May 2010 – Cover Story: Fighting the Good Fight

Merchants’ Battle Against Friendly Fraud Will Be A Protracted One–Across Two Fronts

By Bob Botelle

The 2009 LexisNexis True Cost of Fraud study contains a wealth of merchant-reported experience in the war against fraud in commerce. A common cause for concern among those experiences? Friendly fraud accounts for more than one-third of the total fraud for online-accepting merchants–or, according to the study, .4 percent of total annual revenue. More than one in five merchants are experiencing increases in friendly fraud. It’s the greatest source of fraud for online-only merchants, representing over one-third of their total fraud losses–and about 24 percent of total fraud losses for the largest e-commerce merchants.

Of all threats to merchants, friendly fraud is perhaps the most insidious. It’s not a function of global competition, margin pressure, customer satisfaction or criminal activity. It’s an ongoing source of fraud loss for merchants in card-not-present/customer-not-present industries, particularly those in e-commerce and direct response. Unlike other forms of fraud, friendly fraud is very difficult to detect at the front-end of a transaction and–as a result–hard to stop before it happens.

Increasingly, many merchants and providers alike view tacit acceptance of friendly fraud as tantamount to decriminalizing theft. There is even growing clamor to create global databases of bad customers.

While there is certainly room for improvement in the prevention and recovery processes that support merchants–particularly within the systems designed to resolve transactional conflict (e.g., the charge-back process)–the potential brand-damaging implications of returning friendly fraud’s volley with a “friendly fire” approach is questionable. More about that shortly.

Getting Around Friendly Fraud
While the term “friendly fraud” means different things to different merchants, its broadest, and perhaps best, definition is this: any transaction, contested by a customer, where the merchant suspects that the customer or a personal associate (child, spouse) legitimately authorized the transaction in question.

Stepping back even further, many merchants will tell you that there’s little distinction between friendly fraud defined as a cardholder who knows they’re responsible for a purchase while refusing to pay for it, and other forms of fraud, particularly return fraud. Ultimately, the merchant faces not only the lost revenue, but also the costs associated with recovery.

Despite the value of many fraud-prevention and screening tools available across the payments industry, there is no magic bullet for tackling friendly fraud. Certainly, the basic, ubiquitous and proprietary solutions for matching card and cardholder, verifying address, etc., still apply. The biggest decision for most merchants is choosing the “front” on which they will battle friendly fraud and the amount and type of investment they will devote to the fight.

War on Friendly Fraud: Two Fronts
The two clear fronts on which friendly fraud can be fought are prevention and recovery. On the prevention battle line–and despite the plethora of fraud-detection and screening tools available today–the reality is that friendly fraud remains largely a challenge of managing the problem versus eliminating it. Prevention methods–such as advanced order scoring and manual order review, as well as high-hold handling–are still a function of the type and ticket value of the good or service that a merchant sells. After all, advanced scoring can kill good orders, and high-hold handling can get quite expensive. Recovery, driven in part through the established charge-back/re-presentment process, is also a balancing act of investment versus return.

Mitigating friendly fraud on either front becomes a function of the people, processes and tools in which merchants invest.

On the prevention front, the people element is comprised of your call center and customer-service staff. Process here is predicated upon the merchant’s risk model, driven by, among other things, choices in customer service training and improvements, velocity-checking management and high-ticket/high-touch policies and procedures. Tools on the prevention front include IP geo-location, device fingerprinting and negative customer lists.

On the recovery front, people investments include those made in legal teams, collection agencies, delivery providers and attorneys general. Process is largely driven by policy or the dollar value of the goods and services sold. Tools include regulations and reporting (the collection of data/proof points used in the chargeback and/or legal process).

Remedies for Success–Education and Persistence
One of the best defenses that any merchant, retailer or service provider can leverage to combat friendly fraud is systemic supplier education. It sounds simple, maybe even trite to some, but think about it in the context of these next questions: Have you ever ordered something from a catalog or a website? Was there ever a time when a call center representative “forgot” to ask you for a card identification number? Was there ever a time when your web purchase did not include a specific box at checkout to include that same card identification number? If you’re a frequent customer-not-present consumer in the card-not-present world, chances are you answered “yes” to one or both of those questions.

This is a first-gate failure of one of the simplest fixes–identify and screen data that indicates a card is in the hands of its rightful owner. Identify and screen matches for address. Collect all that is yours to collect to give you the comfort that the somebody buying is the somebody who’ll be getting.

