Posted by Andre Edelbrock on Fri, Sep 10, 2010
|
|
| Facilitated collaboration, with formally structured protocols, makes legal and ethical data sharing possible. Doing it requires a system that makes sure all the participants can benefit from one another’s transaction experiences while not passing around the data itself. |
Last week, I participated in a roundtable session on ‘data sharing’ at the Merchant Risk Council’s inaugural European e-Commerce Payments and Risk Conference in Amsterdam. It was a great opportunity to exchange insights with other industry leaders from many countries.
Data sharing is great!
Imagine if there were no restrictions on what we could share to stop fraud. Walmart and Amazon would tell each other when they caught a fraudster, what email was used, his IP location, what was attempted to be purchased, when it happened, dollar value, name, credit card number, etc. No fraudster would ever succeed at stealing more than once or twice, and we'd have good enough pattern recognition and linked data that in many cases, we'd stop them before they tried to use a compromised card, account or data the first time.
That's the real promise and power of data sharing.
But Sharing Data? Yikes!
Unfortunately, we live in the real world, and companies don't just hand each other their customer and sales data. The reality is that sharing has its limits, and it's those limits that allow so much fraud to slip through our fingers. It's the fear of what the term 'data sharing' implies that often prevents us from doing anything at all.
In our discussions with merchants, card issuers, bank, payment processors, acquirers and the like we found that 'data sharing' implies informality and lack of structure, which immediately raises concerns about privacy, security, data integrity and trust. The term also raises legal concerns about what data, if any, can be shared. This is particularly true in Europe, which has stricter controls and regulations around privacy and varies by jurisdiction. Legal authorities and governments often assume that ‘data sharing’ means that account information is simply passed around between private parties with no regard for the individual's rights.
(For more on this see discussion in FinExtra about "unauthorized access" -- which is exactly the fear that sharing conjures up, and part of the reason that the Data Protection Act exists.)
When we collaborate, we can share experiences and knowledge without sharing the data
"What", you say?! That's some fancy verbal gymnastics. But, there is much truth that if we think about data sharing and the value it can provide differently, and expand the concept to one of collaboration where independent management, structure and governance are applied, we can escape the trap that everyone thinks data sharing is a great thing in theory, but few want to subscribe to it in practice.
Ethoca prefers the term 'facilitated collaboration', with a full set of formally structured protocols to make legal and ethical data pooling possible. It’s a system that makes sure all the participants can benefit from one another’s transaction experiences while not passing around the data itself. That means things like the strictest conformance to PCI across all PII, highly secured access, the management, auditing and certification of data integrity by independent authorities, access to information and anonymized experiences not the data itself.
Ethoca has already proved that facilitated collaboration can work on a large scale. Our strict protocols build trust among the participants. The merchants, issuers and other stakeholders know the data can't be mined for marketing purposes or accessed for any purpose other than fraud/risk management. The information is hashed and encrypted so that even Ethoca security experts can’t see personally identifying information. Participants also get large benefits, being able to leverage one another’s payment and fraud experiences and stop ecommerce fraud that they’d never catch otherwise.
So is the difference between ‘sharing’ and ‘collaboration’ only a matter of semantics? No. As my colleague Darryl Green wrote recently, collaborative fraud prevention is the future – and trust is the key.
We'd love to hear about your experiences with data sharing. Why has it worked or not worked for you? What value would you get from facilitated collaboration versus data sharing? Please share your feedback in the comments below.
Posted by Keegan Johnson on Wed, Aug 25, 2010
KISS (Keep it Small, Stupid) Proves an Effective Fraud Strategy
The NY Times reported this weekend on an unusual case of credit card fraud filed by the FTC in a Chicago federal court involving more than 1 million cardholder accounts and over 100 fake merchant accounts over a period of at least 4 years. It’s a sign of how much the internet and automation have changed the fraud game, enabling massive scams by employing the KISS (Keep It Small, Stupid) Principle.
The suit claims that more than $10 million was stolen by placing just a single fraudulent charge for less than $10 on more than 1 million different credit and debit cards. Card-not-present transactions (i.e. online sales) were recorded by 16 shell companies operating under more than 100 different merchant IDs. The fake companies, set up with bogus websites and phone numbers to look real when they applied for merchant accounts, were created using stolen identities, and the money was quickly moved out of the US to bank accounts in several different east European countries.
