Category Archives: software

Upgrade your Adwords accounts before the 22nd July – or else!

google adwordsGoogle will automatically switch all Adwords campaigns to ‘enhanced’ on 22-July-2013. If you don’t do it before then, Google will do it for you. And you can be confident they will be thinking of their interests, rather than yours. The changes are mostly bad news for those of us that sell software for desktop computers. In particular you can no longer choose not to bid for clicks on tablet devices. I would like to have more control over how I bid on different platforms, not less, so I am not happy about the changes. However your choices are either to upgrade your campaigns to ‘enhanced’ or close your Adwords account.

You can at least bid less for clicks on mobile devices. If you are selling downloadable software that doesn’t run on mobile devices, I recommend you set your bid adjustment much lower for mobile devices. My own analytics data tells me that mobile devices only have one tenth the (measurable) conversion rate of desktop/laptop computers. So I have set my mobile bid adjustment at -90% for mobile devices. Presumably you can set it to -100% if you don’t want to bid for mobile clicks at all. I don’t understand why advertisers aren’t being given the same option for tablet devices.

Note that you can’t set a mobile bid adjustment for CPA campaigns. However Google should notice the lack of downloads and sales on mobile devices and adjust the mobile bids down for you automatically.

Upgrading is pretty straight forward and should only take a few minutes. More details on the software promotions blog.

Amazon PPC Ads

The ever-expanding Amazon empire is now offering their own Pay Per Click ads.

Amazon Product Ads is an advertising programme designed to provide Amazon.co.uk customers seamless access to products available on external Web sites. As a seller, you simply upload your catalogue of products you wish to advertise and set your cost-per-click bids and budget. Amazon will then display your ads to Amazon.co.uk customers when they shop for your product or related products. Customers who are interested in buying your product can click through to your Web site and purchase the product directly from you.

amazon-ad

As with Google Adwords, you bid for clicks. Minimum bid prices depend on the category of goods you want your ad to appear in. On amazon.co.uk the categories and minimum bid prices are currently:

amazon ad prices

There doesn’t seem to be any restrictions on advertising downloadable software. So it might be worth trying if you software fits into any of the above categories and has a relatively high ticket price (given that typical conversion rates are 1% there is no point paying £0.10 per click for software that you sell for £10). For example, if your software is related to music, you could advertise it alongside musical instruments. I would consider advertising my table planner software alongside books or DVDs related to wedding or event planning. Unfortunately that isn’t an option at present.

amazon ad categories not supported

I could try advertising my software in categories such as Kitchen&Home›wedding favours. But people looking for wedding favours aren’t explicitly searching for table planners, so the click to sale conversion ratio is likely to be well under 1%. Also the minimum bid price in this category is £0.15 and I am guessing that my ads wouldn’t even show if I bid the minimum. Paying >£0.15 per click with a <1% conversion rate for software priced at £19.95 doesn’t make sense. So I haven’t signed up.

It is inevitable that the bid price will inflate over time. So, if you want to try it, now is probably a good time. Amazon.co.uk are also offering £50 in free clicks if you sign up now. You can find out more on the Amazon Product Ads FAQ.

Have you tried Amazon PPC ads? If so, do you have to bid significantly above the minimum bid prices and how do the conversion rates compare with other PPC ads (such as Adwords)?

The declining profitability of Google Adwords

Google Adwords used to be a great way to get targeted traffic cheaply (if you knew what you were doing). I think those days are well and truly over.

I have been using Google Adwords to advertise my table plan software since 2005. The following graphs show some metrics from my Adwords campaigns over that 8 years. The graphs show 12-monthly cumulative figures (e.g. each point represents the value for that month plus the preceding 11 months). Using cumulative data hides some of the noise, including the seasonal variations that are inevitable in a business related to weddings (more people buy my software when it is summer in the northern hemisphere), and makes the overall trends clearer.

Average cost per click (CPC)

Average cost per click (CPC)

Clickthroughs

Clickthroughs

Conversions (sales)

Conversions (sales)

Profit per month

Profit per month

The trends are clear and it’s not a pretty picture. Less, more expensive clicks = less profit. I can either pay more and more per click to maintain the same number of sales. Or I can continue to pay the same per click and get less and less clicks. Either way, my profit goes down. It isn’t a trend I see changing direction any time soon.

