Subscribe to eSecurity Diva
 Subscribe via RSS Feed


 

June 29, 2009

Tired of Shopping Cart Abandonment?

If you’ve tracked visits to your ecommerce site lately, you’ve likely noticed that as many as half of your shoppers got cold feet at the last minute…right before the part where they were supposed to click “Pay Now.”

Known as shopping cart abandonment, it’s a major issue that ecommerce technology companies and consultants are tackling.  

The reasons are plenty why a shopper would go through the effort to fill his or her cart and then bail out. Uncertainty of the economy is likely one major cause. A horse racing fan would be happy to find, say, a bronze replica of Mine That Bird, the 2009 Kentucky Derby winner, on your site. But then things like sales quotas and job security come to mind. Your shopper then becomes just a visitor.

Well, according to a new ecommerce report by PayPal and comScore, the No. 1 reason for abandoned carts is sticker shock. Not on the product itself but on the cost to ship that product. In a poll Shopping cartof U.S. consumers, 45 percent said they had abandoned an order at the last minute because of higher-than-expected shipping fees.

So what’s a solution to this? The report indicates that 40 percent of those people who cited shipping costs as the No. 1 reason would not have abandoned the purchase if the retailer had provided shipping fees upfront. Transparency is key here, folks.

Another reason why shoppers bail, the study says, is concern over credit card security—21 percent.

What does that mean in dollars? According to a March report by Javelin Strategy & Research, this fear equated to $21 billion in lost sales in 2008! That’s a lot of abandoned carts.

Nothing will eliminate this fear because it’s based in reality. Identity theft and credit card fraud are growing exponentially. And so are the headlines of data breaches.

But there are steps you can take to decrease shopping cart abandonment and increase shopper confidence:

  • Go through the effort to get your site scanned for security and PCI compliance. Make sure you address any known vulnerabilities immediately.  And work with your PCI vendor to ensure that scans are conducting regularly, at least weekly.
  • Display the security seal you earned proudly.
  • Make your contact information prominent. And provide an address. Your prospects want to feel as if you’re a real company with a real locale. Not some faceless store in the netherworld of virtual space.
  • Make your privacy policy prominent too. Communicate clearly that you won’t be using your prospects’ info for anything other than processing their orders.
  • Provide product reviews if applicable. When a shopper sees customer reviews, there is just something real they bring to the table. Reviews convey a sense of community…and hence a feeling of security.

You can’t do much about the economy part—36 percent of respondents said “lack of money” was the primary reason for changing their minds. But with a little work, you can do a lot to inspire more confidence.

‘Till Next Time,

Joan,
The eSecurityDiva

June 16, 2009

Batteries.com Breach: Headaches All Around

The recent breach of online retailer Batteries.com may have escaped your attention.

The Indiana-based company, according to a few reports, issued a letter to officials in New Hampshire indicating that hackers penetrated the Batteries.com network over a period of two months from February to April 2009. In the letter, the company indicated that 865 residents of New Hampshire had been victimized. Stolen data included customer names, addresses and credit card details.

Some of that data, Batteries.com says, was used for fraudulent purposes.

Information has yet to be released on how many victims there are outside of New Hampshire. But I don’t think a hacker would have a grudge only against residents of the “Live Free or Die” state. It’s safe to assume many more customers’ identities and credit card accounts have been affected.

Those customers will undoubtedly suffer severe headaches. Dealing with credit card companies. Credit bureaus. Banks. Automated phone systems. Paperwork. The list goes on.

One alleged Batteries.com customer on this message board said he had “thousands of charges” on his credit card from someone in the United Kingdom.

“(I)t looks like the operation is very sophisticated,” the poster says. “Some of the charges occurred within 1 second of each other and must have been automated because one of the companies, British Airways, indicated that they do not permit an airline ticket to be purchased by somebody and paid for by somebody else, and the card ‘looked’ like it was issued in the UK…I suspect thousands of other victims are seeing charges on their cards too.”

But Batteries.com, and any other merchant who is hacked like this, will also suffer severe headaches. First of all, the company will be issuing two years of free credit monitoring services to victims. Second, how many of these victims are likely to shop at Batteries.com again? And what about negative press coverage?

Further, can you imagine the amount of costly and time-consuming forensics work that goes into determining the details of two months worth of hackings?

