Monday, December 7, 2009

An Important Lesson From Jacob Kaplan-Moss

Customers expect more from the companies with whom they choose to do business now more than they ever have in the past. Good companies listen to their customers and are constantly in flux in order to accommodate them. They test, adapt, and evolve, almost as if the customers themselves were running the company.

This is much different than the way it was fifty years ago, when the orders were dictated by upper management and trickled their way down to the rank and file employees, who were supposed to carry them out. There are still a lot of companies that try to run themselves in this fashion. While customers demand change, the CEO and the board of directors, in the interest of keeping themselves where they're at (the top) create a bureaucratic layer in the company designed to insulate them from the customers.

This layer is generally called "customer service". Want to know why we're often on hold with people in India? The company is working very hard to ignore you. You might as well yell at the referee on television during a football game. They're counting on it pacifying you without having to actually deal with the source of your frustration.

Of course, I'm not being fair to customer service, because it can be used to both help and hurt a company. Good companies use it to create a feedback loop, where customer requests are taken into consideration by those in charge, and decisions about how to implement those changes are made, then implemented where needed. And those at the top are sincerely grateful that the customers submitted their feedback, because they know that they're better for it.

Lesser companies assign their customer service department the thankless job of damage control and containment. Keep the hoards at bay with this printout of one-liners. If that doesn't work, offer them a free shirt. (This isn't so much "customer service" as it is "management service".)

If you work with Django in any capacity, you're probably aware that it's pretty easy for any developer to get involved in the process of developing with Django itself. You can read the guidelines on the contributing to Django page, and you can keep yourself informed of the latest developments going on by subscribing to the django-developers mailing list. If you're using Django, it's not a bad idea to read that page and then subscribe.

On a couple of occasions, I've gotten myself involved in submitting suggestions. The last time I did this, I thought I had found a security bug, so I fired off an e-mail to the Django security e-mail address. Within a couple of hours, I got a reply back from Jacob Kaplan-Moss. (If you haven't read The Django Book, he's one of the guys who created Django.) I didn't get an e-mail back from his personal assistant, or an automated response telling me that my inquiry would be looked at eventually, or a reply from India. It came from Jacob himself.

It's reassuring to know that the creators of Django are still very active in its development. They're eating they're own dog food. (And why not? Django rocks.) But I'm certain that Jacob and Adrian, in their rise to Django stardom, have been afforded the means to choose their consulting gigs.

The most interesting part is that, after a little back and forth to clarify the issue, it turned out the error was mine. I had forgotten to apply a recent patch the Django installation on my server. In reality, I sent an e-mail to the Django team asking them for help with a problem that didn't exist and, basically, wasted their time. In spite of this, at the end of our discourse, Jacob thanked me, very sincerely, for my time and for taking the trouble to help him resolve the issue.

That is great customer service.

You could argue that, without a product to sell to me, Jacob's kindness wasn't really customer service but instead just common courtesy, happening between two developers with a common goal. I suppose there's a slight distinction between customer service and just being polite to your fellow man, but I believe it's a very fine line. Django is free, but the fact that those at the top are listening to their "customers" is a clear indicator that Django is still very much on its way up. They still want to provide great customer service, and to those of us using Django, that's great news.

If you're just starting a small e-commerce site, you should be taking every part of customer service very seriously. The technology part has gotten very easy to do, but if you just throw up a site with products on it, hook it up with a drop shipping company, and wait for the orders to roll in, it's not going to help you one bit if no one is there to answer the phone when customers call in with their problems. You must read the e-mails and respond thoughtfully to each of them.

Someday, when you're a whole lot bigger as a company, you can send your customer service to India. But I think if there's ever a day that the Django team decides to do this, it will be the same day a lot of us developers start to consider switching to Ruby on Rails.

Sunday, November 22, 2009

Marketing as a Double-Edged Sword

Believe it or not, there's actually a large subset of the population that believes that all marketers are evil lying scum. They tell you to watch out when a marketer opens their mouth, because they're about to try and sell you something that will slowly kill you. We can probably attribute part of this to the cult followers of the late comedian Bill Hicks and his take on marketers.

To be fair, he did have a point. Due to the efforts of more traditional old-school marketing, we had the Flintstones hawking Winston cigarettes on television. What Mr. Hicks failed to point out in his comedy act was that marketing is little more than a tool used in business, and as such, it can be used to do terrible things like convey the idea of how cool it is to smoke cigarettes to children, but it can also be used to do good things.

Most people probably think of marketers as people who spend their time in office buildings brainstorming ways to sell retail products to consumers to help the bottom line. While this is the most well-known aspect of marketing, it's not what marketing really is. Marketing is about ideation and the dispersion of those ideas. And if you do it right, then maybe, just maybe, you achieve the goal you set out to accomplish by influencing a lot of people and getting them to take a desired action. (In Winston's case, it was to get more people to buy cigarettes.)

It's funny that more people don't understand or embrace the deeper concepts of marketing because all of us have something to market. If you don't believe me, go on Match.com and spend some time browsing the profiles of people who are trying to find someone to date. Most of them are terrible; it's painfully obvious that they don't understand what marketing entails because they don't have the slightest clue how they should be marketing themselves.

Personal ads aside, most people do have something that they want to market. They have an idea that they want to spread to others, either about their church, about a politician or a political cause, or about the fact that their college football team is better than every other one. People resist adapting and learning how marketing works because it seems synonymous with advertising, which is by far the most annoying emergent property of the age of technology. The truth is, Obama didn't win the 2008 election because he spent more on television ads than John McCain; it's because he had a remarkably enthusiastic group of people that liked what he stood for. (Because of this, I wouldn't be at all surprised if there was a small handful of people in Illinois that wrote his name in on the ballot for president in 2004.)

Good marketing, to be effective, should be built right into the product you want to sell. If you're running an e-commerce site, I'm not necessarily talking about the quality of your merchandise you're shipping off. In the first chapter of my book, I talk about why you should be building your site from scratch instead of jumping on a platform: because you want to have fine-grained control over the quality of the product. You want to be able to manage the user experience, because you have to sell them on liking the shopping experience before they'll buy anything from you. And if you jump on the platform that your competitors are using, then you don't have any advantage in offering a better shopping experience to the customer on your site than they could get from those competitors.