I think these long-term trends are mostly due to increasing competition. As more and more companies bid on Adwords for a finite number of clicks, it inevitably drives up the cost of clicks (simple supply and demand). It also doesn’t help that a lot of Adwords users are not actively managing their campaigns or measuring their ROI, and are consequently bidding at unprofitably high levels. Google also does its best to drive up CPC values in various ways (suggesting ridiculously high default bids, goading you to bid more to get on page 1, not showing your ad at all if you bid too low – even if no other ads appear etc).

Of course, this is just my data for one product in one small market. But the law of shitty clickthrus predicts that all advertising mediums become less and less profitable over time. So I would be surprised if it isn’t a general trend. Are your Adwords campaigns becoming less profitable? Have you found another advertising medium that works better?

Code Club – inspiring a new generation of programmers

code clubYesterday I, and fellow software developer Oliver Balmer, ran the first session of our new programming club at the school our children attend. We weren’t sure what to expect, but it went very well. The children really enjoyed it and so did we. I am just putting a few notes here in the hope that it piques the interest of other software developers.

  • Code Club is a United Kingdom based network of volunteer-led, after-school coding clubs for children aged 9-11.
  • scratchThe first 2 terms are based on the free Scratch programming language developed by MIT. This is an excellent tool for teaching children programming. Programs are constructed by snapping together colour coded blocks – there is no syntax to learn and very little typing. Within an hour all 9 children went from nothing to having created a simple example game with graphics and sound.
  • Later terms progress on to HTML/CSS and Python.
  • If you want to set up a Code Club you need to get a DBS criminal records check (previously called a CRB). We did it through STEMnet. It was free and painless. We had to attend an evening course, but this gave us some useful information about the education system and dealing with children.
  • Code Club provides all the teaching materials, including print-out worksheets for each session.
  • There must be a qualified teacher in the room at all times with the volunteers, so you need to get buy-in from the school staff.
  • The process we went through was:
    • Registered with the Code Club website
    • Discussed it with the school
    • Wrote a proposal to the Headmaster
    • Got our criminal record checks
    • Went into the school and did a presentation to recruit interested children
    • Ran a competition for any children who wanted to join
    • Liased with the school IT co-ordinator to get Scatch on the school PCs.
  • The school has been very supportive and helpful throughout.
  • The proposal isn’t required by Code Club, but we thought it was a good idea to make sure everyone understood exactly what we wanted to do. One of the school governors (who is also a Deputy Headmaster at another school) helped us to write it. It was only a couple of pages long.
  • We showed a 3 minute video about Scratch in the presentation to the children. That had a much bigger impact than 2 middle aged programmers talking about how cool programming is. When we asked how many kids wanted to join, about 40 hands out of 60 shot up!
  • We took care to emphasize that programming isn’t just for boys.
  • We required any child who wanted to join our club to enter a competition to design their own computer game (on paper). This allowed us to restrict the intake to a manageable number, if too many wanted to join. Also it created an entry barrier to the less interested ones. We don’t want to act as a free baby sitting service for children who aren’t really interested. In the event we got 10 competition entries and we accepted them all.
  • 9 out of the 10 children turned up for the first session (6 boys and 3 girls).
  • We created a certificate for the best competition entry and handed that out at the first session.
  • Our club sessions are an hour and 15 minutes. We added the extra 15 minutes to allow some time to get everyone settled. The children were very engaged and had no problems concentrating for that long.
  • There is no fee to attend our Code Club sessions (unlike many of the other after school clubs).
  • You need to run the club at a time that suits the school/children. This isn’t a problem for me as I have my own business and can set my own work hours. If you are employed 9-5, you may have to negotiate with your employer.
  • Our school’s IT suite is well set up, with a projector and enough PCs for each child to have their own. This makes life easier.
  • It was slightly chaotic, but fun!
  • You may be able to join an existing Code Club rather than having to start a new one. Check the Code Club website for existing clubs.