Pushing education through an entire retail provider chain is critical. What’s more, it’s one of those not-so-conventional areas in which the suppliers themselves can take arms on the merchant’s behalf. Payments partners in their role as the ultimate transaction processor can play a major role in working with a merchant’s chain-of-order management, fulfillment, web sales and marketing and call center providers.

Truly, this remedy supports the prevention side of the battle best, but indoctrinated best-practice behavior comes with the side benefit of extraordinary documentation that can be used, when the time is right, on the recovery front.

Survey most merchants and they’ll tell you that this approach is still not allowing them to prevail in the fight. Yet calls for more controversial approaches are not only likely to be ineffective–they’re likely to be downright damaging to your bottom line.

Negative Lists and the Bad Customer
For years, merchants have used their own, so-called “negative customer” lists to screen orders from customers whose negative order, refund and/or chargeback histories raise flags. This is a sensible and worthy mechanism allowing a brand to weigh its experience with an individual consumer against that same consumer’s lifetime value to the brand. For most merchants, this approach to both customer relationship and brand management has been an asset and not a liability.

Increasingly, however, merchants’ frustration and the lack of a true industry agenda against friendly fraud has helped promulgate a new form of the negative list: the global bad customer list or database.

However, a global database as a new truth-seeking shield shared broadly across, between and among merchants, stands to do more damage to brands and their relationships with consumers than it thwarts friendly fraud.

In fact, these global lists could potentially create a friendly firestorm on the field of commerce. Potential ramifications include consumer alienation, customer loss and–ultimately–damaged reputation. Merchants and consumers routinely have justifiable disputes; most resolve themselves adequately, and the consumers certainly don’t want to be labeled as “bad” because of a negative experience with one transaction or one merchant. Consumers appearing on such lists may have had only one dispute with one merchant. Yet the potential exists for such lists to brand those consumers as bad across a global band of merchants. This ultimately is in no one’s interest–particularly not the merchants’. The rapid evolution of Internet-driven, word-of-mouth consumerism can create brand damage in a fraction of the time required just a few years ago.

Driving a Friendly Fraud Agenda for Merchants
Let it be said in the event that it is not obvious: there is no commerce without merchants with goods and services to sell. And there is no commerce without all of us as consumers to buy these goods and services. But, unfortunately, friendly fraud liability drops squarely in the laps of merchants.

Solutions are not likely to be found in promoting antagonism in commerce: seller battling buyer. This is the principal reason that bad-customer approaches will ultimately be ineffective.

The solution is much more likely to be found in a systemic education process benefiting all fronts on which merchants fight friendly fraud. Solutions should also be found in a stakeholder-inclusive, industry-wide agenda. It will take payment processor, order and fulfillment management systems, call center voices, acquirers, issuers and merchants to promote the educational and programmatic agenda that will help stem–and hopefully reverse–the significant operating costs and revenue losses associated with the enemy known as friendly fraud. It is likely to include the efforts of these same parties to improve systemic dispute resolution processes in cases of suspected friendly fraud.

Bob Botelle brings more than 20 years of direct marketing, customer service and operations experience to Litle & Co. As executive vice president, merchant services, Botelle leads the front-line organization responsible for delivering Litle’s pledge of best-in-class customer service to card-not-present merchants. Botelle can be reached at bbotelle@litle.com.

February 2010 – Online Insights: Payment Processing

Managing Interchange Fees

A recent Wall Street Journal story reported that U.S. banks collected $45.3 billion last year from credit- and debit-card fees charged to merchants. About 75 percent of this came from interchange fees set by the two major card brands, Visa and MasterCard. Interchange fees, long a part of the card acceptance system, are the fees that a merchant’s bank (the “acquiring bank”) pays the card-using customer’s bank (the “issuing bank”) as cards are accepted for purchases. Set by the card brands and typically updated twice each year, there are more than 400 interchange categories for the two major brands combined. Over the last several years, regulator inquiry and merchant clamor across the globe have turned the spotlight squarely on the costs associated with card acceptance.

Know what you pay to manage interchange
For the majority of merchants, interchange fees make up the largest component of processing costs. For card-not-present merchants, it typically represents more than two percent of each credit card transaction. Managing these fees, particularly for card-not-present transactions, can save merchants thousands–perhaps millions–of dollars annually depending on their transaction volume. Qualifying for the best interchange rate on a per-transaction basis is a complicated process and it starts with knowing what you’re paying.

