Ecommerce, Website & Web Applications developers

Two in a row: CSBS scoops a second local business award for best website

Escrivo Internet Consulting — Fri, 04 Nov 2011 12:47:31 GMT

The Falkirk Herald Business Awards, sponsored by the Royal Bank of Scotland, recognise exceptional business performance and reward success, and we are delighted that our clients, Central Scotland Ballet School have won the Award for Best Website/Ecommerce for a second year in a row in this prestigious competition.

The school's success follows their win in the same category at last year's awards. This year, the judges identified with a number of key aspects of the school's use of the internet, including the use of online video to beat the bad weather, the successful introduction of an online shop to improve overall levels of service, and a high levels of engagement in social media channels in support of a variety of strategic and operational priorities.

Congratulations are particularly due to Amanda-Louise Clark who manages the CSBS website and all their online activity.

The black-tie awards ceremony was hosted by TV and radio personality Kaye Adams, and guests included businesses from all sectors. CSBS was represented by Director Amanda-Louise Clark, and Cameron Leask, Managing Director of Escrivo Internet Consulting.

Amanda said, "We're really pleased that the hard work we put in to maintaining and developing our website has been recognised by the Falkirk Herald Business Awards again. The business has developed substantially because of our website and the levels of customer engagement that we've been able to achieve with Social Media."

Cameron said, "The school really makes use of the website and online shop to promote and support their business, and it's excellent to see how they've complemented this by creating a really powerful and valuable social media presence. We're very proud to be associated with their success and I'm thrilled that the school's use of the internet has been rewarded for the second year in a row."

Central Scotland Ballet School is one of Scotland's largest part-time dance schools, based in Falkirk. Escrivo originally built the CSBS website in August 2009 and has mentored the CSBS team since. We built their online shop earlier this year and continue to support their online activity.

SSL Certificates

Escrivo Internet Consulting — Wed, 28 Sep 2011 09:51:00 GMT

Secure communications for sensitive data is a vital requirement for almost every web-based application on the internet, and critical for ecommerce applications. SSL certificates provide the basis for secure websites.

We offer a range of SSL certificates from the largest certifying authorities, including Verisign, Thawte, GeoTrust and others.

SSL certificates vary substantially and can be supplied for use in a broad range of applications:

Securing intranets and internal servers
Securing content sites (e.g. for purposes of hosting Facebook Tabs in advance of Facebook's October 1st deadline)
Securing logins for extranets and portals
EV (extended validation) SSL and "SuperCerts" for maximum encryption strength for eCommerce
"Wildcard" SSL for securing multiple subdomains with a single certificate
Code Signing certificates

We can also supply the Verisign Trust Seal trust mark, which can be used with our without SSL, and helps visitors trust that your identity has been confirmed and that your site is free from malware - giving them the confidence to click.

Recovering lost domains

Escrivo Internet Consulting — Tue, 27 Sep 2011 12:19:15 GMT

If an important domain has expired - don't panic, we can still help!

It happens from time to time! Domains do sometimes accidentally expire:

Perhaps it was set to auto-renew on your old credit card, which had expired by the time the renewal was due
Perhaps the renewal reminders were being sent to the email address of an ex-employee - and bouncing as a result
Perhaps the domain was registered by an ex-employee in their own name and they've decided they didn't need the domain any more.
Or most commonly... maybe the renewal was simply forgotten.

If the worst has happened and one of your domains has expired (or is about to expire), we can still help - get in touch with us as early as possible. The longer you leave it, the more difficult it becomes to recover the domain. But there are grace periods which you can (and should) take advantage of, and we can help you use these to get your domain back.

We have a strong record of successful recoveries for expired domains (although, please note, there is no guarantee of success).

Domain forwarding

Escrivo Internet Consulting — Tue, 27 Sep 2011 12:18:00 GMT

When you have more than one domain registration, it's important to ensure that all your domains are ready to bring traffic to your website. This is important regardless of whether your portfolio is small (when every visitor counts) or large (when you need to fully utilise your intellectual property investments).