Home_forensics As a merchant, if you are breached like this, you’ll pay a forensics auditor $250 an hour to spend days—many times several weeks—to pour through your “log” files, which register all events on your network. These auditors will conduct “reverse engineering” and scour your network for all sorts of data, such as if any users accessed your network from unusual locations. If your log files have been compromised, or not backed up properly, the process can even take longer.

An IT forensics audit is so complex that Visa has certified only seven vendors as “qualified incident response assessors.” (The data gathered during these audits, by the way, help companies such as Verizon Business, one of the seven assessors, publish great breach reports like this.)

An IT forensics audit, in many ways, is similar to a homicide forensics exam. But an IT audit can cost you $20,000 or more when it’s all said and done.

That may be good news for Visa’s qualified assessors. But for small merchants, a massive breach can be devastating.

‘Til Next Time,

Joan
The eSecurityDiva.

June 03, 2009

When it Comes to PCI Compliance, You Need a Partner

As Payment Card Industry deadlines come and go, I’ve noticed a rash of acquiring banks, card processors, ISOs AND vendors jumping into the mix to get a piece of the compliance pie fees.

So, what does this mean for small- or medium-sized merchants? Well, this influx does show that companies of all walks are becoming more aware of security and PCI compliance. That is good.

But the influx also means plenty of opportunities for questionable practices that may not serve to improve the true state of security with the best interest of the merchants. That is not good.

Becoming PCI compliant is a daunting task for any merchant, especially small merchants. Whether you’re a merchant or an acquirer, you should learn more about security and PCI before selecting a compliance partner. You should also beware of simply going with the vendor who offers the lowest fees. Understand what you can expect from the PCI vendor and make sure the result is a more secure business.

Despite the inherent complexities surrounding PCI compliance, we’ve all seen ill-conceived  programs that don’t provide the most basic of services or support to merchants. Some don’t even provide a basic education in PCI. Bottom line, smaller merchants need real help with becoming—and staying—compliant.

After all, no one wins if you get fined. Or worse, breached.

Which makes me think. What is really driving this behavior? Is it to protect shoppers’ payment card data? Is it to minimally satisfy the card brands’ mandates? Or is it to create an incremental revenue stream?

Can these drivers co-exist…or are they mutually exclusive?

Some recent trends suggest to me that it will take a while for the PCI market to shake out. Merchants and acquirers will eventually grow wise to shoddy activity and will gravitate toward quality PCI-compliance services. Unfortunately, in the meantime, not enough is being done to truly advance increased security for small merchants. 

Pendulum1-101.jpg903f08b0-f0dd-43c1-8f53-e70d6eb43793Large Congress is aware of this, as we’ve seen with the recent PCI hearings. As the pendulum tilts toward more regulation on everything from carbon emissions to debt lending, this lack of true security improvements could ultimately lead to Congress legislating compliance—which the PCI Council has been diligently working at to avoid.

Worse, these trends will hurt your efforts to become PCI compliant, which will ultimately leave your shoppers more exposed to hackers and data thieves.

As the new PCI market begins to mature, having the right partners will help you stay compliant in the most efficient manner possible. Having the right partners will also ensure you’re not being taken advantage of.

‘Til Next Time,

Joan
The eSecurity Diva

May 05, 2009

More Has to Be Done to Enhance Security. But What?

If you read about the recent Congressional PCI hearings, you know just being PCI compliant doesn’t equal security. PCI compliance is only a point-in-time measurement.

So…what’s a small- or medium-sized merchant to do?

After all, the PCI compliance process can be challenging enough. But now, it’s become crystal clear that retailers, even the smallest of ones, have to make sure they’re going above and beyond what the credit card companies mandate.

Card-swipe-small Remember the Hannaford Bros. breach last year? Hannaford was certified PCI compliant by a third-party assessor—one day after the grocer was notified of massive system intrusions that had occurred months prior. The likely cause? The hackers’ malware intercepted data on magnetic strips as they were swiped by customers.

That doesn’t mean PCI compliance is worthless. Not by a long shot. In fact, Visa maintains that no company suffering a breach has been proven to be PCI compliant at the time of the compromise. It’s important to remember that PCI security standards are industry best practices that have protected tens of thousands of merchants—and cardholders—against malicious behavior. 

 But these standards still have room for improvement. The PCI Security Standards Council is continuously seeking feedback from merchants, processors and other industry stakeholders on ways to strengthen the standard. To this end, the council has recently commissioned a study on emerging technologies that could further protect cardholder data. 

