Data Security

Three-quarters of information technology (IT) managers said their companies are not adequately protected from, or able to prevent, computer virus attacks. Here’s what else the study from solutions provider SupportSoft found: ¥ 86% of IT managers said not all of their companies’ computer systems are updated with software patches when initially distributed. ¥ 74% said their companies are hit monthly with one or more computer viruses. ¥ 86% said their No. 1 fear is the loss of employee productivity when their companies are hit with computer viruses. ¥ 71% said unauthorized programs such as spyware and malware are major concerns and increase IT help

Internet-related complaints comprised 53 percent of all fraud complaints processed in 2004, according to a report issued in February by the U.S. Federal Trade Commission. Other statistics reported by the agency: ¥ Online and offline identity theft accounted for 39 percent of the 635,173 fraud complaints filed in 2004. ¥ Internet auctions accounted for 16 percent of complaints. ¥ Shop-at-home and catalog sales accounted for 8 percent of complaints. ¥ Losses due to Internet fraud amounted to $265 million. ¥ In 35 percent of all fraud cases, victims were initially contacted via e-mail. For more information, visit www.ftc.gov/opa/2005/02/top102005.htm.

“For businesses using the Web as a revenue-generating channel, their data are important company assets,” says Chris Kivlehan, marketing manger for INetU Managed Hosting, a Web hosting provider. Losing a customer database in a system-wide crash or other crisis can devastate your business. Orders can go unfulfilled leading to dissatisfied customers and, in turn, reduced revenue. Kivlehan recommends that you talk with your IT manager or a qualified consultant/vendor to discuss back-up procedures and the technologies (e.g., tape drives, separate network storage devices, CDs) needed to do the job properly. In the meantime, here are four steps to help you focus your efforts: 1. Write a

With the start of the 2005, the Can Spam Act reaches its one year anniversary. As the year unfolds, it’s especially important to make sure your multichannel business is compliant. Bennie Smith, chief privacy officer at DoubleClick, offers the following tips on how to unify your e-mail campaigns and protect your customers’ privacy. - All e-mail communication to customers should be presented in a clear, consistent and standard fashion. This includes standardizing e-mail subject lines, headers and footers. Your e-mails need to clearly designate they are an advertisement or solicitation, as well as provide functional opt-out mechanisms, says Smith. - Multiple e-mail marketing databases of opt-in

Building a solid relationship with customers starts on a foundation of trust. From faith in your product to faith that you’ll deliver on time, the consumer has to have confidence that you’ll keep up your part of the bargain. With identity theft and e-commerce attacks on the rise, one of the biggest leaps of faith that a consumer takes is just handing over his or her personal information to you. The Direct Marketing Association offers the following tips to keep your customers’ information secure: 1. Have a security policy. Establish information security policies and practices to ensure the uninterrupted security of your information systems.

For catalogers, payment fraud accounts for a high cost of doing business. On the Internet alone, estimates are that losses from payment fraud exceeded $1.6 billion in 2003. For direct-response merchants, credit card fraud losses averaged 1 percent of orders in 2003, which may not sound exorbitant, but in terms of total sales, the costs are huge. The good news is that online fraud losses declined from 2.9 percent of total online revenues in 2002 to 1.7 percent in 2003, according to Cybersource Corp./Mindwave Research. The cost to your customers also is high, because for every fraudulent order, merchants reject another three or

A computer programmer visited Guess.com last year to look for jeans. Before entering his order, he keyed into the site’s address bar a string of characters, and up popped about 200,000 of Guess.com’s customer names and credit card numbers. His selection of characters wasn’t random. Rather, the code he keyed in is well-known among programmers, and plugging it in is called an SQL (Structured Query Language) injection attack. In June, Guess.com settled for an undisclosed sum with the Federal Trade Commission (FTC) on charges that it misled consumers by stating in its privacy policy that it protected consumer data when, in fact,

Consumers are nervous about how much of their information is readily available to anyone who knows how to access it. We’re not talking just about identity theft, which is a criminal offense, but about legal marketing practices. Indeed, consumers are being deluged with direct marketing offers pitched at them by mail, e-mail and telephone. Think about it from their viewpoint. While you think you’re helping consumers by making just-in-time offers to satisfy their needs and desires, they’re thinking: “Whoa! Can we get a little privacy over here?” Just how much do consumers care about this issue? A lot. For example, 69 percent

About 10 percent of all consumer catalogers and an estimated 25 percent of business-to-business catalogers don’t rent or exchange names with any outside companies, according to a leading list-management company. This month I’ll discuss the different aspects of putting your No. 1 company asset — your customer list — on the rental market. Caveat: I believe it’s healthy and necessary for a catalog company to rent and exchange names with others — providing the proper controls that govern the use or unauthorized use of the names are in place. Consumer catalogers that don’t rent their lists often rationalize this practice

CALIFORNIA LAW recently defined three types of acceptable e-mail use. Companies can send e-mail to: 1. Consumers provided that the marketer identifies the message as commercial e-mail by beginning the subject line with “ADV.” 2. Consumers who have given permission via an opt-in. 3. Consumers with whom they have a prior business relationship. While these rules aren’t overly restrictive, similar legislation is coming down the pike nationally, and companies that choose to prospect or communicate with existing customers should be prepared to comply, now. Which of these three methods should they use? It depends on the goal of the campaign, but mostly success relies