If you post a profile on Match.com with a picture that isn't really you and claims that you don't live with your parents when you actually do, you might have an easier time getting people to meet up with you, but you'll have a much harder time developing any kind of long-term, meaningful relationship with anyone. Sure, it's better if you don't live with your parents, because then the marketing is built right into the product (you). But effective marketing is also honest; you don't get anywhere by deceiving people.

Wednesday, November 18, 2009

Make the Decision Easier

People love having lots of options from which to choose, but they hate making decisions. Barry Schwartz makes the case in his book "The Paradox of Choice" that a lot of modern unhappiness is the direct result of living an age where we have an abundance of choices. Case in point: one study found that when people were presented with six different types of chocolate versus thirty different types, the people who were shown only six types were more likely to decide upon and buy one of the types of chocolate.

Give people more options, and opportunity costs rise. It compounds the difficulty of choosing between all those options.

So the marketing people who work for companies that make chocolate do focus groups, and people say they want more choice. The more, the better, they will tell you, and they mean it. But consumer behavior tells another story: the more options you give them, the harder it is for them to decide which one they want.

What's the solution here? Make the decision easy for people.

My friend Mark figured this out, and makes a decent side income working at a department store selling perfume and cologne on nights and weekends. When a woman comes in looking for a good perfume, he starts by showing her the spicy one that accosts the nostrils. Then he shows her the one that smells like powder and makes you think of Grandma. Then he moves on and brings out a fragrance that he thinks the woman will actually like and want to buy. Given two not-so-good choices and then a good one, the decision to buy the last one is an easy one to make.

In practice, it's called framing, and it's the reason that merchandise in so many stores is always "on sale". People might not want to buy the complete Futurama series on DVD in a big plastic Bender head for $109.99, but it becomes more appealing if the sign reads: "Was: $139.99. Now: $109.99!"

Sunday, November 8, 2009

Search Results with Only One Result

I have a question about an issue with internal site search on websites. It's related to how the results are rendered to the user if there is only a single item that matches the customer's search. For example, if you search on Amazon.com for something super specific, like "Beginning Django E-Commerce" in the Book category, you'll be taken to search results page that contains a single result. From there, you can click on that single result and be taken to that book's page on Amazon.

However, if you perform that same search on Borders.com, it only returns a single result, but instead of showing that single result to you on a "results" page, it skips that step and just redirects the user to the book's page. It assumes that if there is only one result, that the customer would have clicked on it, and they're trying to save them that step by just forwarding them automatically to that book's page.

I think there are benefits to the "skip the results" page that Borders.com uses, but I always thought that it would be confusing to some people. After they get used to clicking "Search" and getting a results page, they'll enter one search and suddenly they're on a product page. For technical people who are searching the site, it's pretty easy for them to figure out what's going on. But to the average person, isn't it better to leave the user in control of where they are? Isn't it a better approach to keep them oriented, and let them choose whether or not they click through to the single result?

I couldn't find any definitive answer to this question, and I know better than to trust my own opinions. Has anyone ever had any experience in testing this two alternatives as a usability issue? Is there any overwhelming consensus that the Amazon.com way is better than the way Borders.com does it, or vice versa?

Wednesday, November 4, 2009

The Security Process

Security is about more than just the technology involved in the site you're building. Most of the time, security is a process and not a just one stage of the design. When it comes to creating an e-commerce site, there are certain things you should do to make the site less prone to unauthorized compromise. (which is just a fancy way of saying you don't want John Q. Hacker getting his hands on your customers sensitive financial information.) For example, you might restrict network access on your database server so it can only be accessed remotely from the servers running your application, reducing the likelihood that the guys will be able to mess with your database directly.

But this is just the first step. The Great Wall of China was erected to keep the Xiongnu out, but the Chinese did not merely build the wall and then expect that the structure alone would suffice to keep their border secure. They had to keep it manned, making sure there were Chinese guards stationed in watchtowers at periodic points, actively monitoring for potential intruders.

You can put up a firewall, but that's just the first step in defending against network attacks. You have to be much more proactive. Know the kinds of attacks might be brought against your web application, identify the red flags associated with each, and set up your system so you'll be alerted in case your system detects the signs of the attacks. Be ready with a response plan.

Tuesday, October 27, 2009

"Beginning Django E-Commerce" Book Release!

Yesterday, Beginning Django E-Commerce was officially released on Amazon, so it's now in stock and available for purchase. I don't know how long it's going to take my publisher to get the "Look Inside!" functionality working, so I figured that I would post the 500 foot view of the table of contents here for those who are interested an overview of the book's contents:

Chapter 1 - Best Laid Plans
Chapter 2 - Creating a Django Site
Chapter 3 - Models for Sale
Chapter 4 - The Shopping Cart
Chapter 5 - Site Checkout & Order
Chapter 6 - Customer Accounts
Chapter 7 - Product Images
Chapter 8 - Implementing Product Search
Chapter 9 - Intelligent Cross-Selling
Chapter 10 - Adding in Ajax
Chapter 11 - Search Engine Optimization
Chapter 12 - Web Security Overview
Chapter 13 - Improving Performance
Chapter 14 - Django Testing
Chapter 15 - Deployment
Chapter 16 - Django on Google App Engine

It doesn't say it anywhere else, but the book uses Django 1.1. For those curious about what I cover in addition to Django: I use MySQL as the database engine, mod_wsgi to integrate Django with Apache and NginX in deployment, Google Keyczar for symmetric encryption of credit card information, Google Checkout and Authorize.Net as payment gateways, and the jQuery JavaScript library to handle the Ajax functionality. The last chapter is dedicated to showing the basics of how to deploy Django projects onto Google App Engine using the App Engine Patch project.

I'd like to express my gratitude to all of those people who purchased the alpha version of the book, and thank those of you that provided your opinions and feedback.

Sunday, October 25, 2009

The Sweet Relief of A/B Testing

Sometimes, when someone asks you a question, and there's a lot riding on the answer, it's a relief when you can say, "I don't know" and really mean it.

I've worked for a lot of small companies that set up shop online, and management always ends up asking questions like "What should the text be in the header on the homepage?" or "Where should the 'Add to Cart' button be on the product page?" or "How many steps should the checkout product have?" They ask themselves, and ask their cohorts, but don't come up with any definitive answers, so they start asking the technical people who are busy coding up their site what they think.

I'm one of those people coding up the HTML for your site. And I'm telling you flat-out: I don't know.

Part of this is based on the fact that I'm dealing with incomplete information. If you ask the question more specifically, I might be able to give you my opinion. For example, what change are you hoping to affect in the results? In the land of e-commerce, the answer to this question is almost always related to the number of customers that place orders. You want to know if changing some part of your site will increase the total number of conversions.

Even given the intended goal, I have very little relevant experience on which to base my opinion. Marketers tend to ask developers these kinds of questions because they're hopeful that web programmers understand the domain better than they do. Unfortunately, no matter how experienced we are in e-commerce programming, we really don't know. There are lots of reasons for this. The requirements of your site might be different than other sites, even those of your competitors. Most importantly, it's because we are not your customers; we are developers.

Your customers are the highest authority to which you should appeal for answers about how you should design your site, what the copy should be, and what the contents of each page should be. If you ask me, decisions about the wording of value propositions and calls to action are too important to be left up to anyone other than your customers.

So what is the solution? A/B split test. Use a tool like the Google Website Optimizer which allows you to present two different versions of the same page, randomly, to different customers. After enough time has passed and you've gotten enough samples of customers viewing the page you're testing, the Website Optimizer will test both of them, and then give you a report about which version of the page led to the highest conversion rate.

This takes the guesswork out of it. I've been in several meetings where two managers are arguing with one another about some little point about how the site should look, and one of them turns to me, the developer, and says, "What do you like better, my solutions or his?" And then they both turn and look at me, waiting for me to answer, each one hopeful that I'll agree with their opinion so they can rub it in the other's face. Eagerly looking to me for a vote, as if I were some kind of "trump card".

You might be tempted to just agree with the one of the two people who is in a better position to approve your pay increases. Or you might actually be egocentric enough to think you know the correct answer. Don't risk it. Even if you offer an opinion, they might ask you to explain why, and then you're just going to become a fountain spewing forth made-up reasons in an attempt to justify yourself.

As a developer, you should practice saying it a few times, until it becomes automatic: "I don't know. We should split test it." Remember it the next time a couple of managers are engaged in a pissing contest and ask you what you think. You'll feel the relief of never actually having the burden of the decision rest on you. It's a great way to stop arguments before they even start.

Wednesday, October 21, 2009

Excellent AES Overview

In Chapter 12, when I talk about using Google Keyczar in order to handle encryption of credit card information, I mention that the library uses the Advanced Encryption Standard (AES) as the cryptographic protocol. I did not discuss the gory details behind how AES is implemented.

I found the following to explain it in a more concise and entertaining way than I could in the book. I hope you enjoy:

A Stick Figure Guide to the Advanced Encryption Standard (AES)

The Developer Mindset

Last week, as I was wrapping up a user interface item that I had been working on at work, I called my boss over to have a quick look at the web page I had created, to make sure it made sense to a fresh set of eyes. It was a means for me to get some perspective to determine if there were any glaring problems with what I had created. In other words, I wanted to do a brief usability test.

He took one look at the screen and said, "You know, don't worry too much about creating a good user interface. We have a team of user interface engineers working right now to design something for customers, so you don't need to spend your time worrying about this. Focus more on getting it functional, and we'll overhaul it later." (This was the first I had heard of external user interface engineers being involved in any way.)

He then went on to explain that in his experience, he and his business partners could sit there, furrow their brows, and brainstorm all day long about how to make a particular piece of the interface more intuitive. In the end, he realized, it didn't matter. Whatever they came up with confused some customers in a way that they hadn't foreseen. No matter the case, they always ended up having to take the feedback given to them by customers and improve the interface going on this feedback.

Now, he has a good point in this case, and I happen to agree with him entirely. I'm a backend developer and have very little interface experience. In my case, I wasn't trying to create a perfect user interface. I was merely trying to avoid introducing any additional confusion to what was already there.

And while my boss is well within his rights to tell me how to use my time (since he's paying me), there is a slight fallacy in what he was implying. Telling me not to concern myself with the user interface because there's a team of interface engineers that are going to come in and fix it later is like telling a person they don't need to learn to spell because their word processor has a spell checker. Spell checkers don't always catch missing words, or find errors that are contextual.

Creating software that's usable is a process, and I think it actually requires getting customer feedback and then fixing those problems. You're never going to anticipate all of the problems in advance, without asking a customer to try and use the software.

I'm not a expert on either, but whenever I create code for something, I do take a little bit of time to think about how I would break something I had written. I look for Cross-Site Scripting holes or other security vulnerabilities. I step back a page and then come back to the page I'm working on a few hours later to see if the interface makes sense. I code my HTML so that people with screen readers can use it effectively.

From a security, usability, and accessibility standpoint, this is a good mindset to have. It doesn't make my code 100% secure, or usable, or accessible, but I try to avoid adding more problems by keeping aware of the low-hanging fruit. When you're designing something, you don't have to be an expert on these particular fields, but knowing the basics and how to incorporate them will reduce frustration down the road.

It helps if you make this process a habit. In instant messenger chats with friends, I tend to be a stickler for correct spelling, punctuation, and grammar. This isn't because my friends care whether I use my English good or not. It's because later, when I'm typing an e-mail to my boss or a customer at work, I'm already in the habit, and therefore I'm less likely to make a mistake when it might matter.

Tuesday, October 13, 2009

Removing Customer Accounts

I can recall a small handful of times when I decided to price shop around on the Internet for a particular product. I went onto Google Shopping, entered the product name, and started browsing the sites that were selling the product for the lowest prices. I chose the one that appeared the most reputable and didn't send up any red security flags as I started the checkout process.

While I completed my purchases from these individual sites, I had to create a customer account. I had to supply registration information, and, in order to complete my order, I naturally had to provide shipping and billing information as well, which included for some of them my CVV. Each time, the product I had ordered showed up in the mail in the next week or two. (I don't what happened to "Allow six to eight weeks for delivery", but I'm glad those days are gone; I'm from the super impatient MTV generation.)

