Saturday, December 09, 2006

E-Commerce - How To Prevent Download Theft

If you sell digital products online, you are probably already familiar with the growing problem of your e-books, etc. being stolen. This is how it works and how you can prevent it.

A visitor to your site buys your product; for example an e-book. Soon after downloading her purchase, she visits a forum and supplies the link to the page containing your download information to all the members. Before you know it, thousands of people are downloading your e-book! These people are stealing from you and you are unaware of your loss!

Many of these would have bought your e-book, so you could have lost hundreds of dollars!

Or take another case. You set up your sales page using PayPal. Now your simple PayPal button script is visible on your sales page if someone bothers to "View Source". They can see where to download from and bypass the Payment page. Now PayPal will let you encrypt the button so only gobbledygook shows up in the source. But I have found a problem in that you cannot include redirect and thankyou pages inside that script, so you can force people to pay you, but then the supply of their goods is messy and involves email back and forth and so on.

In another case I have seen, the PayPal page was encrypted to prevent access to a download page, but the payment amount could be changed, so an expensive item could be purchased for 1 cent!

Fortunately, there are ways to prevent this download theft. The simplest method which I have come across recently involves using a third party that provides an encrypted script that secures your PayPal or other payment links and download information that you copy onto your website.

All your downloads are managed using a secure and automated process, There is no need to confirm orders and send download links to customers in email manually. On top of this, the system will send you a confirmation email each time a successful buyer downloads your products. This is excellent for your record keeping; you will know how many people actually downloaded your products. Your confirmed customers can download the product within minutes of ordering it! They don't have to wait for you to send them emails to receive a download link or go to page after page to confirm their order. Just 1 step for them!

There are two such systems which I have investigated, but I am not affiliated with either. One is provided by businessbazee.com This system is free to use and easy to set up. What they will do is give you an ID and a successful payment page URL which your customers will see when they have paid for your products at PayPal. This is a specially designed page that has the potential to check who is on the page and then display content accordingly.

If someone just arrives at your payment page without paying, it will display in one way If someone just paid at PayPal for something you are selling, it displays something else. Then it confirms the order and sends the appropriate download information to the buyer and a notification email to you that this particular person just downloaded your product. Best part it's all free. Get complete details at businessbazee.com.

The other is a more comprehensive service provided by Sam Stephens called DLGuard. This is a powerful, script that you simply upload to your website.

DLGuard supports the three types, or methods, of sale on the internet: single item sales (including bonus products), multiple item sales and membership websites It also has the advantage of being fully integrated with PayPal, ClickBank, 2Checkout, Stormpay, PayDotCom, Ebay, EA Script and even tracks your free product downloads.

This service protects your products from the most common forms of theft:

1. Prevents download link sharing, as in our forum example referred to earlier. Each download link can have a expiring time limit as well as a maximum number of download attempts. This means that you can give your customer, for example, 2 hours to download your product with a maximum of 3 download attempts. Even if your customer posted their own real download link on a public forum, the link would become useless before real damage is done. If your real customer doesn't have time to download their product within this time frame then you can easily reset their timer or download count. You can make your security as tight or as loose as you see fit for your customers.

2. Ignores insecure thankyou/download pages: A common form of "hacking" is by simply searching for insecure download pages via popular search engines. The term hacking is used loosely, as there is no skill in searching for insecure download pages, but the effect can still be devastating. You could lose thousands of dollars. Google includes PDF files in its search results.

If your download page or e-book is not secure, then people could be actually READING your e-book without even realising they're stealing your product. With the download guard in place, even if the whole world knows the URL of your thankyou page, they won't be able to download your products. The system checks to make sure a successful payment has been made before allowing access to the download area.

Marketing tests and successful business owners tell us time and again that to maximise profits you need to create a loyal customer list. This can be difficult or uneconomical by using customer signup forms as a large percentage of your customers won't signup. First you need to convince them to buy your product and then you need to convince them to signup to your mailing list As part of the download guard, they automatically add your customers to your mailing list after a sale is made and keep tracking records and file reports for you on who has downloaded your product. The DLGuard services is not free, but is affordable and well supported if the users forum is any indication.

What are your alternatives?

* Keep changing the location of the files every month or so, as part of your website maintenance.

* Keep renaming your download page frequently.

* Provide download from a different domain.

* Use encrypted pages that prevent right clicks and drop-down menus from revealing source code

* Do not link to your download pages from any other page and manually provide the site to your paying customer.

* Keep your download page more than 3 levels down in your web space. (Like domain/directory1/directory2/directory3/file). This may prevent search engines from reaching your files as they mostly scan only 2 levels down.

* Send your e-books with Acrobat pdf

If deciding to use .pdf files, you could make all of your material data image files which are called into the file from a protected web location. I am aware that Adobe Acrobat 6.0 Pro has collaboration features available, which can be used in conjunction with document encryption and password-locked features. Using the collaboration features, you could maintain an access log, sort of like a check-in/check-out process for the file(s). Remember if using any of the "product protectors" available on the market for wrapping the pdf file(s), you are in effect making them non-MAC friendly, as they become .exe files.

Remember you may not prevent theft entirely; you cannot prevent anyone from sending your product to a friend or reselling it on their own site illegally, though most people will not go that far and there are remedies you can take with their web hosting service and legal action.

No comments: