computerwoche.de

Archiv

Network Solutions CEO on domain name security

09.08.2005
Von 
Sharon Machlis ist Director of Editorial Data & Analytics bei Foundry. Sie ist darüber hinaus Autorin von "Practical R for Mass Communication and Journalism".
Alle Posts des Autors

Network Solutions Inc., the one-time monopoly registrar of .com domain names, is shifting gears, evolving into a provider of online business services and making a major push into the small-business market. Network Solutions Chairman and CEO Champ Mitchell talked with Computerworld"s Sharon Machlis about his company"s plans, explained how the Hushmail domain hijacking really happened and weighed in on the security of the domain name system.

How do you sustain a business where you"re charging US$35 a year for something that a lot of your competitors are charging maybe one-fifth the price for? We"re a lot better. As you know, Network Solutions used to be the monopoly. Between a combination of abusing its customers and giving the poorest customer service on the face of the planet, they managed to gain a first: They lost market share faster than any former monopoly in the history of the United States. I will say that as one of their customers, I think it was well deserved.

Obviously, there were lots of issues when I came here [in August 2001]. The customer-service aspect of the business was probably the worst part of all. The abandonment rate [for callers waiting to talk to a service representative] was 30 percent. And I was like, "I beg your pardon? What the devil is going on?" (Except I may not have used "devil.")

They were very nonplussed by that; they said that was normal for them. But since their average wait time was an hour and 15 minutes, it was not a shock. Today, our abandonment rate is less than 1 percent, and our average wait time is about 15 seconds.

We"ve stabilized. We"ve got about 7.5 million domains under management. But here"s, I think, the key thing for us: We don"t see ourselves as a domain-name company anymore. Our revenue mix reflects that we are moving away from being a domain-name company. In the last 18 months, we"ve gone from less than 10 percent of our revenue coming from something other than a domain name to over 30 percent.

Is that Web hosting? It"s a combination of online services for small businesses. That"s the part of the business that"s growing. I think it shocks people when I say we are the small-business experts online, because we have the largest customer base of small businesses of anybody online. ... The fastest-growing part of the marketplace online is small businesses. Right now, [there are about] 8 million small businesses with online presence. However, in the next 12 months, according to our customers and the survey data that we do -- and we do an awful lot of market research, something that the old Network Solutions didn"t do, because they didn"t care -- 2.7 million small businesses who are not online today said they plan to be online.

Why all of the sudden is there this surge? It"s search. Increasingly, small businesses are becoming aware that the way to be found is online, that people have stopped going to the Yellow Pages. They do local search; 58 percent of our small business customers report to us that their business jumped drastically as soon as they went online. That"s an especially important number when you realize that fewer than one out of three of our small business customers sells anything online.

This is why we are able to do a reasonable amount of premium pricing.

Network Solutions offers 100-year registrations. Why would someone want to buy a domain name for 100 years? It"s called protecting yourself. Do you remember when The Washington Post forgot to reduce its domain Washpost.com [and lost e-mail for several days]?

Would you like to have been the head of IT at The Washington Post that day? I don"t think he or she probably had a very good day, to put it mildly. That"s why some people choose to do it. It puts the onus on us. We"re not going to miss renewing a domain. That"s what we do for a living.

Aren"t there other ways you could do that, like insurance or auto renewal? A hundred years is a long time. A hundred years at $9.99/year is less than $1,000. What"s [Computerworld.com] worth to you? You couldn"t buy insurance with a premium that cheap. It"s by far the cheapest way to do it.

That"s a large corporate buyer. We"ve got a number of those. We cherish them. They"ll manage 10,000, 15,000 domains. And the truth is, no matter how good our customer service is, they don"t want to call it because they"ve got too many domains to manage, and they"re professionals. What they want is self-management tools. We work very hard to keep the best self-management tools in the business for those people.

But the growth part of our business is totally different. They are very bright people, who are pretty aggressive -- that"s why they started their own business -- but they aren"t technologists. And we"ve had to change ourselves and reinvent ourselves in order to service them.

So we"ve gone from where we used to spend about six minutes on a phone call to, in the first month we have a small-business customer, we talk to them for about an hour. We"ve moved away from pushing our customer-service people to get average handle time down, to say, "No, talk to them as long as they need to be talked to." And we"ve moved from taking orders to building relationships. We have moved into a consultative forms of servicing people.

In fact, we removed a lot of the incentives to upsell because we don"t want our customer-service consultants putting customers on packages that are more complex than they need. The customer"s not going to be happy. We lose money with every customer we add today, but ...

That doesn"t seem like a good business model. But if we keep them, we will make more money in the long run than we used to make on just the one-time sales. What we"re getting is the type of very intimate, trusted-adviser relationship with people that leads to long-term benefit for us and them. ...

We do have the gold standard of customer service. We spend that hour in the first month on the phone with people. We do answer it in 15 seconds. We speak to people in plain English; we stay away from the jargon. And because of that, we have a highly satisfied customer base. But this consultation has to go on constantly.