Typically, there are two different ways merchants are billed for processing, which includes interchange costs. The first is a “discount rate,” whereby the processor charges a percentage-of-sale discount on gross sales. These arrangements may also include a fixed per-item fee for each sale, as well as card brand assessment fees and the processor’s own fees. The second method is via a “pass-through” (often called “cost-plus”) basis, which distinguishes all sets of fees that you are being charged. Discount rates can obscure actual costs and make it impossible to know if you are qualifying for optimal interchange fees for your transactions.

Opting for pass-through billing allows merchants greater visibility into their true interchange costs. For instance, many transactions–for one reason or another, and usually associated with the quality and amount of data provided for the transactions–suffer from so-called “downgrades.” That’s to say, they don’t qualify for the best (i.e., cheapest), interchange rate. Sans specific breakouts of interchange fees in their billing and reporting, merchants have no idea when they are losing dollars because of downgrades. And, given the sea of qualifying rates, this is a critical point of breakdown for many merchants on the interchange fee front.

The pass-through model and a complementary reporting platform that specifically accounts for interchange costs is a good start to navigating the thousands of pages of regulations that guide major card brand interchange qualification. Most merchants have neither the time nor the resources to master the rules and regulations of interchange qualification. Their processors and processing platforms, however, should have both.

The following are some important keys to saving on interchange fees:

• Choose a pass-through rather than a discount rate;
• Scrutinize your processor’s set-up protocol before you begin sending transactions through a new platform. How have they categorized your business? By using “Merchant Classification Codes” or MCCs? Are you transmitting transaction data in the best formats?
• Ensure full, complete and accurate data transmission (bad data and inaccurate formats are the first steps toward downgrades and lower interchange qualification rates); and
• Make sure to establish accurate benchmarks and then analyze the data (if your interchange rates are increasing or decreasing over time, you need to identify causes and solutions).

Choosing the Right Payment Platform
The complexity of card acceptance is lost on most of us. Interchange, in and of itself, is extremely complicated and most merchants feel powerless when trying to minimize their interchange costs. This makes it essential for a merchant to partner with a trusted, educated payment processor whose expertise is in their area of commerce and whose platform is designed accordingly. For example, expertise in large-scale point-of-sale (POS) transaction processing is not the same as expertise in card-not-present (CNP) direct-to-consumer sales. Interchange rules and regulations vary significantly between and among commerce categories, and the orientation of both your account leaders and their platforms should be wired to your interests.

Here’s a summary of a few important best practices to keep in mind:

• Understanding your interchange costs starts with the manner in which you are billed and the reporting you receive (pass-through over discount rate);
• Benchmark and analyze constantly;
• It’s all about the quality and accuracy of transaction data; and
• Select processors and platforms on the basis of commerce-category expertise.

Partnering with your payment platform provider gives back to merchants some of the power to understand the sea of interchange rates, making it possible to manage, control and minimize the fees associated with card acceptance.

David Burrows is vice president, product management for Massachusetts-based Litle & Co., a leading card-not-present merchant account, processing and services provider. He can be reached via e-mail at dburrows@litle.com.

Summer 2009 – Online Insights: Data Security

Tokenization Gains Traction

By Gary Palgon

Protecting confidential customer information from theft and accidental loss is a critical business challenge for retailers, whether you sell your products in stores, online, via mail order, from a call center, or a combination thereof. Wherever payment card information is collected and stored, it is at risk. This applies equally to personally identifiable information (PII), whether it is customer loyalty information or employee data. No one in this industry needs to be reminded of the many high-profile, reputation-damaging and costly data breaches that retailers have suffered in just the past few years.

We’ve seen state breach notification laws and international privacy laws enacted, as well as industry mandates such as the Payment Card Industry’s Data Security Standard (PCI DSS). Most large retailers and many smaller ones have adopted some form of data encryption to protect the payment card numbers entrusted to them.

While there is no question that data encryption—when combined with data security best practices—is effective for protecting sensitive data and for complying with PCI DSS, the encrypted data remains in the applications and databases. Any system that contains this encrypted data is a point of risk and, therefore, considered “in scope” for PCI DSS compliance and annual audits. Moreover, as retailers seek security for more diverse types of confidential information such as social security numbers for employees, commercial driver’s license numbers for company drivers, as well as passwords and other sensitive data, data encryption becomes more complex and resource intensive.