Of course, I did business with these sites for the single product that I was looking for, and they sent me the product I ordered in the condition promised. They didn't do anything incorrectly. However, once I had completed each of these transactions, I was pretty sure that I wouldn't be ordering anything from them again. It's nothing personal...my purchase was just a means to an end: they had something I wanted for cheap and I bought it from them. The experience of shopping on their site didn't compell me to return to shop more.

The problem here was that, in each of these cases, when I returned to the sites, none of them offered me any closure. If I want to stop being their customer, there was no way for me to remove my information from their system. There was no "Cancel My Account" option that would scrub my shipping and billing information from their customer database. (It was also unclear to me in most cases just how much of my information they had chosen to store; some of them might have kept my CVV despite the PCI guidelines)

The reason they're doing this is simple: they want to make it easy for me to return and purchase more stuff. If there's even a chance that I'll return one day and attempt to make another purchase, they don't want me to be deterred by the inconvenience of having to enter my information again. Why not err on the side of caution and just keep my account there in perpetuity?

Another reason is the potential for vendor lock-in. They're hoping that the inconvenience of having to enter that information on another site might give them an edge over other competing sites that don't already have my information.

This sounds like a bad idea. People are sensitive about their personal information, particularly when it's financial. They're wary about to whom they're going to provide it. Hanging on to customer data in an effort to keep your customers returning to make subsequent purchases seems like sticking your thumb out between the index and middle finger of your closed fist and saying "Got your nose!" It also seems lazy; instead of competing in a creative and intelligent way, you're just holding a customer's data hostage in the hopes that it will provide them a net benefit that will help you.

One other important reason e-commerce companies are so tight-fisted when it comes to customer information: after the dot-com bubble burst, a lot of tech companies found that the only asset they had with any residual value was their customer data. There's value in the data. Of course, that's no reason to refuse to let customers remove their data. To make decisions based on the assumption that your company will eventually fail is a violation of the continuity principle. That is to say, you shouldn't let the "what ifs" cloud the day-to-day operating decisions of your business. You're supposed to be adding value for your customers, not planning your exit strategy.

Here's a progressive idea: let customers delete their accounts. Give them a clear and obvious means of doing it somewhere in the interface of your site. When you're trying to convert them from anonymous customer to registered customer, tell them that you'll provide them the option of removing their data when they decide they're done. And when they choose to remove their data, actually delete it...don't just provide a friendly message letting them think you've deleted it when you're really just copied all of it into an archived table.

Now, I think this is a great idea, and a good feature that more sites should offer. However, before actually trying to do this, you need to give what you're doing some thought. Take the following view function:

def cancel_view(request):
    request.user.delete()

In most cases where there aren't dependency issues lurking in your model relationships, the Django delete the user and all of the data associated with them. That's one nice thing about the ORM: it crawls the model instance hierarchy and deletes everything from the bottom up, instead of coughing up foreign key constraint errors or leaving some records orphaned in other tables.

In some cases, however, you don't want to delete everything. Take the OrderItem model we created in Chapter 5: it contains the quantity and unit price at purchase time for each item sold on the site. This is tied to the Order model, which might contain shipping or tax charges for each order. And finally, this is tied to the User model. Which means if you delete a customer, you delete their order information as well.

You don't want to remove this. This is part of your financial records. You may keep a fastidious paper trail, printing up packing slips and invoices for each order that you ship, and that might be sufficient for bookkeeping purposes. However, around audit time, it will behoove you to have this information in the database.

Exactly what you choose to store, and how to choose to migrate the information, is based on your own business requirements. At the very least, if you're storing credit card information, I would remove that completely at a customer's behest, particularly because it has no value for you once a customer decides they'll never authorize you to bill them for anything again in the future.

If I had to guess: most customers won't end up ever deleting their information. Even the customers that show up once, place one order, and ne'er return probably won't even go to the trouble of deleting their data. It's more about the offer up front, to ease those customers that are uneasy about providing the information in the first place. Think of it as falling under the same umbrella as your store's "Return Policy".

Friday, October 9, 2009

Django Code Snippets

Man, it's great to be a Python developer! I'm in awe of Guido van Rossum, who made the conscious decision when he created Python to force developers to keep their code neatly formed and readable. He did this in the simplest way: format your code nicely or else it won't run.

This is based on indentation used in the code samples. For example, the following code sample will not run:

def say_hello():
    print "hello!"
     print "hola!"

The function attempts to say "Hello" in two different languages. Notice that, inside of say_hello(), the indentation isn't consistent. This causes Python to raise an IndentationError exception.

This constraint may seem fastidious, but it's brilliant in it implications. Mr. van Rossum is telling you to keep your code pretty or it won't run. He based this on the insightful observation that code is read much more often than it is written. Even code that a developer has written becomes alien to the person who wrote it after only a short period of time.

This is innovation in engineering at its finest. The use of curly braces to denote context in computer code has been inherited by many languages, from C to C++ to Java to C#. Python's creator saw a problem with the status quo, and he chose to do something about it. He made his programming language much more usable than several others that came before and after it.

Creating a new programming language is not something most people, even programmers, can do. It's even rarer that people innovate in this fashion. Guido van Rossum did both; this is the reason that he now works for Google.

For this reason, I urge any developer getting started with Python (Django developers, this includes you!) to read the Python Style Guidelines in PEP 8. These guidelines have been put forth by Mr. van Rossum himself. If you're a Python developer and you haven't read PEP 8 yet, go read it now before you write any more code. It's well worth your time.

Of course, a lot of the recommendations made in the document are just that: recommendations. Your code will run just fine even if you don't adhere strictly to every last one of these guidelines. However, in order to keep number of broken windows in Python community code to a minimum (higher quality code = happier developers), you should be following these guidelines whenever you can.

One of the suggestions is to use four spaces for each level of indentation. (The document cautions against using tabs, but if you're going to use them, set the tab width to four character spaces.) Unfortunately, while I was writing Beginning Django E-Commerce, I was using two separate computers to write code and write the book. For this reason, some code samples in the book use four spaces for indentation, while others use five. I didn't catch this error before the book went to press since the Word template uses a very narrow font for code samples in the text. (They come out much wider in print.)