I went to a secondary school a few months back and talked to some 80 teenagers about what it was like to be a software engineer. When I asked how many of them had done any programming at all, only one of them had. One! We are teaching a generation how to use Excel, Powerpoint and Facebook, but not how to create their own software. What a wasted opportunity. Of course, we don’t need or want everyone to be programmers. But I think it is such an important skill that every child should at least have an opportunity to try it. I believe Code Club can go a long way towards filling this gap. Currently over 700 schools in the UK have Code Clubs.

To find out more go to the  Code Club website at:

http://www.codeclub.org.uk/

I believe there are similar initiatives to Code Club in other countries, but I don’t know anything about them. Please comment below if you do.

This blog’s sixth anniversary

diverI published my first blog post 6 years ago today. I didn’t even notice the fifth anniversary of this blog, so I am going to indulge myself today instead. 277 posts, 3459 (non-spam) comments and over 1.6 million page impressions and I am still here, posting sporadically as time and inspiration allows. Maybe I will still be writing in another 6 years. Maybe not.

Here are some of my favourite posts from the last 6 years, in no particular order:

It would be nice to break 2 million impressions. I calculate that this will take approximately another year at the current rate of progress.

I have lots of ideas for new posts. But if there is any subject you, dear reader, would particularly like me to write about – add a comment below. I don’t promise that I will write about it, but I will certainly consider it.

Ephemeral

stonemasonMy grandfather worked most of his life as a stonemason. Much of that time was spent restoring the ruin of a Bishop’s palace in Sherborne. His work is still visible long after his death. The work of the stonemasons who built the palace is still visible after more than 8 centuries. How long after you stop programming is any of your work going to last? If it is a desktop app, I doubt anyone will have a working computer with an OS that can run it in 20 years. If it is a web app, it dies the day the hosting bill no longer gets paid. What are you going to show your grandchildren – some screenshots or faded printouts?

Everything is ephemeral over a long enough timescale. In the long run, we are all dead, as John Maynard Keynes famously pointed out. But it is slightly depressing how short the timescale is for software. It lives fast, but it also dies fast. Our work is more like that of an ice sculptor than that of a stonemason. I guess all we can hope for is that the software we spend so much of our life crafting brings us some fulfilment and improves the lives of our customers during its brief lifetime.

The brutal truth about marketing your software product

badwaterWe tend to hear a lot about software industry success stories. But most of us mere mortals have to fail a few times before we learn enough to succeed. In this guest post William Echlin talks about the hard lessons he has learned about creating and selling software products.

Probably, like you, I started developing my own software application a few years back. I had this dream of working for myself and becoming financially independent. The money side was a nice goal to have but ultimately I was looking for the fulfilment of working for myself. Sound familiar? Well, if it does, you may have learnt many of the lessons I’ve learnt. I don’t mind admitting now that I got carried away. I got carried away with building a test management application to the extent that I forget about many of the key things you need in place to build a successful business.

After a few years work I’d created the leading open source test management application (a product called QaTraq that’s still available on Source Forge but a little dormant). It had cost me time, money and effort. I’d achieved some success with building and marketing a free product. Next stop taking it commercial. This is where it gets brutal.

About a year into leaving a full time job I’m taking the last £1,000 out of the joint bank account. I’m making some sales but it’s damn tough. A few months later and I’m in the supermarket £15,000 in debt wondering if my credit card is about to be rejected for the families weekly shop. You read about this sort of thing in biographies on successful entrepreneurs. These guys take it to the limit and then succeed and make millions. Sounds so glamorous. When your wife, 3 year old son and 1 year old daughter depend on that credit card being accepted believe me it’s NOT glamorous.

Building a business has always been about balancing design, development, sales, marketing, support, testing, etc. When you’re a one man band that’s not easy. You try to do everything. You’re bloody brilliant at building the product. The trouble is, once you want to make a living out of it, that “building” is almost the least important bit. After I’d spent 5 years building my product I stumbled upon one very useful piece of advice. It was a little late for me but maybe it’ll help you….

“Learn how to market and sell before you build your product. Learn these crafts by picking a product that’s already been built and act as a reseller”.

That’s worth reading again (it’s counter intuitive). What’s being said here is that if you can’t market and sell a product (ANY product) then the odds of succeeding with your own product are slim. If you can’t “market and sell” what on earth is the point in wasting all that time, effort and money building your own product? If you’re never going to be able to market it, and sell it, why build it?