The PCI data security standards, according to a recent report by the Society of Payment Security Professionals, “must be recognized for what (they are)—a tool in the protection of data rather than the last line of defense.”

I know it’s easy to put security on a lower priority list, especially if you’re a small retailer. But if you are a smaller retailer, you’re a bigger target. That’s because savvy hackers know you have fewer resources on hand, including money and time, and are often running older, unsecure payment application versions.

And trust me, it’s well worth your money and time to take security seriously. If a breach has been detected in your system, you may be responsible for:

  • A “forensics” examination, which can cost $10,000 or more, according to www.pcicomplianceguide.org.
  • Between $5,000 to $50,000 (or more) in compliance fines.
  • Legal fees.
  • Up to $10 per card for replacement.
  • Complying with breach notification state laws as applicable.
  • Restoring your customers’ confidence.

Total costs for a breached “Level 4” merchant, or those processing fewer than 20,000 e-commerce transactions annually and all other merchants processing up to a million transactions, average $36,000 and may be catastrophic for small businesses.

So, what can you do to prevent the hassles and potential business killers of a breach? First, let’s address a few things smaller merchants must do to become compliant:

  • Complete an annual Self Assessment Questionnaire.
  • Pass quarterly vulnerability scans (merchants with externally facing IP addresses).
  • Develop in-house information security policies.
  • Launch security awareness training for you and your employees.

Don’t approach PCI compliance with a “check-the-box” mentality. Use it as an opportunity to maintain a high security posture and make it part of your daily routine.  Remember, defending against criminals is not a one-time event, it’s perpetual.  

Of course, the burden shouldn’t be completely up to retailers. Banks, processors, gateways, credit card companies and security providers all have to do a better job at coming up with new methodologies, technologies and education programs to help you better protect your business and your customers’ important information.

Congress agrees.

At the hearing, a number of suggestions came up, including the need for the United States to adopt encrypted PIN technology and smarter credit cards. For years, several European countries have been using chip cards, which have small computer processors on them. Chip technology can protect against “skimming,” which involves the copying of private information from the magnetic stripe. A chip, on the other hand, cannot be copied.

According to Rep. Yvette Clarke, chairwoman of the subcommittee that held the hearing, such technologies can help reduce incidences by nearly 70 percent!

Here are some other steps advocated by the Society of Payment Security Professionals:

  • The reduction of sensitive data storage. The less crucial data you have on premise, the less data can be stolen.
  • The adoption of a more structured IT governance program. This would push us from a system of simple compliance to “real security.”
  • The deployment of a more collaborative approach to address security issues. By sharing information, new security issues and fixes will arise.

I want to hear from you. What needs to be done to improve the PCI compliance process? How can ControlScan help educate you on what you need to do to become PCI compliant? And what can be done to improve security at our nation’s retailers?

Until Next Time,

Joan,
The eSecurityDiva

May 04, 2009

Choosing the Best Hosting Provider for Your Website

We talk to thousands of small merchants each month.  Their questions span many topics, but we’re often asked if we can provide any guidance in helping a small merchant select a hosting provider.  Our customers are looking for a provider who will meet their specific business needs and offer a cost-effective  solution.

David Abouchar, senior director of product management at ControlScan, recently led a podcast on this  topic. In the podcast, "Tips to Choosing the Best Hosting Provider for your Website", David gave insight into the kind of questions you should ask and the level of support you should expect when choosing a hosting provider.  A few of the key takeaways that I think you’ll find helpful are:

  • Anticipate your Website traffic and how you will be processing credit cards first so you can determine the right hosting plan.
  • Decide whether or not you will need managed or unmanaged services based on your technical resources.
  • The level of support is a key consideration. Know up front how and when support will be available to you.
  • Use your resources. Ask your Web designer and other vendors for referrals.
  • Be sure to review the agreement and contract terms in detail before your final selection. Know which services covered in the base services agreement and which are not.
  • Make sure the hosting provider you select is PCI compliant as this will greatly simplify your own PCI compliance process.

To learn more about choosing a hosting provider, check out the podcast by visiting https://www.controlscan.com/podcasts/choose_best_hosting_provider.php.


'Til next time,

Joan

The eSecurity Diva



.

April 06, 2009

Congress: If You’re Just PCI Compliant, You’re Not Secure

Is regulation coming to a point-of-sale device near you?

Cards It certainly appears so. At least if the credit card ecosystem—banks, processors, security companies, assessors and retailers—doesn’t do more to ensure consumer transactions are safer.

Last week, Congress held hearings designed to get to the bottom of what is being done, and what can be done, to help stem the tide of cyber fraud and identity theft. It left little to debate. More has to be done. Now.

Bottom line, said a no-nonsense Rep. Yvette Clarke, chairwoman of the subcommittee that held the hearing, just being PCI compliant does not guarantee security.

Clarke said a recent investigation found PCI standards are of “questionable strength and effectiveness.” As a result, she warned, retailers need to take proactive measures to protect themselves and their consumers. She also said new security technologies and practices are needed—ASAP:

“The time for waiting is over. The time for shifting risk is over. Today, the responsibility is yours to make this situation better.”

Clarke spoke those words to a panel consisting of high-ranking representatives from the Department of Justice, the PCI Security Standards Council, Visa, Michaels Stores and the National Retail Federation.

For a change, it certainly appeared to me that our elected officials got it. And I also think the panel did an excellent job delivering a down-and-dirty assessment of the strengths, limits and dangers of our current security compliance system. Even if they did shift blame a little.

I think we all can appreciate just how vulnerable we are when Rep. Dan Lungren, vice chair of the committee, admitted his family was recently a victim of credit card fraud. He was particularly peeved at how he was informed: Embarrassingly, at a restaurant, when the waiter said his card wasn’t working. When Lungren called the credit card company, it didn’t have any information other than his account had been “compromised.”

Talk about more work to be done. If this can happen to Lungren, it can happen to anyone.

The PCI Council’s Robert Russo said his organization’s standards are solid. The challenge is that the council doesn’t enforce standards. That’s up to the credit card brands and the banks/processors. Many companies also approach PCI with a checking-the-box mentality. PCI compliance should be viewed as an opportunity to build solid security best practices for long term security versus point in time security. Visa’s Joseph Majka, meanwhile, said the credit card company never found a breached company to not be in compliance with PCI standards.

Regardless of these testimonials, data security standards need some work, said Michael Jones, CIO of Michaels Stores, who delivered a no-holds barred critique on the PCI compliance process. These standards were “set up for the credit card companies and banks to have all the power over fines and mandates,” Jones testified. “It is not an industry standards body.”

He continues: “We would be more secure…if the credit card companies would take more responsibility.”

Jones’ concerns: The inconsistencies, confusion, high cost and ambiguity in data security standards. Not to mention the credit card monopoly that controls these standards. While there is some debate over his particular issues, I agree PCI standards need to be much better. I also agree more responsibility can be shared. The retailer, after a breach, is left holding the bag. The retailer is demonized in the press. And it is often the one hit with fines.

We can debate the fine points of Jones’ concerns all we want. But it’s clear the United States is lagging behind. And it’s also clear retailers’ systems need to be better protected. While several European countries have enacted stricter and smarter standards, regulations and technologies, fraud has decreased in those countries. However, it is increasing globally, chairman Clarke points out. Why is this? Because hackers are taking advantage of countries with weaker technologies and security practices.

In other words, countries such as the United States. Of course, we must all keep in mind that the European countries' new technologies have much fewer companies to worry about versus the United States.

In a coming post, I will lay out some best practices specifically focused on small merchants. In the meantime, the seriousness of the situation cannot be underestimated. Not only are U.S. retailers the means of which more hackers are becoming rich, but U.S. retailers are also the means of which terrorists are financing their murderous activities.

Clarke reminded the panel that the 2002 Bali nightclub bomber financed his mission with credit card fraud.

Terrorists are clearly on the hunt for cyber vulnerabilities.

They could find that next vulnerability in your system.

Until next time,

Joan
The eSecurityDiva

March 25, 2009

The Greatest Threat to Retail Security Lies Within

In the best of times, retailers know that theft is a matter of when, not if.

In times like these, well, you can only imagine that the threat is amplified. Some estimates show retail theft soaring 20 percent over the past six months or so. For a small retailer, a 20 percent increase can be a death knell. It’s a serious increase even for the Wal-Marts of the world.

But before you cast an overly-cautious eye at the next customer who comes in, you may want to look within first.

