, according to Marketing Sherpa, 6% of total homepage visitors clicked on the link to view the video testimonial. These visitors tend to be busy executives from medium-sized companies. Their willingness to watch a video indicated that this tactic was appealing.
19/ Most of the landing page employed a simple-two column design. Fewer columns generally outperform more. More columns equals to confusion. The eye may not be sure where to look. That’s why Google’s main (organic) search results and Amazon’s product search results are always in a single-column list. Human eyes are trained to comprehend a list of things in vertical list format. Body copy paragraph should be less longer than 4 1/2 lines.
20/ Columns of text should be no longer than 40-60 characters wide (preferably layout multiple vertical columns). However, it is not recommended to build too much vertical columns. Your body copy should not digress or otherwise go off point. It’s meant to explain the headline and conversion offer. If you lose focus, you loose conversions. It’s that simple.
21/ Add “About Us” blurbs to every conceivable entry point. Merchant Brand matters. The content in it emphasize why people should buy from you rather than someone else offering the exact same item. Those reasons go beyond price alone.
22/ Your landing page shoud also include a good place, in the footer or even before in your body copy, to pop in all that feel-secure info (HackersSafe, Verisign, money back guarantee, etc). It’s also a great place to put any evidence of tangible offline existence, such as a photo of your flag store or a real-life customer service person waiting to answer questions.
23/ Also have the classical pack at the bottom of the page: Privacy Policy link, Legal Notice (required for France) and FAQ.
24/ Try to implement specific web analytics KPIs to measure your landing page efficiency: clicks per lead 1 (number of clicks required to start the first step of your check-out process) & clicks per sale (number of click required for a sale) for the all performance.
25/ Do not forget to test (start with A/B testing before multivariable testing) and play with most important elements: headline (ideally it should be dynamic), pictures, call to action buttons, body copy modifications, etc.