Another challenge is that encrypted data takes up more space than unencrypted data. Many forms of PII contain many more characters than a 16-digit credit card number—all of which can pose a “square peg into a round hole” storage problem with consequences that ripple through the business applications that use the data. Retailers must often contract for costly modifications to existing applications and databases.

To reduce the points of risk as well as the scope of PCI DSS audits and to provide another level of security, a new data security model—tokenization—is gaining traction with retailers.

WHAT IS TOKENIZATION?
Tokenization is an alternative data protection architecture that is ideal for some retailers’ requirements. It reduces the number of points where sensitive data is stored within an enterprise, making it easier to manage and more secure. The newest form creates a token—or surrogate value—that represents and fits precisely in place of the original data (instead of the larger amount of storage required by encrypted data). Additionally, to maintain some of the business context of the original value, certain portions of the credit card can be retained within the token. The encrypted data the token represents is then locked in a central data vault and protected by encryption keys.

Because tokens are not mathematically derived from the original data, they are arguably safer than encrypted values. A token can be passed around the network between applications, databases and business processes safely, all while leaving the encrypted data it represents securely stored in a central repository. Authorized applications that need access to encrypted data can only retrieve it using a token issued from a token server, providing an extra layer of protection and preserving storage space.

One large retailer recently performed an internal audit and discovered credit card information stored in more than 200 places. Even with a strong encryption and key management solution and excellent internal procedures, this was unmanageable and an unacceptable level of risk. The company first deleted credit card information from places where it wasn’t truly needed. The next step was to reduce the number of instances of the information to four encrypted “data silos” and substitute tokens for the credit card information in the remaining locations. This created a highly manageable architecture and reduced the risk of breach dramatically.

DATA ANALYSIS: BUSINESS AS USUAL
Referential integrity can introduce problems where various applications (e.g., loss prevention, merchandise returns, data warehouses) and databases use the sensitive data values as foreign keys for joining tables to run queries and perform data analysis. When the sensitive fields are encrypted, they often impede these operations since, by definition, encryption algorithms generate random encrypted values. While there are methods to remove the “randomization,” there are risks involved. A consistent, format-sensitive token eliminates this issue. It also reduces the number of employees who can access sensitive data to minimize internal data theft risk. Under the tokenization model, only highly authorized employees have access to encrypted customer information—and even fewer have access to the unencrypted data.

REDUCING AUDIT SCOPE
When you undergo a PCI DSS audit, all of the systems, applications and processes that maintain or have access to credit card information are considered “in scope.” However, if you substitute tokens for the credit card information and the systems, applications and processes never require access to the token’s underlying value, they are taken “out of scope” and do not need to comply with the PCI DSS requirements.

IS TOKENIZATION FOR YOU?
Tokenization, for all its benefits, is not a silver bullet for every retailer. Is it right for your company? For many, the best solution is a hybrid approach: a combination of localized encryption, centralized tokenization and data security best practices. Tokenization is worth considering if your company:

• Collects and stores large volumes of structured data (e.g., credit card numbers and PII such as social security numbers, customer buying habit information, salary records, etc.).
• Has a fully interconnected IT environment, whereby systems with confidential information are connected to a central application and data vault. Centralized tokenization doesn’t work in a disconnected environment; localized encryption or “in-place tokenization” works well in those systems.
• Wants to reduce points of risk and make compliance with PCI DSS easier and less costly. Tokenization reduces the points of risk by removing encrypted data from applications and databases throughout the enterprise, thereby taking those systems out of scope for compliance and audits.
• Wants to avoid costly modifications to applications and databases to store encrypted data.
• Conducts trans-border business. Retailers who do business in Europe must obey European privacy laws, which prohibit certain employee and consumer information such as social insurance numbers from being electronically transferred across international borders without express written consent. Because tokens can be transmitted in place of confidential information and referential integrity is preserved, application development, testing and data analysis can be conducted on information collected in other countries while complying with international law.

Tokenization reduces the scope both of risk and data storage requirements, while maintaining referential integrity and streamlining the auditing process for regulatory compliance. The higher the volume of data and the more types of sensitive data you collect, the more valuable tokenization becomes. Fortunately, incorporating tokenization requires little more than adding a token server and central data vault. For retailers with a combination of disconnected and interconnected data entry systems, incorporating local encryption and tokenization with centralized encryption key management will provide the best protection.