This does NOT mean the book's code is broken. Python allows you to mix different indentation lengths, just not within a single code block. As you're reading, you'll probably notice the difference in indentation between code in earlier chapters and later ones. It's unfortunate, but not a deal breaker. And the source code you can download from the Apress web site uses 4 space tabs for indentation, consistently.

Just something to keep in mind while you're pounding out Django code while working through the book: you are encouraged to use 4-space indents. Do as Guido says...not as I do.

Monday, July 6, 2009

Review a Local, Transactional E-Commerce Site.

The term 'transaction processing' in an ecommerce environment, is the process of an ecommerce or online shopping website accepting and processing a customer’s debit or credit card payment online and in real-time, in return for services or goods. Nowadays, there are several transactional e-commerce sites in Malaysia. One of the most famous transactional e-commerce sites is Golden Screen Cinema (GSC) which can find in http://www.gsc.com.my/.




The website design is simple to understand and their layout are very attractive. There are many events about new movies which users can find it easily like new hot offer and events, movie now showing, movie show time, reservation for tickets, e-payment or even e-payment tutorial are provided for new users. Moreover, the website will provide users with all the cinema location maps.




The conveniences of GSC is to provide information for its about their favorite movie synopsis. What they have to do is just simply click on the movie name then the synopsis will pop up. Besides that, users can also know other details such as new movies release date, running time and directors of movies. Most of the movie fans like to know about the story of the movie that they watch. Sometimes, GSC also provide some promotion to its users such as buy one tickets free one tickets with some conditions and EON Bank Card-The Ultimate Movie Card cardholders can get up to 50% off ticket with purchase up to RM100.




Moreover, users can enjoy reservation or purchase of tickets on this website through e-ticketing. Through e-ticket, users no need to queue up for buying tickets especially on weekends. However, users have to register to become members of GSC in the first place. For each transaction, users only need to sign in by entering their ID and password, and then they can select the cinema, movie, date and show time and the method of payment. User can pay by e-payment. All Internet purchases are confirmed bookings and no refunds, exchanges or cancellations will be allowed even if the tickets are not collected. There will be a RM0.50 booking fee and RM1.00 for Gold Class charge at RM1.00 per ticket for each successful transaction. When make payment the screen will show the total charge, users only need to enter their user name, IC/Passport No., e-mail confirmation and payment modes.


However there are some limitations faces by users when using services provided by GSC. One of them is when users using e-payments service, their card personal information maybe stolen. Second, not everyone can purchase e-ticket unless they are registered GSC members. Third, when we want to purchase on the spot we can’t buy tickets online. Fourth, information published on the website maybe insufficient for users in booking for tickets.


Although there are some drawbacks of services provided by GSC, conveniences provided are still more than its drawbacks. So, hopefully services provided by GSC can be improved to attract more users to enjoy its services.


E-Goverment in Malaysia: Its Implementation so far and Citizen's Adoption Strategies.



Electronic Government is generally known as e-government. It refers to the use of information and communication technology for the purpose of improving government services, transactions and interactions and other aims of government with its citizens, business and industry.

In the year 1997, e-government initiative was launched as one of the seven flagships of the Multimedia Super Corridor (MSC) initiative in Malaysia by the former Malaysian Prime Minister, Tun Dr. Mahathir.

The 7 main pilot projects that identified as the core of the e-government application including:
1. Generic Office Environment (GOE)
2. Electronic Procurement (eP)
3. Human Resources Management Information System (HRMIS)
4. Project Monitoring System (PMS)
5. Electronic Services Delivery (eServices)
6. Electronic Labor Exchange (ELX)
7. E-Syariah




E-government has provided a convenience environment for its users. They can access to the services anytime by their own personal computer. However, citizens are still not familiar with e-government. Users are still lack of knowledge on how to use e-government and IT, they are also worry about the security and privacy of their private information will be know by others. In order to encourage more citizens to use e-government, government can promote such services to its citizens through media devices such as TV, newspaper or radio to enable the user more comfortable with the service and understand the services more. Besides that, campaigns to educate people how to use the services should also be conduct to ensure that users can use its services easily. Moreover, the website should also developed in multiple languages such as Chinese, English, Tamil and especially national language (Malay) to facilitate different users. In addition, the website of e-government should also be well designed to meet users’ requirement.


Since e-government had implemented, citizen are encouraged to use and enjoy the service available.




Related Link:
http://www.mait.com/admin/enews_images/MAIT%20Country%20Intelligence%20eNews96_37.pdf
http://dspace.fsktm.um.edu.my/xmlui/bitstream/handle/1812/79/Roslind%20Kaur.pdf?sequence=1
http://en.wikipedia.org/wiki/E-Government
http://www.mait.com/admin/enews_images/MAIT%20Country%20Intelligence%20eNews96_37.pdf

Corporate Blogging: A New Marketing Communication Tool for Companies

Nowadays, competitions among companies are becoming intense. To remain success in market, a firm must ensure that it always provide top quality of goods and services to its customers. One of the ways is to have a closer contact with its customers and it can be done through Corporate Blogging.

A corporate blog is published and used by a company in achieving its organizational goals. Basically, there are two types of corporate blog which are:

Internal Blog
- A blog which can be accessed by employees in a company through its intranet
- It helps to improve its communication and culture in a company

External Blog
- A publicly published blog where company employees, teams or spokesperson can access to it
- It deals with marketing, branding or public relations purposes

Uses of a corporate blog may include the followings:

1. Helps company to achieve its business goals
A company can publish its information such as its recent promotion or future project on its corporate blog and public are allowed to comment on its blog entries. Then, person-in-charge will respond to comments given. This may become a factor to retain existing customers and attract more new customers because they will feel that they are valuable when company respond to their comments or requirements. Hence, achieve its business goals which are increase profits and new market for products.

2. Extend company image in marketplace
Company can publish some attractive advertisement about its latest activities, products or services in their blogs. It may attract blog visitors’ attention on its recent news and build a deep impression in them.