So find a product in a slightly different sector and sign up as a reseller. Save yourself the time and effort of building a product and practice marketing and sales with someone else’s product first. Create a web site, develop an ad words campaign and start promoting with social media. Sell the product! If you can’t get the hang of this why bother building your own? If you can get the hang of building your own marketing machine it won’t be wasted effort. If you’re clever and pick the right product / sector you just need to switch the product on your site a year or so down the road. Once you’ve built the marketing and sales engine switch it to sell the product you’re building.

I’m not saying that this is the only way to go about it. I’m just saying that if you don’t have the determination to learn, understand and be successful with marketing and sales early on, then it’s unlikely you’ll succeed with your own product. So why waste time building it. It’s a tough lesson to learn. One I learnt the hard way.

And the specific lessons I learnt the hard way? Well I’d do these things first if I was ever to do this again:

1. Create at least one lead generation channel as an affiliate for another product. That lead generation channel will probably be a web site and as part of that you’ll need to master things like:

  • Google Adwords
  • Social media
  • Email marketing
  • Blogging
  • Link building

All these things take a lot of time. Do you have the determination to learn and execute on all of this?

2. Spend some time in a sales related role. Initially I was working in a full time job whilst building my own product in my spare time. The best thing I did was offer to help the sales team with product demos. I learnt lots from working closely with sales people (I didn’t like them very much, but that’s a different matter) and clients. If you can’t do product demos to clients, or you can’t talk to clients confidently then you don’t stand a chance of selling anything. People buy from people and a product demo is THE place to show case YOU (and the product)

3. Spend time learning about re-marketing. A lot of money goes into getting that initial lead. Don’t waste it! Understand Google’s re-marketing campaigns. These allow you to follow the people that came to your site and continue serving them banner ads on other sites. Understand email marketing once you’ve captured an email address. Yes I hate most of this when I’m on the receiving end. The reality is that it works though. That’s why companies do it (and why Google make so much money). I’ll tell you now that your business won’t survive if you don’t master some of these techniques. And if your business doesn’t survive then every ounce of effort you’ve put into building that application is wasted!

4. Spend time learning about cross selling. A significant amount of revenue can come from cross selling other products. When was the last time you went to a restaurant and they didn’t try to sell you a bread roll? When was the last time you flew somewhere and they didn’t try to sell you priority boarding? For you this might be in the guise of selling your leads to other companies that have complementary products. It might be providing different editions of your application. There are many other ways to add additional revenue streams to your prime product sale. These streams are absolutely critical to the success of your business.

5. Don’t try to become a sales person. You don’t have to be a sales man/woman to sell. Some of the best sales people I’ve worked with are those that just go out of their way to HELP the customer. They understand their niche inside out and have the gift, not to sell, but to HELP. People that are looking to buy something want help. They want an itch scratched or a problem solved. If you can help them with a solution then you’re most of the way towards making the sale. Forget all this rubbish about psychology and techniques to influence people. The best thing you can do is enter the mind set of helping! Go out of your way to help.

I don’t have all of this right by any stretch. I know one thing though. Products don’t sell themselves. And if you’re not prepared to start learning about sales and marketing you won’t sell your product.

It was all a bit ironic for me though. I spent years building my own test management product to help software testers. It even started out as the leading open source solution in it’s market for many years. I mastered SEO and created a great lead generation process (the oxygen of any business). I created a version which I put a price on and sold to companies. I even sold to a number of significant companies. But I just couldn’t do all of it. I couldn’t balance the design, development, testing, marketing, sales, support, etc. It’s brutally painful when this dawns on you.

In the end what I’d really mastered was lead generation. I ended up with a web site that attracted my target audience but failed to sell much. When you realise that, you realise that it’s the product. Nothing wrong with the marketing and sales. It’s the product. There were better products out there. Kind of tough to swallow but as soon as I did, I moved on. These leads, or rather people (because leads are actually real people), were looking for help. I just needed to provide them with the right product and services. So I started reselling other products and providing consultancy around those products on my test management website.

In the end I had one of the toughest bits right. If you get the lead generation right you’ve built a marketing foundation that you can build any type of business around. For me I just wished I figured the marketing piece out before I’d built my product. Now I just work on my marketing. Oh, and I help companies with their software testing and test management. For me at least, it’s much easier this way.

