Tag Archives | e-commerce

California Looks to Get Tough On Internet Taxes

With the states having problems staying financially solvent in the wake of the Great Recession, the Internet is becoming an ever more attractive way to generate tax revenue. California is one of these states looking to tax online sales as a way to make up for income shortfalls.

Democrats in California’s Assembly have brought forth Assembly Bill 2078, which if passed could generate an additional $100 million a year in revenue. Earlier this month the Assembly (the lower house in the state) passed the bill on an party line vote 46-28, with five abstentions. It has now moved on to the California Senate, where it has been debated and amended in committee.

Bill opponents have successfully been able to water down much of the bill within committee, however Democratic budget aides argue the Senate should approve the stronger measure. They argue that brick-and-mortar business make customers pay sales tax, thus online retailers should be compelled to do the same.

It would work a little differently, since Internet purchases would not be directly taxed. Residents of the state are already required to report their online purchases so that they are subject to a “use tax,” but few actually do.

The state does not enforce the law well, meaning it loses out on this additional money into the states coffers — only about $10 million annually is reported on state tax forms. Under the original version of this law — not the amended version coming out of the Senate tax committee — Internet retailers would be required to report sales to California residents to the state’s tax bureau, making collection much easier.

It is not clear at this time whether the bill will pass in its more stringent form. Democrats do hold majorities in both houses: the Senate has 25 Democrats, 13 Republicans, and 2 vacancies.The Assembly has 49 Democrats, 29 Republicans, 1 Independent, and 1 vacancy.

Politicians may be wary of passing new taxes in a year where anti-incumbency seems to reign. Half the Senate and the entire assembly are up for reelection, and Governor Arnold Schwarzenegger has repeatedly pushed back on attempts for more stringent use tax collection.

Opponents may have no choice however — with California in an increasingly serious budget crisis, getting tough on taxes may be the only option short of raising taxes altogether, which no politician wants to do in an election year.


Denial of Service Attack Takes Out Several Online Retailers

A denial of service (DDoS) attack Wednesday on the servers of DNS provider UltraDNS took out several major websites, including retailer Amazon, for almost an hour on Wednesday. The company provides DNS services for Amazon, Wal-Mart, Expedia, and a host of other sites, and the attack rendered these sites unreachable even though they were not attacked directly.

Of course, this attack is even more noteworthy considering it came during the waning days of the holiday shopping season, and likely put a brief kink in the shopping plans of a few last minute shoppers.

The attack occurred at around 4:45pm Pacific time, and was directed at Neustar’s servers (the owners of UltraDNS) in Palo Alto and San Jose, Calif. Neustar was able to detect it quickly and counter it somewhat, lessening the overall impact. Even so, websites served by either company became unusable for much of that hour until the attack subsided. Most sites were back to normal by 6:00pm.

Some are suggesting the attack may have been more widespread: other sites that are not serviced by UltraDNS were said to be experiencing problems as well, including the online game Second Life.

No comments

comScore: Blizzard a Boon to Online Shopping

Research firm comScore said Tuesday that the blizzard that socked the Northeastern United States with one to three feet of snow did not prevent holiday shoppers from going about their business: they just did it online instead. Retailers pulled in some $767 million in sales on December 19 and 20, up 13 percent from last year.

The full week also proved to be profitable: a one week sales record was set with shoppers spending some $6.8 billion online, up six percent from a year ago. Good news for retailers, some of which expressed concern that the timing of the snowstorm could have put a serious damper on what is traditionally the biggest shopping weekend before Christmas.

“Consumers have clearly continued to spend online later into the season this year,” comScore chairman Gian Fulgoni said. “Retailers have been very aggressive with late season promotions while informing consumers that they could still get their purchases shipped in time for Christmas, and these tactics seem to be paying off.”

What also could be helping is anecdotal evidence that retailers are not panicking like they did last year, cutting prices early which in turn cuts into profits. I’ve heard quite a few shoppers complain that the deals “just aren’t as good as last year.” Well, this year retailers have gotten a lot smarter in managing inventories, thus meaning less overstock to get rid of at the end of the season.

So here’s a question for our Northeast US readers. Did you stay in and shop online?


Food 2.0: Takeout Hits the Web

Turkey SandwichThe Web provides an excellent way to order food online, but it has been costly for a local eatery to process orders from the Web. Restaurants were luddites during the genesis of e-commerce; now, with the advent of new services, mom and pop are online.