Shulman I recently had a chance to talk to Terrence Shulman, head of the Shulman Center for Compulsive Theft and Spending. Companies a year ago—before the credit meltdown—he says, were losing $50 billion annually from employee theft. Shoplifting, meanwhile, accounted for $15 billion to $20 billion—60 percent less! Worse, Shulman says, shoplifters usually don’t habitually frequent the same locales. Employees, on the other hand, are there everyday. And on average, it takes 18 months to catch a thieving employee.

“It’s hard to live in an environment where you can’t trust anybody,” Shulman says. “But we all need universal precautions. Especially today.”

Shulman, author of “Biting the Hand That Feeds: The Employee Theft Epidemic,” is a therapist who helps people who are addicted to everything from shoplifting to credit card fraud. Oh, and in case you were wondering, he really knows what he’s talking about: He’s a former compulsive thief. He was even arrested—twice—for his crimes.

Cuffed We talked about steps retailers can take to lessen employee theft. We also talked about the psychology of employee theft. After all, you can better prevent problems if you better understand them.

Yes, theft is up due to the bad economy. When people have less money, they steal more.

However, employee theft is also driven by anger at their perspective employers, not necessarily by a feeling of financial necessity. Lack of respect is a big driver, he says. Another driver is having their hours or benefits cut, or having increased responsibilities levied on them with no increased compensation.

Anger at the current business and political climate is also a factor. Many employees, he explains, see the headlines of “fat cat execs” getting million-dollar bonuses, while their failed companies are getting bailed out by U.S. taxpayers. This is leading to an “entitlement environment” in which some employees feel they deserve more than they really do, because others—such as bank CEOs, AIG execs, certain politicians, and even Bernie Madoff—are rolling in money they don’t deserve, Shulman says.

These feelings can manifest in stealing money, merchandise or even identities.

“People are beginning to think differently about ethics,” Shulman says. “They are increasingly thinking that life is not fair, that nobody is honest. When you’re working hard, and when you’re only criticized and not rewarded, this thinking increases. It might start off small. Like lying on a time card. Or taking office supplies home. Little by little, the seeds are planted.”

He continues: “They’re thinking, ‘Why should I be busting my butt for so little?’ It creeps in even with people of integrity. Over time, it becomes addictive.”

Which leads to how to decrease the probability that you will become a victim:

  • Conduct background checks on prospective employees.
  • Look into “honesty assessment” tests.
  • Require letters of reference.
  • Set up a probationary period for new employees. So not to make them feel like they’re under suspicion, make sure the policy is applied to everyone.
  • Consider technologies such as more advanced cameras, RFID and barcoded timecards.
  • Conduct random audits to limit embezzlement.
  • If a theft does occur, prosecute. It may be tempting to forego the hassles of prosecution, but you’ll send a message to other employees. And you may actually help the thief out. Going to jail may be the catalyst that affects change in his or her life, Shulman says.

But perhaps the most important tip: Don’t forget the “human element.” Trust your intuition when interviewing a prospective employee. We can rely on all the technology in the world. But in the end, human instinct is often the most powerful tool in detecting—and preventing—bad behavior.

And…once you’ve hired an employee, treat him or her well! Employees who are respected by their employers are less apt to steal, Shulman says. Further, having happier employees may actually lead to less customer shoplifting. That’s because shoplifters often commit their crimes on a whim, perhaps when confronted by a rude or complacent employee. Happy employees are simply less apt to be rude or complacent.

And since we’re on the topic of the human element, watch the bottom-line instinct when confronted by decreasing revenue. The first thing many retailers do when facing financial pressures is to cut back on employees' hours. But this can actually cause increased opportunities for customer theft because there will be fewer eyes.

I’ll leave you with a few sobering and optimistic figures. According to Shulman, about 30 percent of retail employees will steal regardless of what you do; it’s just in them. However, 30 percent also will never steal, due to their good ethics. That leaves 40 percent that you can affect…

Positively or negatively.

Until next time,

Joan,

The eSecurityDiva

November 25, 2008

When it Comes to PCI – What is Considered a Payment Application?

Since the PCI Council has placed increased emphasis on compliant applications via the Payment Application Data Security Standards (PA DSS), nearly every day we get questions such as “what constitutes as a payment application when it comes to PCI?” Unfortunately it is difficult to find a specific definition. Our resident CISSP, Fritz Young, wrote a brief article on this subject yesterday to help clarify and better define the term “payment application” as it relates to PCI.

We define a payment application as anything that stores, processes or transmits card data electronically. In most cases, this does not include the hardware running the application unless the hardware and software are intertwined similar to a credit card swipe terminal. Examples of payment applications may  include Point of Sale systems or shopping carts for e-commerce Websites.