William Echlin has spent 20 years in testing, working on everything from air traffic control systems to anti-virus engines. He had a bad experience in his early childhood trying to effectively manage test cases with vi (he’s still a huge fan of vi but recognises that text files make a lousy repository for test cases). In an attempt to deal with these childhood demons he became a consultant on all things related to test management.

The 1% fallacy

Here is how to make a fortune writing software:

  1. Pick a large and established software market e.g. back-up, anti-virus or customer relationship management (CRM) software.
  2. Write a new product for that market.
  3. Get 1% of the market.
  4. Retire to your own island.

These markets are massive. The CRM market alone is estimated at around $18 billion per year. 1% of that is $180 million. How hard can it be to get one measly percent of a market? Ka-ching!

Except of course, it doesn’t work, unless you have massive amounts of funding or a brilliant idea that can completely disrupt the existing the market. Even then, you probably still need a fair amount of luck.

The competition in a large market, such as CRM software, is very tough. The top  companies have huge budgets and armies of developers and marketing people. Your chance of getting on the first few pages of Google results for a search term such as “CRM software” are as near to zero as makes no difference. And there are all sorts of network effects working in the favour of the established companies. For example, the biggest vendors will have an ecosystem of consultants, resellers, training courses, books, user forums and third party products that no new product can hope to match.

Then there are power laws which mean that you have to rank surprisingly high to get 1% of a market. The most famous power law is the Pareto 80/20 distribution. This is named after Italian economist Vilfredo Pareto, who observed that 80% of the land in Italy was owned by 20% of the population. Pareto distributions appear in all sorts of places. I have looked at various data for my own product and I have found the 80/20 distribution appears in my own data.  For example:

  • 77% of searches result from 20% of search phrases
  • 75% of sales come from 20% of email domains

If I could be bothered to crunch the numbers I expect I would find that  approximately 80% of support emails come from 20% of my customers and 80% of hits are on 20% of web pages. There is evidence that companies sizes are also distributed according to a Pareto type power law. Assuming a Pareto-type distribution, we can calculate what percentage of the market each company has according to their ranking using Zipf’s law :

Number of companies 1% rank
100 19
1,000 13
10,000 10
100,000 8

This table shows the rank you need in a market of given size to get 1% of the revenue of that market. For example, if there are a 1,000 companies in your market, you need to be ranked 13th to get 1% of the total sales.

How many companies are selling CRM solutions? I have no idea. Even in my little niche of seating plan software I have at least 10 direct competitors and well over 100 competitors with substantially overlapping functionality. I dread to think how many CRM products there are. At least a thousand I would have thought. What are your chances of coming from nothing to being the 13th biggest selling CRM solution? Also the conversion rates of customer visits to sales are typically around 1%. That means if you want to sell to 1% of a market and your main sales channel is your website, you need to get pretty much everyone in that market to at least visit your website. Good luck with that. Your best chance of getting a chunk of a big market is to create that market and grow with the market. But creating new markets is notoriously expensive and risky.

If you are a small software company, you have got a much better chance of getting a decent sized chunk of a small market, than 1% of a huge market. As a general rule of thumb, I would say pick a market for which you have got a decent chance of getting in the top ten Google results for important search terms (power laws again). You can even do this by going after a small segment of a big market. e.g. a CRM solution aimed at companies that trade on EBay. Or perhaps a CRM solution aimed at companies that trade on EBay in the Spanish-speaking market. You can always broaden your focus if you are successful in a small market.

Whatever you do, don’t stand in front of investors and pitch them the 1% fallacy. It makes you look an idiot. I should know, because I’ve done it.

How I increased sales 50% by adding extra price points

tinsHow much should you charge a customer for a product? From a pure economics point of view – as much as the customer is willing to pay. The airlines are masters of this. The people on a typical commercial flight pay a wide range of prices depending on factors such as: which class they are travelling, whether they are returning before the weekend and how far ahead they booked. The smug businessman in first class (who booked a week before and is returning the same day) might be paying more than 10 times as much for a seat as a someone in economy (who is going on holiday for 2 weeks and booked 6 months in advance). The businessman probably isn’t spending his own money, so he doesn’t care that much what the price is. Does the business traveller cost the airline 10 times as much? Of course not. The airline is simply maximizing its profits by charging more for the people who are prepared to pay more.