Gary Palgon is vice president of product management for data protection software vendor nuBridges, Inc. He can be reached at gpalgon@ nubridges.com.

Spring 2009 – Direct Response Marketers: Achieve Your Online Potential!

Some multichannel marketers—especially those with roots in DRTV—tend to approach their web presence with an emphasis on cost management. By instead focusing on the following 10 fundamentals of online marketing, these marketers—in fact, all marketers—could enjoy web revenue that far exceeds their expectations.

By Bob Greenstone

Just 10 years ago, if you had a successful product on TV, you didn’t really need a website. That’s because less than two percent of sales came from inbound web traffic generated by DRTV media. Just five years ago, almost any ol’ website would’ve been sufficient to handle the 10 percent of sales being processed online. My how things have changed!

Today, you need a carefully designed, expertly managed website to capture the 50 percent of sales (or more) a successful DRTV campaign can deliver. To put that in perspective, if you were foolish enough to run your business like you did 10 years ago, your CPOs would be twice what they could be. Moreover, the gap between a good web services provider and a great one has increased just as dramatically. These days, you could be doing 50 percent of your sales online and still be leaving another 50 percent on the table. I’ve seen it happen.

I can’t blame DRTV marketers. They come from an industry where campaigns hinge on a dollar or two per order, so squeezing pennies from suppliers seems like the surest strategy for success. But the web is a totally different animal, and marketers need to realize that cost management alone is insufficient to realize a campaign’s full potential. For example, while it’s true that you take orders in similar ways on the phone and on the web, the similarities end there. While you can usually only squeeze small improvements out of your inbound telemarketing process with better or more aggressive scripts, on the web you can literally double or even triple your sales through dozens of well-executed changes managed in real time.

Yes, that’s right: Most DRTV marketers have the potential to double or even triple their web business. “How is this possible?” you may ask. “Isn’t a website just a website? If they come to my website, no matter how poorly optimized it is, won’t the customers just buy anyway?” No, no—a thousand times no!

Consider a small change, such as to the headline of your site, the positioning of the order button or the color scheme. In statistically valid experiment after experiment, we have demonstrated that changes to these elements can increase or decrease sales by as much as 20 percent—per factor! I know it sounds crazy, but it’s true.

Now imagine what years’ worth of findings like these could do if applied to your website, and you’ll see why the quality of your web services is so important these days.

Not only that, but the supplier you select can bring you amazing benefits or incredible grief in other areas as well, such as data security, website uptime, the flexibility to make quick changes or even the ability to predict the potential success of a DRTV product before you invest in commercial production and media.

With this in mind, here is my checklist of the top 10 things you need to achieve your full web potential, whether you’re using an outside supplier or managing an in-house team.

The Best Possible Conversion Rate

A conversion rate is defined, simply, as the percentage of website visitors who place an order. If 100 people visit your site and 20 place an order, that’s a 20-percent conversion rate. So how do you maximize that number? In today’s online world, where consumers are used to amazing visual experiences, the old techniques aren’t working as well as they used to. Take streaming video. It’s not what it used to be. In fact, I’ve even seen it lower conversion rates. These days, sophisticated animations and well story-boarded websites do a much better job of driving sales. So how do you know what’s optimal? Simple: Test, test, test. If your web team doesn’t have A/B split testing capability or, better yet, multivariate testing capability, you are most definitely leaving money on the table.

The Highest Average Sale

The average sale is calculated by dividing the number of visitors who place an order into the total revenue generated by the site. Most DRTV websites today imitate the phone experience by using the exact copy and flow from the campaign’s telemarketing script. Not a bad place to start (provided that script is working), but that’s usually as far as most marketers go. Simply testing one set of copy, one image and one presentation of these elements is a strategic relic from an earlier time. Modern multivariate testing technology can test dozens of copy points, images and other combinations to identify the recipe that delivers the highest average sale. You may need a team of talented graphic artists and copywriters to get there, but help is available at no incremental cost to you if you outsource to a competent web services provider.