3. Provide a two-way channel between employees and customers
To remain competitive, a company must always ensure that there is a good communication between employees and customers. Blogs can help company by establishing mutual lines of communication, understanding, acceptance and corporation between a company and its customers through keep informed on and responsive to its customers’ interest.





An example in Malaysia would be the blog by Dato’ Tony Fernandes, the CEO of AirAsia. This blog provides a chance for the public to communicate with Dato’ and as well as updated news of AirAsia.





Besides that, AirAsia also provide a blog site where its customers to express their comments or share their experiences with AirAsia. With the effort in caring and satisfying customers, it can meet its goals established in setting corporate blog, achieve customers’ loyalty and hence its ultimate goal- increase of profits.

Although there are usefulness in corporate blogging, risks still exist and company has to take into consideration in creating a corporate blog. Examples of risks may consist of negative comments from its visitors, loss of control over messages and neglect in handling blog. Thus, companies have to avoid these risks in order to achieve its best possible result as a marketing communication tool.


Related Links:
http://en.wikipedia.org/wiki/Corporate_blog
http://www.conversationagent.com/2008/02/corporate-blogs.html
http://wiki.media-culture.org.au/index.php/Blogs_-_Corporate_Blogging_-_New_Communications_Media
http://www.tonyfernandesblog.com/
http://blog.airasia.com/

A Discussion on E-learning Offered in Malaysia Universities: Pros and Cons from the Students Perspective



Electronic learning (or E-learning) is a type of technology that used to support a learning process. Malaysian Universities have given the sense that they are committed to e-learning as a teaching method. Students are required to participate in an Online Forum using Learning Management System and discussed among each others and with their tutors on their subject matters or assignment. The commitment of Malaysian Universities has ensured that e-learning technologies have become a permanent feature of the tertiary sector in Malaysia.

There are some pros when using e-learning compared to traditional face-to-face courses and lectures. Students can learn at their own place, study at their convenience and get desired resources anywhere as long as they can access to a computer and Internet connection. It can also reduce travel time and costs for off-campus student and no additional travel costs to add to their family budget. Besides, e-learning also encourage more interaction among students and instructors than in large lecture rooms and students can have flexibility in joining discussions in the bulletin board threaded discussion areas at any hour, or visit with others and instructors distantly in chat rooms.

Although e-learning offer some advantages, it also provides some cons as well. Without routine structures of a traditional class, students may get lost or confused about course activities such as deadlines for their assignments. Besides, instructor may not always be available when their students are studying or need their helps. More important is that low motivation or bad study habits will fall behind students especially for students with beginner-level computer skills.

The pros and cons of e-learning vary depending on the main target group for whom the e-courses were designed in the first place. But it is unarguable that e-learning is rapidly growing as a form of training delivery and most are finding that clear benefits to e-learning will guarantee it in their overall learning strategy.

Related links:
http://eprints.utm.my/4507/1/A_Comparative_Study_of_E_Learning_at_Malaysian_Private_Universities.pdf
http://www.about-elearning.com/e-learning-advantages-and-disadvantages.html




Saturday, July 4, 2009

Mobile Payment Systems in Malaysia: Its Potentials and Consumers' Adoption Strategies

Mobile Payment System is a new payment method where we can make payment using mobile devices (e.g. Cell phone) instead of with cash, credit cards or cheques. Mobile payments provide quite a number of advantages for its users such as:
1. Security - Two-factor authentication between merchant and buyers to prevent fraud.
2. Convenience - Consumers need not to hold huge amount of cash during shopping
3. Easy & Fast - Buyers only need to integrate their mobile phone to the device and transaction can be done in short time


In Malaysia, mobile payments are being used in various areas:
- Music, Videos, Online Games and other Digital Products
- Transportation Fares and Toll Fees
- Books, Magazines, Tickets and other Hard Goods
- Make payment for phone bills. e.g. Digi





One of the famous Mobile Payments applications in Malaysia is Mobile Money. It provides convenience to buyers where they can buy product online and make payment without having to present at a physical store. Registered users can pay for merchandises bought by only sending a 6-digit security PIN via SMS using a mobile phone.


Besides that, Visa payWave is another example that provides mobile payment services. Technology used is Near Field Communication (NFC), a short range wireless technology that allows communication between devices at close range. Users only need to get their mobile phone close to a tiny computer chip which sends payment information to a card reader via short-range radio frequency waves. The San Francisco Coffee outlet at KLCC is an example that uses Visa payWave.


Study showed that almost 88% of Malaysian populations are subscribing to mobile phone services but there is only 1.8% from them are subscribed for mobile banking and payment services. This result shows only small portion of Malaysian mobile phone users are being exploited to use of mobile payments. Thus, some strategies should be adopted to attract more users to mobile payment. For examples,

1. Educate Consumers about Usefulness and Functions of Mobile Payment
Merchants that provide mobile payment services can introduce method of using and its advantages to its customers via their official websites.

2. Enhance Security of Payments
Merchants can adopt certification program such as VeriSign to increase consumer’s confidence in securing their confidential information when making mobile payments.

3. Well Designed Payment Process
Mobile payment systems should be designed in an easy and simple model so that users are more willing to adopt mobile payments which are still new to them.

4. Collaborate with More Banks and Companies
This can help to enhance customers’ satisfaction when they are able to pay using mobile payment in a wider range of services.


Related Links:
http://en.wikipedia.org/wiki/Mobile_payment
https://www.digi.com.my/whatshot/promotions/hppaybill/faq.do
http://www.mobile-money.com.my/
http://www.theedgemalaysia.com/technology/16929-visa-rings-in-on-mobile-payment-space.html
http://www.bernama.com/bernama/v5/newsindex.php?id=337023

Electronic Currency


Electronic currency also known as electronic money, electronic cash, digital currency, digital money, or digital cash. It refers to money which is exchanged only electronically. Typically, this involves use of computer networks, the Internet and digital stored value systems. This is a system of debits and credits, used to exchange value, within another system, or itself as a stand alone system, online and offline. Electronic Funds Transfer (EFT) and direct deposit are examples of electronic currency.