The interesting vulnerability exposed is how easy it is to fly under the radar if you make everything plausible and seemingly random, and don’t do anything to stand out. Criminals carefully set up fake companies with familiar sounding names so that nothing would stand out on the cardholder statements. By only attacking each card once, and for a small amount, it’s a safe bet that the majority of consumers didn’t even notice. The one dumb error was posting a number of transactions for as little as 20 cents. According to the FTC, there were more complaints about the 20-cent charges than the 9 dollar ones because they appeared odd – again, it’s about plausibility.
There were incredibly few complaints of any sort though, because it took nearly a million transactions before the FTC had enough complaints registered to start an investigation. The lesson: KISS.
You can read the full stories here:
My main point for this article was to focus on a throwaway comment from Gartner analyst, Avivah Litan. She is quoted:
“If a credit card is physically swiped in the transaction, the bank that issued the card is on the hook for fraudulent charges. If it is a phone or Internet purchase — called a card-not-present transaction — the bank that hosted the merchant account that received the ill-gotten charges must make restitution.”
And the writer of the article draws the conclusion that because the acquiring bank is on the hook for the fraudulent charges, that the issuer has “little motivation to be greatly concerned about online fraud”.
Really? The acquirer is indeed stuck with many charges of between 20 cents and 9 dollars, since none of the merchant accounts were legitimate, but is there really no cost to issuers in this case?
On the contrary, our analysis shows that it costs the card issuing bank an average of $15 per transaction in labor and paper trail costs (getting consumers to file affidavits, issuing chargebacks, etc), plus fees assessed by the card scheme for each chargeback. More, in fact, than the maximum $10 charge that the acquirer had to eat.
Across more than 1 million fraudulent transactions in this single case, that’s over $15 million – not exactly chicken feed, and certainly not “little motivation” to seek a solution.
The takeaway is this: CNP fraud is a pernicious problem, and it affects, inconveniences and costs everyone involved. Merchants for sure, but also issuers and cardholders.
The $15 in overhead costs may not compare to a $500 loss taken by a merchant of electronics goods, for example, but the issuers are getting hurt on each and every fraud. Consider that if a bank the size of JPMorgan Chase could eliminate these costs, that would represent by our guesstimates a savings of $1.5 – 2.5 million annually – a savings that is pure profit to the bottom line. I’d argue that that’s plenty of motivation for any issuer, and it is an achievable target with more industry collaboration.
And, that would be good for everybody.
Posted by Paul Paetz on Thu, Jun 10, 2010
Darryl Green is Chief Governance Officer (Co-Founder) and Executive Director at Ethoca
|
Beyond legal compliance: what it takes to be worthy of trust
I can’t stand privacy law.
Not for the reasons you might think are obvious for someone in my position (i.e. we can’t do what we want with impunity). I dislike it for what it represents and what it could, and in some cases appears to, be evolving into.
The fact is, I’m very much against doing what we want with impunity. At Ethoca, we are experts at fraud detection involving card-not-present transactions. We ask our partners, members and, ultimately, consumers to trust us with something very valuable (their credit card transaction data). We have a responsibility to earn that trust every single day. The concept of respecting and securing that data has to, and does, permeate every decision we make and every action we perform. The gravity of that trust lives in every employee of Ethoca and is deeply ingrained in the culture of our organization. Replacing these obligations with a regulatory compliance regime is both inefficient and distorting.
Taking responsibility
First, some brief background so you know my personal bias: I’ve studied law and worked briefly as a lawyer before finding the joy of entrepreneurship. I have, over the years, come to the conclusion that nearly all law can be summarized as, “Don’t be a dick.”
Of course, you need a little more granularity than that. If I ever ran for public office on a platform of legal simplification, I would suggest that there be laws against dickness in the first, second and third degree, and against unintentional dickness for those who have not thought about the consequences of their actions. Any more granular than that and you start to run into problems. (I may be exaggerating to make a point, but stay with me.)
Trying to create a regulatory regime to deal with an issue replaces, “I shouldn’t be a dick” with, “do I comply with regulations.” And since it’s impossible to draft regulations that contemplate all current contingencies, let alone contingencies arising from future innovation, it leaves individuals and corporations the ability to be dicks as long as they are regulatory compliant.