In addtion to your primary domains - the ones you publicise for your website and email addresses for example - you may have many other domains in your portfolio. Common reasons for these "secondary" domains include:

misspellings and hyphenated/non-hyphenated versions of your primary domain (preventing the nuisance of cybersquatting and addressing the security risks of typosquatting)
the same name registered in multiple TLDs (e.g. .co.uk, .com, .net etc)
multiple brands or trading names
defensive registrations associated with trademarks registered in multiple countries (e.g. .de, .nl etc)
protective or blocking registrations (e.g. .xxx)

Best Practice suggests that almost all cases, your secondary domains should be forwarded to one of your websites (or indeed to a specific landing page) to ensure that you maximise your website traffic - visitors who mis-spell your domain or use the wrong TLD should be sent to a relevant page, instead of seeing an error message.

There are a number of ways of implementing web forwarding for your domains - but doing it incorrectly can have a very negative impact - on search rankings or user experience, for example.

For mail forwarding on secondary domains, you need to decide whether it's better to deliver a hard bounce ("this email address does not exist") or to have the email forward to a specific address.

We provide forwarding for web and email traffic to ensure that your domains continue to work for you without any negative impact. We can also incorporate your preferred analytics solution (e.g. Google Analytics) so that you can measure the website traffic that arrives via your wider domain portfolio.

Transfers, acquisitions & disposals

Escrivo Internet Consulting — Tue, 27 Sep 2011 12:13:00 GMT

Our domain registration transfers process allows us to ensure a controlled transfer of your domain.

The transfer process

Where we are the gaining registrar (i.e. domains transferring to us):

We manage the transfer request and approval processes
We monitor the transfer throughout the transfer period (typically anywhere from 24hrs to 7 days)
On receipt, we audit registrant details to ensure consistency - an important part of maintaining effective control of your domains.

There is no requirement for downtime or disruption to services - our planning process allows us to ensure that your domains transfer smoothly.

For transfers where we are the losing registrar we work with the gaining registrar to conduct the transfer quickly and efficiently.

Acquisitions and Disposals

Where you are releasing a domain to a third party (e.g. if you have sold a domain to someone else) we will act on your instructions to release your domain at the appropriate point.

We can also manage the domain disposal process for you, marketing your domains on the second-hand market. We charge a commission-based fee for domain disposals of this nature.

We can also receive domains that you have acquired (e.g. as part of an acquisition) and in this case we'll work directly with the losing registrar to ensure that your acquired domains are fully consolidated with the rest of your domain portfolio.

Registrations & Renewals

Escrivo Internet Consulting — Tue, 27 Sep 2011 12:11:00 GMT

We provide domain registrations and renewals for all the most popular TLDs including .co.uk and .com. In addition to being Nominet (.uk) registrars, we work with over 280+ global Top Level Domains (TLDs).

Our systems manage thousands of domains and allow us to process registrations and renewals for over 280+ TLDs, including:

.uk domains - such as .co.uk, .org.uk, .ltd.uk and others.
gTLDs (Generic TLDs) - such as .aero, .asia, .biz, .cat, .com, .coop, .info, .jobs, .mobi, .museum, .name, .net, .org, .pro, .tel, .travel and .xxx.
other ccTLDs (Country Code TLDs) - over 200 other ccTLDs from Europe, Asia, North and South America, Africa and Oceania, including popular choices such as .tv, .it, .be, .eu, .in, .co and .cc.
more than 20 second-level CentralNIC domains - including .uk.com, eu.com, us.com and others.

We can also provide local presence services in most of the countries where local presence is required. Some TLDs require evidence of trademarks regstered in their country - we can advise if this is the case.

We can auto-renew domains or contact you for approval when a renewal is due. Our systems ensure that domains are not "lost" through accidental non-renewal.

Domain registration pricing

Every TLD has different pricing structures and different policies for registration and renewal, so if you are looking for a particular domain then please contact us and we'll provide you with an indication of availability, any restrictions or local presence requirements, and a price quotation.

Responding to SSL/TLS vulnerabilities

Escrivo Internet Consulting — Tue, 27 Sep 2011 10:15:00 GMT

No immediate cause for alarm, but internet users and website operators should be aware of this new vulnerability and take steps to reduce any risk.

Last updated: 1355BST 27 September 2011

On Friday a vulnerability in SSL and TLS was demonstrated at the Ekoparty security conference. (News reports here, here and here, for example - or if you are feeling technical you can watch a video of the hack here.)

The vulnerability exposes a weakness in TLS 1.0 and SSL 3.0 which are the technologies which underpin the https protocol, which is the technology that ensures that web browsers can communicate securely with web servers and is used by millions of internet users every day while conducting card transactions, online banking, and many more secure online applications.