The online form of electronic cash allows for the completion of all types of Internet transactions. While offline form is a digitally encoded card that could be used for many of the same transactions. The primary function of electronic currency is to facilitate transactions on the Internet and its reality is slightly more complicated and makes transactions both secure and private. Electronic currency truly globalizes the economy as users can download money into their cyber-wallet in any currency desired. A merchant can accept any currency and convert it to local currency when the cyber cash is uploaded to the bank account.

An extraordinary success that took place in Hong Kong (Octopus Card), which started as a transit payment system and has grown into widely used electronic cash system. Deposits work of this Octopus Card is similar to banks’. After Octopus Card Limited receives money for deposit from users, the money is deposited into banks, which is similar to debit-card-issuing banks redepositing money at central banks.

Singapore also has an electronic currency implementation for its public transportation system (commuter trains, bus, etc), which is very similar to Hong Kong’s Octopus Card and based on the same type of card.

Digital coins are like travelers checks. It is also called “e-money” and “e-cash”, it is downloaded as “digital coins” from a participating bank into user’s computer, or an account is set up within the bank. Either the digital coins or the transactions that debit the account are transmitted to the merchant for payment. All the transactions are encrypted.

As conclusion, electronic currency combines the benefits of other transaction mediums and allows individuals to conduct transactions among each other.

Related links:

http://en.wikipedia.org/wiki/Electronic%20currency
http://www.anderson.ucla.edu/faculty/jason.frand/teacher/technologies/goshtigian/define.htm

Friday, July 3, 2009

Credit Card Debts: Causes and Prevention

In this new millennium, it is becoming less for consumers to pay for their expenses by cash. People now are mostly use credit cards to purchase clothes in their closets and to insert petrol for their cars. The unfortunate consequence of this shift in behavior is that credit card debt is become higher. Eliminating this type of debt can be difficult as many people are only able to pay a minimum monthly payment each month and the interest rates are extremely high. Under these conditions, it can take years to pay off even the smallest credit card balance. This is the general consensus of consumer groups on the alarming number of credit card users below the age of 30 who were blacklisted and later declared bankrupt due to credit card debts. So, it is better for us to take some prevention method on the credit card debts.


Causes of Credit Card Debts

1. Financial Illiteracy
May be you are not been taught in schools or your parents may not explained to you. It doesn't matter. You are responsible for your life and your money anyway. Financial mistakes are increasingly expensive and complicated to resolve. It is because many people don't understand how to save money and invest for a rainy day, or even why they should balance their checkbook.

2. Underemployment
You might deserve a break but actually it is not a good time. People who experienced under employment may continue to think of it as only temporary or if they are coming off unemployment feel a false sense of relief.
Get those expenses in line with your current income. Down the road if you increase your income due to more hours, a better job, or a second job, then it is the time to start adding in some of the previous spending before you become underemployed.

3. Banking and Windfall
Spending tomorrow's money today is very attractive. Especially if you believe that tomorrow the money will come no matter what. A planned job bonus may not be a confirm thing. The inheritance that you believe will come your way may not. The lesson is don’t spend the money until the check clears.

4. Poor Money Management
You may spending hundred of dollars for unnecessary thing for each month.A monthly spending plan is essential. Without one you have no idea where your money is going. Planning is no more difficult, it is just writing down your expenses and income and reconciling the two. You will be surprised at how powerful you'll feel when you are making thoughtful decisions about when and where to spend your money.

5. Medical Expenses
Gaps in coverage, lapsed policies and increasingly costly alternatives make this a popular category. If you think a credit card is very convenient, think again. The medical industry wants to get paid at the time service is rendered. They know that if they don’t, the chances of their getting paid drops. This means more debt for you, less for them.





Prevention of Credit Card Debts

1. Credit Counseling and Debt Settlement
This helps clients by educating them in ways to get out of debt and stay that way, but approaches are significantly different. The objective of credit counseling is to pay off debts in full by negotiating lower interest rates, while debt settlement companies pay off debts faster by negotiating reductions in amounts owed.

2. Choose a Credit Card which Offer the Lowest Interest Rate
Photocopy the credit card offer, including the interest rate and terms. Create a letter to your credit card companies stating that you are thinking of switching to their competitor because they are offering a far more reasonable interest rate. Credit card companies do not want to lose your business. Therefore, they will try to offer you a more desirable interest rate.

3. Manage Your Finances
Starting with a strategy will help keep you on track before you ever even pull out the credit card. Determining your monthly income and needed expenses. As part of these monthly expenses, figure in 5-10% of your income to set aside for emergencies, long range savings such as a retirement account, and short term savings. If you have some savings then you can avoid from putting large amounts of debt on a credit card in times of a crisis.



Related Links:

http://www.mmail.com.my/content/credit-card-debt-and-you-many-unaware-effects-bankruptcy
http://www.nurido.at/news/credit-card-debt-consolidation-loans-require-an-attention-to-detail-124017.html
http://www.nurido.at/news/best-relief-for-credit-card-debt-credit-counseling-or-debt-settlement-123740.html
http://www.bankrate.com/brm/news/debt/debt_manage_2004/top-10-causes.asp
http://www.mozdex.com/prevent-credit-card-debt/
http://www.cardratings.com/howtoavoidcreditcarddebt.html

The Application of Pre-Paid Cash Card for Consumers

Prepaid cash card is similar to debit card, with a card number, signature and company branding. It enables holder to purchase and make payment using an amount preloaded by the holder or someone else. However, it is not like debit card services which links to a bank account with an overdraft facility. Prepaid cash card users are only allowed to use the credit preloaded by them.

It is convenience to keep and use. Users can use it as a substitute for cheques and cash. For example, if prepaid cash card is a MasterCard, VISA or Maestro card, users can use it to make purchases anywhere around the world where those cards are accepted and it is more secure as it can be blocked if it’s lost or stolen.

Users are allowed to use prepaid cash card to buy things at shops, or for telephone shopping, mail order shopping or Internet shopping. Moreover, there are some other prepaid cards such as Touch ‘n Go (TnG) smart card. Users of TnG can use their preloaded cards to pay for highway tolls, Light Rail Transit(LRT) or bus tickets and even car park fees.