In fact, they may not even think about the consequences of their actions anymore, assuming that either the regulators will have contemplated the outcomes, or the outcomes don’t matter so long as I follow the rules. This is particularly problematic where those who work in the regulated industry are more informed and less conflicted than those drafting the regulation. There are examples of that all over the recent financial crisis, but that is not the subject of this discussion.
Now, back to Ethoca and privacy regulation:
In our first drafts of how we would develop the Ethoca architecture and operate the Ethoca service, we did not call legal counsel. We knew that caring for the data we were being entrusted with meant that we would have to respect it, secure it, and provide access to it in a way that wouldn’t allow it to be abused. We knew that we would have to watch over the data to ensure its quality. We knew that we would need a mechanism for members and consumers to dispute the data in the event of a misunderstanding.
We found codes of practice that helped us to define what that meant, specifically, the AICPA Privacy Framework, now called the AICPA Generally Accepted Privacy Principles. We engaged top-tier consultants to help us develop and implement the practices befitting the responsibility we expected to take on. In short, we took our responsibility extremely seriously. This was in part driven by our internal ethics, but was also required by anyone we wanted to add as members. We held ourselves accountable, and those we were doing business with were holding us accountable. Ah, if only the world could work this way in all contexts.
Enter the lawyers
The time came to get the regulatory analyses for the jurisdictions in which we contemplated doing business. These included most significantly the US, the UK, Ireland and Canada. This cost us hundreds of thousands of dollars in legal fees. (I wish I were exaggerating here to make a point.) I’m happy to say that it didn’t result in our having to change much of anything in relation to our operation. The work we had done just trying to be responsible took us well beyond what was required simply from a regulatory compliance standpoint. In a follow-up blog post I will summarize our findings from each jurisdiction and more detailed discussion is available from us for anyone contemplating joining Ethoca’s Global Fraud Alliance.
In general though, if you know nothing more than this about privacy law, as it relates to private enterprise, you are 90 percent of the way there: People have to be given the opportunity to agree to and know how their data is being used, they have to have the ability to inquire about and correct any mistakes in the data, and those holding the data have to safeguard the data with due care.
The final word
I’ve been a little glib here. Unfortunately, regulation is required where there is an imbalance of power as there is with respect to data. Consumers tend not to band together in a cohesive group, and the ability to abuse data that a company has been entrusted with would tempt some to make use of it for purely self-serving ends. However, the regulation should be minimal to meet the objectives highlighted above. In some jurisdictions I’m starting to see regulation that seems more like empire-building-through-bureaucracy than a regime meant to serve the needs of individuals. Clearly, any regulation that would make it unworkable or uneconomical to help consumers and merchants avoid being victimized by fraud would have slipped over that line.
Darryl Green is one of the co-founders in Ethoca. He has degrees in Law, Engineering and a Masters in Business Administration from the University of Western Ontario/Ivey School of Business. He started in the internet industry in 1999 with Tucows Inc. where he participated primarily in Business and Corporate Development activities. He worked there until co-founding Ethoca in 2005. Darryl is responsible for financial and regulatory compliance for Ethoca and, as with all the founders, is active in Ethoca’s Business Development. He tends to prefer free market solutions over government regulation and is big big fan of transparency and candor.
Posted by Andre Edelbrock on Tue, Jun 08, 2010
The U.S. Federal Trade Commission estimates that six times as much revenue is lost to "fear of fraud" as to actual fraud
|
How making online shopping safer means a more profitable online environment for all
Beyond the total cost of fraud you may face today, there is an even bigger challenge: many potential customers are afraid to buy online. They don’t think it’s safe.
In fact, six times as much revenue is lost each year to fear of fraud than to actual fraud, according to the U.S. Federal Trade Commission.
That number is consistent with surveys and research by other organizations as well. VeriSign says half of Internet users avoid buying online, for fear of their financial information being stolen. And of those who have been victims of fraud:
- 12% don’t shop online any longer
- 25% shop less frequently
- 19% spend less when they do shop online
And according to figures from a CyberSource 2009 survey:
- 71% of consumers are concerned with the level of risk when shopping over the web, an increase of 5% over 2008
- 24% of consumers (the largest grouping of answers) say it is merchants’ responsibility to make online shopping safe
Making online shopping safer -- It's within your control
Trust seals can and do increase the perception of safe shopping for many. They, however, can only go so far, and with constant media attention paid to massive data security breaches such as those perpetrated against Heartland Payment Systems, TJ Maxx, Hannaford Supermarkets and many others, not to mention the myriad tales of unscrubbed and unprotected data on used hard drives, archival tapes full of social security numbers and other personally identifiable information falling off the back of trucks, consumers are rightly fearful that no matter what they or merchants do to protect their data, there are weak links in the security chain that put them at risk.
