A couple of months ago, I got the chance to experiment with my first Facebook ad campaign. I previously created a campaign with Google Ads, for academic purposes. My goal back there was to get more than a hundred responses to a survey from women in four Central American countries. Less successful as it was (barely 20 people completed the survey), it gave me the little background I had with these campaigns. The Facebook campaign was a nice experience. Here are some stats:



Campaign Reach: How many people effectively had the ad displayed in the page (not necessarily saw it). Initial reach is given by the demographics you choose to target your ad, and final reach if affected by how high your bid on the Cost Per Click (CPC) was.
Frequency: Average number of times the ad is seen by a single user. So this would make 932,715 impressions.
Social Reach: This is a special one for the social network. You get the number of times the ad was shown on the page with one or more friends' names who also liked it. If your friends like it, why shouldn't you, too?
Connections: People who liked the page, or interacted in some other way (Events, Applications, etc.).
CTR: Basically the same Click-Through Rate of other Internet ad campaigns. This is 914 / 932,715. In this case, it is a very low rate. A higher bid on the CPC might have given better results. It's a shame one cannot configure psychographic information in the campaign, as Facebook could have a lot of these tendencies in their profiles database. This could have made the difference.

Of all the interactions gained so far, there have been one or two customers that really engaged in business with the company. As for the impact on revenues, I can say everything went well: The cost of the campaign ($100) was covered by a single customer, and his continuous business.

And now comes the loyalty strategy: How to make this customer give his word-of-mouth in the page (additional to the literal word-of-mouth)? This is for another professional service, and another post.

Quis custodiet ipsos custodes?

Defensoría del Consumidor is the institution that protects consumer rights in commercial transactions. One is able to file a complaint via telephone or by using an online form. The latter will ask for previous registration. It's free! However, it's neither easy nor secure.

As you can see, the online form is composed of various sections. Each one is reachable at any time while filling the form. Some validations are imposed whenever trying to navigate away from some pages.




While it's pretty obvious that an ASP.NET session is being handled (hint: a Sesame Street character crave for these ;-) ), the design during this navigation is flawed. Parameters are passed through simple HTML. I actually typed "meinpassword" as my chosen password in two password-type text fields.




As a user, this imposes a risk if you're in a public computer or network. Your password travels along the network via HTTP (no "S" here, sorry), and it will be saved in the browser's history. The user is never warned of such risk. So, who could prevent identity theft? Is there a public institution that audits these services?

We need protection from the protectors.

Still Here!

Hello, everybody!

It's been a while now. Not too much time for updating. My latest entry will be shown immediately after this one.

Data Leakage from Voting Sites

OK, so I finally got some minutes to publish this "finding".

Some of you may know that on January 18th, 2009, El Salvador had elections for mayors in all districts, and for parliament representatives. Aside from other questionable aspects of operations (personal IDs not being exhaustively checked for falsification, and others), one thing caught my attention: how easy it was to "steal" citizen information from boards near voting booths, where one was supposed to look for one's ID and photo.

I actually took some pictures of some boards with my cell phone. I was expecting to be asked to hand them over, but this was not the case. I just walked away. Here are a couple of photos (the phone camera is actually 2.0 MP, and it doesn't have any image stabilization technology, so no need to defocus or alter them to make data illegible).

 


Government entities that handle this kind of information, should be more cautious about it. Information security does not necessarily refer to IT controls and countermeasures; it really means information governance, as the valuable asset it is. Extortion cases and identity theft are common in some cities in the country, so it should make perfect sense to protect pictures and IDs.

With just a few hours from the beginning of elections, the Tribunal Supremo Electoral website is down. Many citizens who waited for the last minute to check their designated voting booth, will have to recur to other means of knowing where to go tomorrow.



This is just to show how important stress tests are when putting Web services online. Hopefully, this post won't affect any voter's decision for tomorrow.

Internet Transactions... Voidable?

I read today's newspaper. On page 41, there is a paid advertisement for new changes to the Consumer Protection Law (CPL). One of these changes addresses contracts that are established electronically: as long as the transaction occurs with both parts at a considerable distance from each other, a contract could be void within 8 days, at the consumer's will. These includes transactions made over the Internet!

So, how would this affect E-Commerce? Well, it could really boost trust in trade relationships over the Web. For most Web companies, such terms are well-known and accepted, but it's not always the case here. Asides from challenges such as Internet users representing less than 10% of the total population, lack of education in Web technologies, etc., one the current E-Commerce obstacles in the country is the distrust in electronic transactions. Users fear their credit cards will be charged, and no product/service will be delivered. They are also concerned about credit card fraud. Protection from banks and financial institutions could prove enough for most users... Although a first hand, Web company assurance is common for services such as Ebay, and really gives peace of mind to customers.

For companies, it could pose a chance to become more competitive locally, and prepare them for more outside competition. It is very uncommon to see Terms of Service, Service Level Agreements, sufficient and publicly-available policies (return, shipping, etc.) in local stores, and it's even more rare to see them in E-Commerce Web sites. Organizations will move from a product-centered perspective, to a more customer-centered philosophy. Besides, they wouldn't want people ending contracts in a disgusted manner, hurting their relationship with the company.

More to come on changes to the CPL, hopefully from the primary source: the CDC.

Service Level Agreements for the Final User

We recently hired a broadband Internet service from Turbonett. Like most companies here, they hand out a contract which is more liability-oriented, and they force its validity for a year or more, with excessive penalties for the customer if he/she should finish the contract before the specified period. There's a huge flaw in the whole business, nevertheless: there are no service level agreements (SLA).

SLAs for an ISP would include guaranteed uptime, penalties for downtimes that exceed such uptime, technical support levels like response and resolution times, information privacy, penalties for service misuse, etc. It is common sense to even include a contract invalidation statement in the aforementioned document. As with most companies here in El Salvador, this is not the case.

The Turbonett ADSL broadband Internet service contract, includes a statement that implies that the contract could be terminated if a "low quality" has been observed in service delivery. This would be fine if it wasn't so general. At the end (according to the sales representative that handed us the contract), the company would analyze any complaint the customer has regarding service, and, if such is desired, would terminate the contract. With such poor specification of "quality", it just doesn't make sense that liabilities of the service provider are at the sole discretion of it. Service could be poor, but the company wouldn't just want to lose to the customer and damage its position in the market.

We have been with one of the competitors for more than seven years. They didn't specified any SLAs, either, and I bet we could have forced a termination of one-year contracts by solely basing on the quality of the service delivered. In the first year, we experienced lots of downtimes and bandwidth problems.

Mobile and telecommunications companies alike don't usually have SLAs for the non-corporate customer, in any of their services (fixed phone lines, mobile phone lines, VoIP, hosting, etc.). We really need a change of such imposing, one-sided contracts, where the customer is hand-tied and with no options after signing. We are just tired of such bad treatment.