Solid Data Security

Poor data security could destroy your business overnight. Most suppliers tout PCI compliance, but this is a very minimal standard that provides virtually no protection against data loss. Your web solution needs to involve not only basic protections, such as PCI compliance and HTTPS secure web pages, but also a complete data security plan with proper supervision. Most DRTV marketers have no idea how their data is stored and handled. Yet if their supplier loses a batch of credit card numbers to a cyber-thief, they will be on the hook, potentially for millions of dollars. Some questions to ask: Does your provider have an SAS-70? Do they even know what that is? How many millions of dollars of data loss insurance do they have?

Adequate Support Staff

Testing offers and keeping your website current are critical to executing your marketing plan effectively. There’s nothing worse than getting a distorted read on a new offer because your online team failed to update the site properly. Here again, there are several important questions to ask if you’re outsourcing. How many graphic designers and animators do they have on staff? How many IT support personnel? How many account executives?

“Five Nine” Server Uptime

The expression “server uptime” refers to the percentage of time your website is available to the public. This is important for obvious reasons. Just as you can’t sell from an empty shelf, you can’t process orders without a live website! However, unlike brick-and-mortar stores, keeping a virtual store running 24/7 involves a lot of technical details that can prove daunting. Most times when your site goes down, you’re probably not even aware of it—unless you happen to be trying to access it at that moment. In order to ensure the ideal maximum uptime of 99.999 percent, known as “five nines,” you need to have a minimum of two data centers online with your websites on both of them. These data centers also need to be “load balanced,” which means that if the primary data center has any issues at all, the other data center can automatically kick in and handle the extra load. It is rare for a provider to have this capability, but it does exist in the marketplace. The provider also needs to have 24/7 monitoring and alarm systems in place that notify tech support staff of impending or existing hardware, routing or connectivity issues, as well as attempted intrusions by hackers.

Real-time Reporting

Next-day reporting is not acceptable in our “on demand” world. For myriad reasons, you need real-time reporting. But this is not as easy or as trivial as it sounds. The type of servers that accept orders are different than the type that crunch mountains of data and turn it into meaningful reports in real time. Do you or your supplier have access to both? If not, you’re at a competitive disadvantage.

Sources for Incremental Sales

In addition to helping you manage your paid search advertising, your supplier or web team should also be able to help you get massive amounts of incremental orders from affiliate, search and e-mail campaigns. Competency in this area cannot be overemphasized. Proper affiliate management can increase web sales 25 to 50 percent! These sales aren’t free, of course, but most are paid for on a cost-per-acquisition (CPA) basis. That means your ROI is locked in at 200 percent or better. Here’s a quick way to find out if your web team is maximizing this opportunity. Go to Google and search for your brand name. If you and your affiliates don’t own the top paid and natural search listings, you are once again leaving money on the table. As for e-mail, look for a provider that has a highly seasoned program at least five to 10 years old and that aggregately e-mails a billion or more pieces each month.

A System for Saving Sales

It’s an unavoidable fact: Even on the highest-converting websites, the majority of visitors leave without buying. A well-known technique to help address that problem is a pop-up chat window. As the name implies, when a visitor tries to leave the site without buying, a window pops up and encourages them to chat with an artificial intelligence or a human that can answer questions and present better offers. These pop-ups are sophisticated enough to avoid most pop-up blockers and can increase sales by 10 percent or more. A no-brainer, right? The only problem is that the third-party solutions on the market take a large chunk of the “saved” sale. On the other hand, a first-rate web services company should have this capability built into its system and offer it free of charge to clients.

Flexible Pricing

If you’re using an in-house web team, this one doesn’t apply. But if you’re outsourcing, you should know that pricing has really come down in the online space. In fact, it is now common to find vendors that offer services related to inbound traffic for free. Such vendors (my company is one) earn their compensation from various types of third-party offers made after your transaction is completed. This model is significantly improving campaign break-evens by eliminating a cost center, especially with campaigns where web sales are in excess of 50 percent of total sales. It’s even being applied to the telemarketing side in a new packaged offering of web and IVR for free.

Great Attitudes

IT departments are notorious for their difficult attitudes. They can be rigid in their thinking and reluctant to accept new information, especially from more creative personalities. To achieve your full potential online, you need to overcome this common barrier. As a wise man once said, the only constant is change. That’s especially true in the online world. As I mentioned earlier, being a few years out of date in your thinking can mean the difference between campaign success and failure.

Bob Greenstone is CEO of Permission Interactive, Inc. in San Diego. He can be reached at (619) 708-7456 or at bob@PermissionInteractive.com.