In fact, there are 3 elements to making Internet shopping not only as safe as it can be, but truly the safest form of shopping. First, merchants need to implement proper security precautions, especially PCI compliance. Second, compliance needs to be regulated and certified (and advertised by the accompanying trust marks). Finally, merchants need to ensure that in the event security is breached, that minimal harm comes to the consumer. The best way to do that is through collaboration with other merchants, as well as card issuers, fraud vendors, payment service providers - in fact, all the stakeholders in ecommerce.
The Global Fraud Alliance is that third and critical piece in making internet shopping safer. It provides a shield against misuse of breached and compromised data, by enabling merchants to gain insight into each other's payment experiences in real time, without compromising the privacy or security of their data.
Ethoca has recently made a very important contribution to safe shopping by making Ethoca360 Negative Signals freely available to any merchant that signs up for service during the introductory period. And, not just free to sign up, but free forever. Merchants need only apply and start actively using the service during the introductory period to ensure this lifetime benefit. This service is also being made available through partners such as 41st Parameter's FraudNet technology, GB Group's URU identity service, and the IMRG ISIS (Internet Shopping Is Safe) program. This network is rapidly growing to include other payment service providers and fraud merchants, and in the very near future will include many other in the U.S., Canada, U.K., and throughout Europe.
A safer online environment means a more profitable online environment
The more merchants collaborating against fraud, the safer the Internet will be, and the more customers will shop online.
Doing your part is simple, and most importantly, it will start saving you money right away, no matter what fraud tools or services you already use. That's because Ethoca360 Negative Signals is designed to be an additive service, compatible with all 3rd party offerings. This is simply smart business for members of the Global Fraud Alliance. Increasing the consumers willingness to shop online means more business for everyone.
We invite you to join.
Posted by Andre Edelbrock on Thu, Mar 25, 2010
After a whirlwind few days in Las Vegas last week at the annual MRC conference, I'm back in my office catching up and thinking about all that happened. Having had a few days to reflect, I thought I would share some of my learnings from this year's conference.
To put my thoughts in perspective, this year's conference was very significant for Ethoca. We announced perhaps our biggest news ever: that we are offering a free card-not-present fraud detection service, and have begun accepting merchant applications for participation. (The application process is simply to ensure that we are protecting the integrity of Global Fraud Alliance data, and only letting legitimate online merchants in). A subset of Ethoca360 Signals (itself a newly announced service), we are offering the Negative Signals part at no charge forever as an introductory opportunity for merchants who sign up now.
Free Forever is a Big Deal
The free service is a big deal for Ethoca, because for the first time ever, it makes large scale collaboration possible in the fight against fraud by removing the most significant barrier to participation, namely price. Now the question becomes, if you can identify potential fraud by leveraging the bad payment experiences of fellow merchants, why wouldn't you?
We decided to make the Negative Signals service free forever for merchants who join now to accelerate much broader collaboration. Our thinking is that by giving away a high value production-grade service, many more merchants, payment processors and fraud solutions providers will jump in quickly, thus boosting the value to everyone, and that our upgrade service to full Ethoca360 Signals would also grow quickly and more than pay for what we give up by making Negative Signals free.
Besides, it just feels right to make this kind of collaborative information freely available as a community service. With the strong positive reaction we got from merchants, payment service providers (PSPs), card issuers, and fraud workbench/platform providers, we're confident that this is the right move at the right time.
A Highly Succcessful Conference
Having missed last year's conference due to my sister getting married in Mexico during the same week, I was pleased to accept credit (
) from Tom Donlea for boosting registrations to this year's conference by 20% by deciding to come back. OK, so maybe my return only boosted the total increase in attendance by one, but perhaps Ethoca sponsoring Governor Tom Ridge, the first US Secretary of Homeland Security as a keynote presenter last year had a carry-over effect.
Congratulations to Tom and all the MRC staff for putting on another great conference, that continues to grow and attract increased interest year-over-year from the e-commerce merchant community.