Supermarkets also use multiple price points by offering value, standard and gourmet versions of common products. The gourmet version has pictures of smiling farmers and tells you how it was lovingly hand-picked from a sun drenched hillside in an exotic country. The value version looks like UN emergency rations. The supermarket hopes the less price sensitive customers will buy the gourmet version, but they still want something they can sell to the more price sensitive customers. Is there much difference between the 3 products part from the packaging? Probably not.

When you start to look around you can see there are lots of different strategies businesses use to charge according to how much the customer is prepared to pay. Does a hardback book cost significantly more to produce than a softback book? No. But if you really want to read the book you will pay the extra for the hardback, rather than wait 6 months for the paperback. The gaming industry doesn’t even bother to change the product. Hardcore gaming fans will pay £40 for  a new blockbuster game. A year later you can get the same game (probably with bug fixes and add-ons) for £15. Two years after that it will be in the bargain bin for £5. Discount coupons are another common method you can use to charge price sensitive customers less.

I decided to try multiple price points for my table planner software. The graph below shows the 12 monthly cumulative sales[1] of my product for a year before and a year after moving from 1 to 3 price points. The red arrow points to the month I made the change. The revenue for the 12 months after the change were almost exactly 50% higher than the 12 months before.

multiple-price-points

Before September 2009 there was only 1 edition of PerfectTablePlan and it cost £19.95. Initially PerfectTablePlan was aimed at people planning their own wedding, bar mitzvah, Quinceañera etc. Typically they would only use the software once, so £19.95 was a sensible price. But as the product matured and improved it was increasingly being used by professional planners. It seemed crazy to be charging professional planners such a low price for software they might be using every week. So I decided to add additional price points at £49.95 and £199.95. The higher price points having additional features aimed at frequent and professional users.

I choose 3 price points because this seems a natural fit for the different types of people using my software (one-off users, frequent users on a budget and professional users spending someone else’s money). This turned out to be a big win for me. Not only did my average order value shoot up, suddenly I had more credibility with professional event planners, who might not have taken a £19.95 product seriously, no matter how good it was. Price is a signal of quality, after all.

Having 3 editions of the product with different feature sets also allows me to offer an increasingly sophisticated product to ‘power’ users without overwhelming more ‘casual’ users. This is a big bonus for all my customers and it reduces my support burden considerably.

There are various ways I could have set the price points. For example I could have set the price points based on the maximum number of guests at an event or on the duration of a licence. Charging according to the number of features seemed to fit best with my market and existing licensing.

I thought carefully about how to introduce the extra price points part way through the life of the product so as not to confuse or alienate existing users. I decided it would be too complicated to add the new price points at the same time as doing a major (paid) upgrade from v4 to v5. Instead I released the new editions at the same time as the v4.1 upgrade. I announced ahead of time that v4 would become v4 Home edition and that 2 new products were being released: v4 Advanced edition and v4 Professional edition. I was careful to ensure that I added plenty of new features and didn’t remove any existing features between v4.0 and v4.1 Home edition, so users who didn’t want to upgrade didn’t feel cheated. They were few complaints. I encouraged existing customers to pay the difference to upgrade edition and many did.

All 3 editions of the product are contained in a single executable and customers can switch between the editions dynamically at runtime. This was more work initially than using #defines to create 3 separate executables, but I think it was worth it as it allows the customer to easily trial or upgrade to a different edition without reinstalling or re-starting PerfectTablePlan.

A lot of software products have 2 or 3 editions, with the most expensive edition costing 1.5 or 2 times the cheapest edition. This seems far too narrow a range to me. I’m confident that a professional event planner can get at least 10 times the value from the product compared to someone planning their own (hopefully) once-in-a-lifetime wedding event. So I decided to go for a 10:1 difference between the cheapest and most expensive edition. If the airlines can do it, why can’t I? In retrospect I think this was a good call.