The bad news: this issue has been around for a while and there's no practical "quick" solution

This weakness has been known about for many years but was previously considered a "theoretical" weakness that couldn't be exploited - it now can.
Fixes (TLS 1.1 and TLS 1.2) have been available for several years but for a variety of technical reasons have not been implemented.
The weakness does mean that there is a proven approach to making "secure" sites insecure - the conference demonstration was, apparently, to hack a PayPal account being accessed via a Firefox browser session.

The "good" news: the vulnerability has a number of dependencies and is difficult to implement "in the wild".

There are a number of technical prerequisites before this vulnerability can be exploited, including the fact that it's a "Man In The Middle" attach (it does not work on "observed" traffic - ie. the attack software needs to sit between the user and the server) - an attacker would need to establish this capability first.
Malicious code needs to be inserted into the attacked browser session and requires the attacker to exploit other vulnerabilities

Our assessment is that there is no current cause for panic or alarm but internet users and website operators should be aware of this new vulnerability and take appropriate steps to reduce any risk.

For our website operators and hosting clients with secured traffic (e.g. SSL certificates implemented):

We will contact you separately to dicuss the options, which include altering security settings on your server to give a higher priority to unaffected security suites. This can however cause compatibility issues in some scenarios, e.g. some browsers may be unable to use your website.

Our advice for internet users:

Ensure your antivirus and other anti-malware software is up-to date and working effectively.
Ensure you update your web browser software to the latest available version to take advantage of any patches or updates being released by browser developers to address this or any other vulnerability. Microsoft has released a security advisory with Suggested Actions, pending any patch that they might release. Opera 11.51 is reported to contain a fix for this issue. The developer teams for Google Chrome, Firefox and Safari are reported to be working on patches for this issue. The situation for mobile browsers is not currently clear.
Consider enabling TLS 1.1 or later in your browser. Internet Explorer supports TLS 1.1 and 1.2 in Windows 7 and Windows Server 2008 R2 (see here for instructions). Opera supports TLS 1.1 and 1.2 as well, (but will always try to use TLS 1.0 first unless you specifically disable it). Be aware that these changes may cause compatibility problems with some websites - TLS 1.1 and 1.2 are not commonly supported by secure servers. At the moment, Firefox, Chrome and Safari all support TLS 1.0 only.
Pay attention to the availability of operating system updates and apply them promptly.
Ensure you use strong passwords with all your online accounts and change them regularly. We recommend KeyPass as one of several technologies that can help you generate strong passwords and keep track of them.

We'll update this page if more information becomes clear - you can monitor our Twitter feed and our Facebook page for updates.

Our range of SSL Certificates Click here to learn more

Business benefits of eCommerce

Escrivo Internet Consulting — Fri, 16 Sep 2011 16:39:00 GMT

Central Scotland Ballet School asked Escrivo to create an online shop to reduce the amount of teaching time lost in processing orders for uniforms.

Our solution was based on implementing an open source shopping cart and designed as a seamless extension of the rest of the client's website.

Watch this short (2 minutes) video to learn more:

The key benefits of the project were:

An increase in available teaching time, in the region of 2-3 minutes per order, as a consequence of moving order capture and payment processing processes online.
Improved cashflow by ensuring that all orders are paid for in advance
Reduced cash handling overheads - which also reduces risk for the dance teachers (typically they operate as "Lone Workers")
Higher average order values as a consequence of having the full range of products available to view - something that hadn't previously been feasible, as the school teaches in multiple venues
Very positive feedback from customers (parents and students)

The bottom line:

We've increased the value of the website by:

Improved cashflow and turnover
Improved recognition amongst their customers and peers
Increased customer loyalty
Increased the utility from existing hosting services
Reduced risk

...and most importantly, we've released extra time for teaching.

Some of the key technical aspects of this project included:

We made sure that the the the online shop has a simple look and feel - the custom theme has retained the simplicity of the existing website and ensured a consistent user experience for visitors
We ensured, by adding social media sharing buttons to product pages, that the client could maximise the impact of new products within their extensive social media activities.
Although they are visually integrated, behind the scenes the website CMS and ecommerce platform are completely independent. We were able to arrange the client's website hosting to ensure that the new ecommerce components could be accomodated within the client's existing hosting arrangements.
We provided advice, support and eCommerce training during product population and configuration prior to go live.