Big Trends
So what were my major observations and conclusions from this year's conference? There were two big ones in addition to getting confirmation that our free Negative Signals service was exactly the right thing to do:
- Collaboration to fight fraud is an idea whose time has come. Online merchants have never been more ready, nor the time more right than right now for working together to make the next great strides in minimizing the Total Cost of Fraud. After baby steps in data sharing, most now realize that we can't make further significant gains without large-scale collaboration to construct a 360 degree view of customer behavior and online reputation. After four years of missionary work and building out Ethoca's infrastructure to support the Global Fraud Alliance, it's gratifying to see this recognition taking hold.
- There are many widely held misconceptions about the advantages and disadvantages of data-sharing. We heard a number of shibboleths at the Data Sharing session on the last day of the conference, which made me realize that it's time to dispel the myths once and for all. One thing that we at Ethoca often forget is that just because we solved the problems doesn't mean that everyone else knows that.
To address the second issue, my next few blog posts will specifically address the numerous misconceptions about data sharing and shed some light on why large-scale global collaboration works.
It was great to see the MRC community come together again this year. Look forward to seeing you all again in 2011.
Posted by Andre Edelbrock on Fri, Sep 04, 2009
Vacation is supposed to be a time when you finally relax and break away from the demanding pressures of work-a-day life. But with the economy down, and many worried about doing enough to keep their jobs, the increase in computing mobility means that larger than ever numbers of people are taking work with them when they head for the beach. Be honest -- you took your laptop or Blackberry with you, and if nothing else, checked for email while you were away this summer, didn't you?
So maybe you weren't working as you sipped pina coladas on the beach and surfed not on the water, but on your PC. Maybe you were "just shopping", or watching the latest viral videos on YouTube.
So guess what? Ever on top of new trends, fraudsters have spotted a big new vulnerability to capitalize on. Adding another coined phrase to our fraud glossary, Fox News reports, “vacation hacking” is a new avenue for criminals to steal from those who rely on free wifi or unsecured networks while away from the office to get their internet fix.
Beach fraud
Ok, so you aren't one of those clueless tourists walking around with a sign on your back saying "Hack Me". You're a businessperson who's been around the block a few times, you've got AV software and a firewall -- not so easily taken. Really? Have you ever logged on at the airport, trying to squeeze in just a couple more emails before departure?
So-called "white-hat" hackers recently surveyed a number of large airports, discovering what they said was an alarming amount of hacker generated connections. Hackers are now identifying these airport wifi access points as their new hotspots and enticing busy road warriors unaware that they are at risk, to sign on to a hacker’s portal, not just willingly handing over their credit card info, but also leaving their laptop at risk and their information unprotected.
Data breaches, phishing, botnets, spam, fake portals, unsecured networks -- all can be used to steal personal information for fraudulent gain. But what can you do to stop it?
Is there any escape? Is any protection good enough?
Everyone will always tell you ways to make your environment more secure, and build a better barrier to keep the bad from getting in. But that doesn't help much when the bad gets in, nor does it deal with the root of the problem. Just ask Heartland Payment Systems, who thought they had a totally secured PCI DSS compliant environment.
Only part of the problem is lack of security. Another critical part of the problem is the value of what gets stolen. We must re-double efforts to make the stolen data worth less, if not worthless. Make it harder to use. Fully thwart attempts to convert data to cash. Increase the penalties and prosecution efforts such that the perpetrator of the biggest data breach in history faces more than a couple slaps on the wrist and a cushy job as informant for the secret service.
Become more aware of what makes us vulnerable, and stop depending on technical solutions that no one understands and which often increase complacency and therefore the probability of loss.
Simple solution: address the problem at its source
The solution as I see it is two-fold:
- Educate users about risk, and what to look out for -- what makes something suspicious and why you shouldn't hand over a social security number when someone calls asking for it, for example
- Stop financial fraud at source, by getting banks, card issuers, card processors, anti-fraud vendors and the targeted merchants all working together to provide a backstop when security fails
Simple right?
Take the poll
Let us know what you think. More security? Better fraud detection? Stiffer penalties? Simplicity? Less technology? Collaboration? Smarter users? What is going to help us gain control of things?
Take our poll, and after you hit the button, you'll see a graph of the compiled results. And, if your answer isn't on the list, give us your solution in the comments below.
Aren't you glad that summer vacation is almost over and you're back to work?
Posted by Andre Edelbrock on Fri, Dec 12, 2008
WE ARE IN VIOLENT AGREEMENT!!!
The future success of security is dependent upon everyone collaborating through the sharing information about attacks and defenses. The Urban Institute’s Justice Policy Center report is bang on when they highlight the crime trend increasing as one of the fastest growing industries, and importantly how well it will continue to organize over the next five to 10 years.
Yes, ‘security managers need to do more collaborative work, sharing information about attacks and defenses’, as the report advises. There are, however, many around the world are already taking that advice by facing this harsh reality head-on, in full-force together – specifically by sharing information about attacks and defenses as the report highlights. The ones working together see it (i.e., crime) the same way the authors of the report do, in that everyone – except the criminals - stand to make the greatest gains in improving the quality and timing of intelligence and increasing the effectiveness of their jobs through the sharing of information and resources with each other.
It’s great to see continuing thought leadership and coverage on collaboration from the team at Dark Reading. We have enjoyed our conversations with them (specifically Kelly Jackson Higgins) about the efforts of the Global Fraud Fighting Community - we know our good work is of great interest to them and their readers. And now with Tim’s article and this report we have further proof that everyone already collaborating is heading in the right direction.
P.S. I must say that we hadn’t thought of the terms ‘honeypots’ and ‘honeynets’ to describe the central collection of data. We’ll throw that around the hive (aka community) to see if either ‘stick’.
Posted by Andre Edelbrock on Wed, Dec 10, 2008
Sarah Lacy raises some interesting points, however, I’d like to add one more. Retailers have been evolving their e-commerce sites in one critical area that is making it more friendly for good customers — and more difficult for the bad customers. And that area is fraud management, where behind the scenes (of all places), the 2.0 idea of social networking is being incorporated — in particular as part of the Global Fraud Fighting Community.
Retailers, airlines, gaming companies, banks, payment processors and fraud solution providers and many more, are collaborating by pooling their good and bad transaction experiences,and using that to do a better job of weeding out the bad guys and treating the good customers better. That may mean expedited service, no secondary checking, no requests for additional proof that you are who you say you area, faster order processing, and it most certainly means not telling good customers you don't want their business, so please shop somewhere else.
They (the retailers, airlines etc.) are now actually working together to solve the biggest problem of shopping online -- that no one knows who you are, and good customers and bad customers look the same to order processing software. By combining their knowledge, retailers can recognize "familiar" customers, even when they are shopping at your store for the first time. In effect, customers carry their positive track record with them, enabling online merchants to treat them accordingly.
We often forget that no matter how good a shopping site is, if the checkout experience is bad, that's the only thing a customer remembers. Making that process transparent, simple, convenient and fast is the flipside of a fraud detection service that employs social networking concepts to deliver a better overall result, as well as the lowest Total Cost of Fraud.
Posted by Andre Edelbrock on Mon, Dec 01, 2008
tekgems commented on the heels of 2checkout.com joining the Community. I know there are probably a lot of merchants wondering if there is a way to leverage other merchants’ experiences through a central database. Simple answer…there is.
Here’s the link to his post.
Watch a video of Kristin Dach, CFO of 2Checkout.com, discussing why she believes it takes a community of online merchants to work together to defeat fraud.
Click this link if you can't see the embedded video above.
Posted by Andre Edelbrock on Mon, Nov 17, 2008
The problem is that the ‘we’ is often the bad guys.
For example - criminals around the world are benefiting from being better organized and using the Internet to work together. In the UK, banking losses due to fraud soared to £301.7m in the first half of 2008 compared to £263.6m in the same period last year, according to the latest figures from UK banking association APACS. Card-not-present fraud (a category that includes e-commerce fraud as well as phone and mail order scams) rose 18% to reach £161.9m in that same period.
So with the good guys losing the battle of the organized to the bad guys, you and I as consumers and businessmen pay a price…literally as the APACS numbers show.
But all good things must come to an end. Banks and businesses have had enough. The power shift, in favor of the good guys, has begun, as in the same way the criminals have leveraged the power of organizing and the Internet, businesses and banks around the world are now working together to fight fraud head-on.
Watch the following video clip of Gilbert Fiorentino, CEO of TigerDirect, to see just how mad online retailers are getting, and what they're prepared to do about it.
Click this link if you can't see the embedded video above.
Watch what happens when hundreds organize…boom…new rules indeed.
Click here to read Seth Godin’s post on this.