Having multiple price points is not without its downsides. It makes the sale more complex and it is an extra decisions for the customers to make. People are demotivated by having too many choices and I think having multiple price points has reduced my visit:sale conversion rate slightly. So don’t add too many price points. 3 is probably plenty in most cases (the supermarkets should know). But the slight drop in conversion rate has been made up many times over in a significant increase in average value per order. Also I should point out that the increase in sales wasn’t ‘free money’. I had to do a lot of work to add the extra features to sufficiently differentiate the 3 editions of the software, overhaul the licensing, tweak the website etc. But it was definitely worth the effort for the increase in sales. I think it also been beneficial to my customers as they now have a choice of which edition of the product best fits their budget and requirements.

[1] Each point is the total sales for that month and the previous 11 months.

DarkMarket

darkmarketThis book is an interesting and disturbing glimpse into the world of cyber-crime, particularly online credit card fraud (‘carding’). It also touches on related areas, such as cyber-warfare. It is written by a journalist, so don’t expect much in the way of technical details. But, if you can get past the tacky cover artwork and dubious sub-title (‘how hackers became the new Mafia’), it is a fascinating read.

The story mainly centres around the eponymous ‘DarkMarket’, a forum in which cyber-criminals conducted their murky business. For example buying and selling stolen credit card numbers. The story of DarkMarket is known in some detail, as it was infiltrated by various government agencies and some of its key players brought to trial.

There are lots of different characters mentioned in the book, many of whom have non-English names and online aliases. This makes the story quite hard to follow. Perhaps that is inevitable given that it is a story about deception and duplicity involving many people. Nevertheless, it still provides lots of interesting insights into this dark underbelly of the Net.

Online fraud is a cooperative effort. For example, some people specialize in stealing credit card numbers, others in selling credit card skimming devices and still others in employing armies of ‘mules’ to make withdrawals from ATMs (the riskiest part of the operation). But criminals are hardly likely to trust other criminals they have never met. Especially given that some criminals (‘rippers’) specialize in ripping-off other criminals. This is where forums such as DarkMarket come in. They act as a trusted third party, providing escrow and other services to cyber-criminals. The backgrounds and motivations of the cyber-criminals seems to vary considerably. Some start off as curious hackers withot any criminal intent, but turn to the ‘dark side’, often in small increments. Often such people seem to be motivated by status and reputation more than money. Others are simply in it for the easy money.

There are many ways in which your credit card details can be stolen. For example, you hand your card to a petrol station employee. The employee quickly swipes your card through a hidden credit card skimmer before swiping it through the legitimate device (they might pretend they have dropped something behind the counter to disguise this). A small camera hidden in the ceiling records you typing your pin. The criminal has a copy of your credit card and your pin number. These can now be sold on, perhaps through a forum such as DarkMarket, to other criminals who specialize in extracting the money. They will then clone your card and instruct their ‘mules’ to extract the money from an ATM and pay it into another account, keeping a percentage for their trouble. Some of the ‘work from home’ and ‘I made £2000 in a week’ ads you see in spam emails and attached to lampposts may be from cyber-criminals trying to recruit ‘mules’ for this purpose. Sometimes the criminals will withdraw small amounts over a long period as this is less likely to be noticed than one big withdrawal.

Cyber-crime is difficult to prosecute. It is hard to establish the real identity of the criminals and the they are often based in a different legal jurisdiction to the victim. The security services have infiltrated many cyber-criminal forums. The DarkMarket server was eventually being run by an under-cover FBI agent. However even security services from the same country (e.g. the FBI and Secret Service in the US) don’t seem to be able to play nicely together and end up investigating each others agents and informants and generally tripping over each other. The author believes that the Russian security services has infiltrated many of the Russian-speaking cyber-crime forums, but have no interest in shutting them down as long as they are careful never to steal from other Russians. The banks also aren’t keen to cooperate in investigations. You and I are ultimately paying for the fraud through our credit card fees. As long as the banks are making lots of money they don’t want to upset the apple cart by revealing the scale of the fraud. It might affect their bonuses.

So don’t expect cyber-crime to go away any time soon. But do stay away from dodgy websites, keep your credit card in sight at all times, cover the keypad with one hand while you type in your PIN with the other and check your statements!

DarkMarket on amazon.com (affiliate link)

DarkMarket on amazon.co.uk (affiliate link)