Next, Octopus card used in Hong Kong is also one of the examples of prepaid cash cards. This is a smart card that used to transfer electronic payment in online or offline systems. Users can use it for public transport in Hong Kong, payment at supermarkets, convenience stores, on-street parking meters, car parks, fast-food restaurant, and other point-of-sale.

Users of prepaid cards are free from debts as they have no chance to spend exceeding the preloaded amount. This is different from credit cards which require repayments after purchases. Debts are easy to create as credit card users can exceed budget easily.

Besides that, there is no interest charged onprepaid cash cards and it is easy to apply because no credits check is needed. It helps users to control and limit their money spending. They can only spend with the money that is loaded onto the card and spending can be checked via the Internet.

Prepaid cash cards have brought many benefits. People should be encouraged to utilize it in making their purchase transactions.




Images:
(Master Card and VISA Card)


(Touch 'n Go Card)


(Octopus Card)




Thursday, June 25, 2009

The Threat of Online Security: How Safe is Our Data

Nowadays, people rely on the Internet to do their daily work. Although Internet has brought a lot of advantages to the users, but no doubt, there is also threat of online security increasing day to day.

There are few categories of threat:

1. Accidental actions
This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.
Related problems occur as a result of misconfigured security products and information leakage resulting from insecure information transfers.


2.Malicious attacks

  • Attack that specifically aims harm computers.
  • Types of Malicious attacks:

a.Computer Virus:

-It is the most common form of malicious code.
-It is a program that attaches itself to other program.
-Major types of virus:
i. File Infectors
ii. System or boot-record infectors
iii. Macro Viruses
iv. Multi-part

-Example of computer virus:
I.

Melissa” virus/worm - It will cause computer show down and face frequent failure.
II.

I Love You” virus - A small piece of code attached to electronic mail which will cause an e-mail send to everyone in an address book, then damaging victims' machines.

III.Trojan horse - Personal information will be stolen as Trojan track into the computer.


b.Denial of Service Attacks (DoS)

  • It is an attack on a web site that uses specialized software to send a flood of data packets to the target computer with the intention of overloading its resources and cause the network shut down.

c.Distributed denial-of-service attack (DDoS)

  • A DoS attacks that gains illegal administrative access to as many computers on the internet as possible and uses these multiple computers to send a flood of data pockets to the target computer.


3.Online fraud

  • It is a broad term covering Internet transactions that involve falsified information.
  • Types of Online fraud:

a.Identity Theft

-Electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take information such as credit card numbers and misuse on it.

b.Data Theft

-A term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data.


Ways to help prevent Threats of online security:

  • Use and update anti-virus software, anti spyware software and firewall frequently.
  • Be aware of email attachments from unknown sources.
  • Develop a strong password and change them frequently.
  • Do not download free software unless you have verified that it is legitimate.
  • Stay away from 'questionable' websites.
  • Be cautious of pop-ups.
  • Back up your data frequently.
  • Always delete cookies in the computer to prevent track on the history/password.

In conclusion, we should prepare well before online to secure us being threat of online security.

Related Links: http://www.bsagovernment.com/downloads/MajorOnlineThreats.pdf http://www.vermontpcsolutions.com/articles/10-free-ways-to-help-prevent-malware-threats.html

Phishing: Examples and Its Prevention Methods

Phishing is a new word produced from ‘fishing’, it refers to a new type of network attack where the attacker creates a replica of an existing Web page to fool users (e.g., by using specially designed e-mails or instant messages) into submitting personal, financial, or password by masquerading as a trustworthy person or business in an electronic communication. This information then can be used for future target advertisements or even identity theft attacks (e.g., transfer money from victims’ bank account).

Example 1: Phishing email / Phishing website


A frequently used attack method is to send phishing e-mails to potential victims, which seemed to be sent by banks, online organizations, or ISPs. In these e-mails, they will makeup some causes such as password of your credit card had been mis-entered for many times, or they are providing upgrading services, to allure you visit their Web site to conform or modify your account number and password through the hyperlink provided in the e-mail. You will then be linked to a counterfeited Web site after clicking those links. Legitimate organizations would never request this information of you via email.



Example 2: JavaScript Obfuscation

There is a trend in phishing today to make an attempt to further fooling a victim in believing he/she is on a trusted page, at say, Netbank. Unmodified, a copied Netbank site will look like this on the phisher’s hosting server:



The location bar, which takes up approximately 2% of the screen height, accounts for virtually that all of the indication that a Web site is genuine. This is easily circumvented with a well known JavaScript vulnerability posted on the Bugtraq security mailing list in May of 2004, which uses a floating pop-up frame to change the address bar to the familiar:



The ability to produce “chromeless” frames outside the browser window using the window open JavaScript function continues to be available to Web developers, but thankfully, are now blocked by recent versions of Internet Explorer’s and Mozilla Firefox’s built-in “pop-up blockers,”.

Here is a quick checklist to bear in mind during our surfing, we should alert to the risks of phishing:
1. If you receive a mail that asks you to take immediate action, such as "to restore access to your bank account…." please don't click the link. Never has the bank will ask you to give them your user ID and password online. If in suspect something, speak with the bank directly to find out the truth.
2. Be alert in all Internet activities. Therefore be aware that there are unscrupulous elements out there trying to extract your personal details for their nefarious uses.
3. Check whether anything all right by log in to your account regularly.
4. Ensure your web browser is the latest version with all security patches updated to help you to detect and block the phishing. Web sites by using various spam filters to enhance the security of the web sites.
5. Do not filling out forms in email messages, especially if the form requires you to fill in personal detail information.
6. Never leave personal accounts unattended for long period of time (even for a month). Make it a habit to check your debit/credit of account and if you notice anything unusual, get clarification immediately.

7. Never reveal your personal information to anyone; however although genuine or trustful requester may sound. Personal details should only know by you and is your personal asset. It is better to be careful a bite.

Related links:
http://internet.suite101.com/article.cfm/avoid_phishing_attempts

http://research.microsoft.com/en-us/um/people/chguo/phishing.pdf

http://y2u.co.uk/Knowledge_Information/Technology/RN_Computer_Phishing_Scam.htm

http://www.phishtank.com/what_is_phishing.php

http://www.planbsecurity.net/wp/503167001_PhishingDetectionandPrevention.pdf