We have a Website completely devoted to educational topics related to PCI. So I encourage you to check out the Website (www.pcicomplianceguide.org).  You can review Fritz’s article and also find answers to other questions you have related to PCI.

I’ll keep you posted on anything else we find out related to payment applications – so please stay tuned. If you have specific questions, I encourage you to comment on this post.

'Til next time,
Joan
The eSecurity Diva

November 21, 2008

Social Networking - 5 Tips to Connect With Your Customers

As I promised in my last article, we just finished a podcast devoted to social networking for business. We interviewed Joe Koufman, vice president of business development and marketing, Engauge Digital, an award winning interactive marketing and technology agency with proven experience in maximizing user experience to help their clients attract, convert and retain more customers. They definitely understand the social networking space.

Anyway, during the podcast Joe provided 5 practical tips to help small merchants implement social networking in their businesses. I'll fill you in on a few of my takeaways and then you can check out the short podcast to learn more.

Good stuff! Also you can read the Engauge Digital blog by visiting http://blog.engauge.com.

To learn more practical tips about social networking check out the podcast by visiting https://www.controlscan.com/podcasts/social_networking.php.

'Til next time,
Joan
The eSecurity Diva

November 17, 2008

Not Connecting With Your Customers? A Social Network May Be a Solution.

Like many of you, I find that sometimes it is difficult to know how social networking can play a part in business – especially small e-commerce and retail businesses. More and more we are seeing companies experiment with or incorporate social networking sites into their marketing strategies. As confusing as it can be – I am intrigued and think that it is very important for all of us to pay attention to trends in this space. For instance, if you’ve been on YouTube lately, you may have noticed that the popular video site is now in the e-commerce business.

The Google-owned company recently announced that it was adding “click-to-buy” links to thousands of videos and will be partnering with e-commerce juggernauts iTunes and Amazon.com in the process.

Watching a video about a soon-to-be-released video game? Well, now you can just click a link and buy it! It’s a bold move that should benefit both the retailers and YouTube.

Which brings me back to the world of social networking and how it can help small- and medium-sized retailers. Did you know that heavy social-networking site users are more apt to visit online retail sites? According to a 2007 comScore study, 95 percent of people who regularly visited sites such as Facebook, MySpace and YouTube said they also visited retail sites. That’s compared to 80 percent of the total U.S. Internet audience.

If you’re marketing to a younger populace, you may absolutely want to think about a social network strategy. According to a recent study by shopping comparison site PriceGrabber, 85 percent of Generation Y participates in some form of social networking.

I recently interviewed Kristi Grigsby, marketing director for Neighborhood America, an organization that builds enterprise-oriented social networks for clients ranging from Volkswagen to Fox News, on how these sites can benefit retailers.

First, Grigsby says, you need to determine if a social site is right for you. She says that merchants who already have customers are more apt to succeed than those who don’t. (After all, a network won’t do you much good if no one goes to it). Having a compelling product is another precursor. A retail technology product, for example, is a better candidate than, say, a lawn care product. (Nothing against lawn care products.)

So, what can a social site do for you? It will let you better connect with your customers. Yes, they will be in control. But that’s a good thing. Grigsby says that when your customers are in control, you will get unfiltered opinions—directly from the people buying your products. Wow – what a cost-effective way to generate some market research.

Best of all, social network sites aren’t just for large car companies or news organizations. Grigsby tells of one small t-shirt retailer, Threadless, which has been wildly successful with its network. The site lets users design their own shirts. These designs are voted on by other users. The top-rated shirts, meanwhile, are then made. The company (which is not a client) is getting thousands of clothing design — for virtually free!

The 35-person firm adds 20,000 new members monthly and receives 150 new t-shirt designs every day. This year, the company expects to post $20 million in revenue!

“That’s a lot of t-shirts,” Grigsby says with a laugh.

Oh, and if you’re thinking that a down economy may not be a good time to start a network, you may want to rethink.

“In these economic times, consumer spending is down,” Grigsby says. “It’s a competitive market. Never has there been a more critical time to think about connecting with customers more intimately — especially for retailers.”

I haven’t solved the mystery of social networking, but I will continue to share what I find out. We are interviewing a subject matter expert on this topic later this month – so stay tuned, it should be fascinating stuff!

'Til next time,
Joan
The eSecurity Diva