For more information about the benefits of eCommerce for your business, please contact us.

eCommerce could benefit you tooContact us for information today

We'd like to thank Central Scotland Ballet School for allowing us to use their project as a case study.

New Cookie Audit service helps website operators comply with updated cookie regulations

Escrivo Internet Consulting — Mon, 23 May 2011 09:43:54 GMT

Today Escrivo has announced a new Cookie Auditing service to help website operators meet their legal obligations under the revised Privacy and Electronic Communications Regulations, which come into force on 26 May 2011.

A Cookie Audit is an essential first step in ensuring that websites are complying with the new regulations, and is recommended by the Information Commissioner as the starting point for being prepared to comply.

Notably the Information Commissioner has recognised that there are a number of technical hurdles to be overcome in implementing this new legislation and has promised to provide guidance in due course on how the ICO will enforce the regulations.

In the meantime, website operators need to prepare and ensure they are ready to comply with the new regulations when they come into force.

Cameron Leask, Managing Director of Escrivo, said: "The intention of the updated regulations, to protect the privacy of website visitors, is clear and worthwhile, but the process of enabling websites to comply with the regulations could be disruptive for many website operators. We're looking forward to seeing further guidance from the ICO regarding the implementation and enforcement of the regulations.

"In the meantime we urge all website operators to undertake a Cookie Audit to ensure they are aware of how their websites use cookies, and to assess the implications those cookies have for the privacy of their website visitors."

In addition to our new Cookie Auditing service, Escrivo has also published a short process guide to Cookie Auditing to help website operators perform the audit themselves if they prefer.

For more information, please contact us.

How to comply with the UK's new cookie laws

Escrivo Internet Consulting — Mon, 23 May 2011 09:08:00 GMT

The UK's Privacy and Electronic Communications Regulations are changing - critically, the new revisions to the legislation requires websites that use cookies to gain consent for using those cookies from each website visitor. We look at how to respond to this new legal requirement.

The new cookie regulations are intended to address concerns about privacy, but apply to all cookies, regardless of whether they are potentially intrusive or not, with very few exceptions. Most modern websites use cookies and accordingly the updated regulations will impact almost all website operators.

The new requirement for website operators to gain the user's consent before storing data in a cookie is a potentially onerous one and there are a number of practical issues with technical implementation. The Information Commissioner, who has responsibility for ensuring the new regulations are followed, recognises this and has indicated that the new regulations will be implemented in phases. Further guidance from the ICO is expected in the next few weeks.

However, the Information Commissioner has also made it clear that the ICO expects website operators to prepare to comply with the new regulations.

How to comply with the new Cookie regulations

We've identified the following process that will allow you to prepare to meet the requirements of the new cookie regulations, in line with the ICO's recommendations:

1. Conduct a Cookie Audit. Build an inventory of the cookies created and updated by your website, and the relevance of each cookie to how your website operates. First-party and Third-party cookies need to be included; as do session cookies and persistent cookies.

To start, build a list of cookies using one of the many Firefox add-on extensions (e.g. the Web Developer Extension) and then review each cookie in turn. You might need to refer to a website developer for technical assistance, and in specific cases you may wish to talk to your legal advisors too. If performing a comprehensive cookie audit sounds like it's beyond your technical capabilities - contact us for help.

(We performed a Cookie Audit for our website - here's the link.)

2. Assess how intrusive your use of cookies is. Understanding the degree to which each cookie impacts your website's visitors' privacy is key to an accurate consideration of how to comply with the regulations. Your cookie audit may have included an assessment of this impact.

3. Consider how necessary each cookie is. In particular, review whether any of the cookies identified in your audit could be removed, or whether it is possible to reduce the overall privacy impact of your website for visitors.

4. Decide on a solution for obtaining consent - although be aware that we are still waiting for the ICO to provide further guidance on the implementation of the regulation, which could have implications for the methods that websites are allowed (or not allowed) to use to gain consent.

One of the important technical issues here is storing the visitor's preference. If the user declines to give consent for storing cookies, then it will not be (legally) possible to store their preference in a cookie, which could mean that website operators have to ask these users for consent on every visit. We're looking forward to seeing what the ICO advises in these circumstances. Contact us if you have any queries, or subscribe to our email newsletter and we'll update you when the situation becomes clearer.