Services including Delivery.com, GrubHub, and SeamlessWeb have made it possible for restaurants to do business without incurring the cost of doing alone. Their business models may differ slightly, but restaurants are buying in, and tens of millions of dollars worth of meals are being processed through those sites.

“Everything online has come of age, but the concept of what delivery means to life as convenience and benefit is what people now truly understand,” said Melanie Gordon-Feisman, vice president of communications for Delivery.com. Delivery.com is now located in 75 cities, connecting users to the restaurants that delivery in their area.

Continue Reading →


Researchers Demo E-Commerce Insecurity

When you see the little padlock icon in your browser, it’s supposed to indicate that the Web page you are visiting is legitimate and that your connection is secure. Today, at the Chaos Computer Club’s annual conference in Berlin, a group of researchers undermined that assumption by exposing flaws in the underlying authentication mechanism that e-commerce relies upon.

A group of researchers represented by David Molnar, a doctoral student in computer science at the University of California at Berkeley, demonstrated a proof of concept of an exploit that bypasses Secure Sockets Layer (SSL) security safeguards. Every Web browser that implement SSL can be spoofed into displaying the padlock.

In short, the researchers successfully exploited a vulnerability in the MD5 algorithm that is used to verify whether or not SSL certificates are legitimate, enabling them to forge certificates that would be accepted by Web browsers. The certificates are used to authenticate the ownership of domains.

But don’t get too worked up just yet–there is a lot of work involved. Creating a forged certificate took the team over two weeks and required the muscle of a cluster of 200 PlayStation 3 consoles. Further, a malicious user would have to trick a victim into visiting a fake version of the legitimate site that he or she meant to visit. The gory details of the exploit will not be publicly disclosed until the problem has been addressed, according to a report by News.com.

Techniques as complex as DNS poisoning to simple social engineering have proven that traffic can be rerouted to rouge Web sites. There is a potential for real mischief, but today’s browsers have facilities that go beyond SSL to detect phishing attempts. Microsoft’s phishing filter compares domains against black lists (As an aside, the Phishing Filter Web site has an expired SSL certificate).

End users are more secure than they were a few years ago, but I never underestimate the ingenuity of criminals – especially when the incentive is valuable identity and financial information. It would not be inconceivable for a group to develop a grid-enabled application to churn out false SSL certificates.

That said, the research is important work toward securing the Web, and this type of research should remain unrestricted. There is no real security in obscurity, but research should prompt action.

The MD5 algorithm is critically important for e-commerce, yet it is an early 90’s era technology that was not designed for today’s Web, just as DNS was not designed with security in mind. The experts knew the risks.

It is alarming that little was done to harden SSL even while MD5’s weaknesses were understood; papers were published and reported on in the press four years ago. OpenID authentication also relies upon MD5: This vulnerability affects more than just e-commerce.

There must be more coordination to secure the Internet going forward. The industry needs to learn from past mistakes and bake security into the design life cycle of all future Web standards.


Microsoft’s Black Friday Black Eye

cashbackIf Microsoft wants to become a serious Web competitor to Google it should stop tripping over its own feet. On Black Friday, it was offering more apologies than bargains after embarrassing technical glitches incapacitated the company’s Live Search Cashback, scuttling its initiative to gain a larger share of the search market by giving searchers discounts on products they find through Live Search.

Apparently, someone in Redmond neglected to remember that Black Friday is the biggest shopping day of the year. The Cashback site was unable to cope with the heavy volume, and some customers–ones that were able to access the site at all, that is–were left with the wrong amount of cash back credited to their accounts.

One of the biggest snafus occurred when customers that were trying to take advantage of a generous 40 percent discount on HP products received as little as 3 percent cash back posted to their account, according to News.com, which also reported that Microsoft apoligized to shoppers who encountered Cashback glitches . A spokesperson told Technologizer that customers interested in following up on their Cashback rebate should contract Microsoft Live Search support to have their accounts credited.

The company’s initiative to compensate people for using its search engine began in May. Since that time, Microsoft’s share of the search business has fallen, according to multiple surveys. That’s not to say that the Live Search Cashback program is a bad idea–Microsoft is an underdog, and it needs to be creative and scrappy.

However, it had an opportunity to benefit from word of mouth had its Black Friday promotion gone well, and its failure to execute has left it at best no better off than it would have been on any given Friday.

No comments