Our small-business customers have two great fears. And, one of the two great fears is they don"t understand the technology, they"re afraid of it, and they"re afraid of looking dumb. These are high-achieving people. ... They have never gotten awarded for not knowing. So one of the hardest things for them is to say, "I don"t know, I need help." We train our customer-service people very carefully, to help them get out that first question. And after that, it goes much more smoothly because they"re not going to have somebody treat them like they"re foolish to ask.

We had really bad customer service, truly the worst I"ve seen in 30 years in business. It was so bad that I couldn"t fix it. And the main problem was the attitude. So what we did was, we had a company-owned store in Herndon -- we closed it down. We had four outsourcers, got rid of all of them, fired the bunch of them and brought in a whole new team. We opened up a new customer-service center in Hazleton, Pa., which is up in the Poconos, where people wanted a job and were willing to treat customers decently. And we spent a lot of time training them.

By the way, our average handle time at that point was about 9 minutes, but the first 4 minutes on average of the phone call was people screaming about being left waiting. Today, 87 percent of them put us in the top two [survey] boxes, the high-satisfaction boxes.

This is where our whole model is going. That"s why the domain name is less important as a source of revenue, it is a declining percentage of our revenue and rapidly declining -- not as much because of pricing as because of the fact that we"re moving into these solutions areas. Now what we are is, we"re the place small businesses come to get started being found online and over time to grow.

There"s no reason they can"t also get services that are delivered to them online, that they could get off-line [with] software installed.

You"re talking about becoming an ASP? The ASP model was a good model. The problem was the technology didn"t exist to allow it to be used well. You had a bunch of kids running around the Internet who had no idea how to run a business. And a services business is a business that has to be managed. It"s a business for adults. It means you need to know how to run a customer service organization and run it well. They also just grossly overpromised what they could deliver.

So are we talking about moving to an application services model focused only for the time being on small business? Yeah, but our first services are all online -- the Web presence to begin with, building your business online[ and] for those 30 percent of our customers who want to sell, an e-commerce package.

There"s that whole world beyond. This is where we"re looking at acquisitions, this is where we"re building products and security.

You"re going to be competing with your former parent [VeriSign]? Our former parent doesn"t really do security at a small-business level. It"s an enterprise business. We think we understand what small businesses want. They understand what enterprises want. That"s fine, but they will never be successful in our space. They"re not the people I would worry about. ...

You know, I tried one of those software packages from a company that shall go unnamed that provided a service that had to do with how you crunch numbers. I got it in, then I tried to write a check, couldn"t figure out how to do it. I called, and I called, and I called. That was in 2002, and the 2002 version still sits on my computer, will never be operated and will never be used.

Now what if instead of that, I"d been able to come to you and say, "I see you"ve got this service, I"d like to try it out." ... I don"t have to install it. And in the future I can pay for it on a usage basis instead of paying some big upfront fee. And then last but far from least, the most important part of all, when I got ready to write that check and couldn"t, I could call you and you walk me through how to do it, and maybe you"d tell me I have the wrong package.

Wouldn"t that be marvelous? And wouldn"t you have all my data? And wouldn"t I need you as much as you need me? And wouldn"t we have a wonderful partnership? And isn"t it awful that that company that could have had that partnership with me in 2002 didn"t because they wouldn"t answer the damn telephone?

Are these small-business people going to be comfortable sharing their data that way? I think that"s where the trust and the security come in. That"s a package [of offerings] where they have to have absolute trust in your integrity and in your own security. We don"t have that package today, and we have to build that trust level before we can go there. But ultimately when you build that kind of trust level, then there"s virtually nothing you can"t do for people.

I wanted to ask you about the security of the Domain Name System, both technologically as well as the social engineering issues of keeping people"s domain names secure. There have been a couple of high-profile cases. ... ... And there have been a lot that weren"t high-profile. First of all, let me tell you, I"m really not a technologist. So I won"t even attempt to answer serious technology issues, but we will be glad to get you answers.

Social engineering I think everyone understands. Social engineering everyone understands. Given the fact that we have 7.5 million domains under management, we think we"ve done well, but you can never do well enough. We had one incident recently where a name was not taken from us but someone social-engineered a repointing of it for a couple of hours, three and a half hours. That caused me to be very upset.

Is that the Hushmail incident? That domain never left us. It was a social engineering. That same scam had been tried 15 or 20 times before. And what they did was, they managed to catch somebody who was brand new and who violated procedure. Since then we put in some safeguards on top of the ones we had before, because obviously the ones we had before didn"t catch everything. They"re supposed to get a supervisor"s approval ... but they blew through it. We put limitations on getting to the tools and things like that, that make it more difficult on our customer service people but also makes it safer.

I can tell you that after that incident, I hired two security firms to come in and, to use a technical phrase, beat the hell out of our systems and break in every way they could. That is why you need to go to a large and established registrar. Most registrars couldn"t afford to do that.

We have our NOC [network operating center] staffed 24/7. We answer the phone for customer service 24/7, and we don"t charge you for the call. You don"t even pay for the telephone call, unless you"re outside the U.S. That marks us as hugely different. Yes, our costs of operations are higher, but it"s because the quality of our service is higher. You know what? You get what you pay for.

Do I think there are problems out there [on the Web]? Absolutely. Do I think there"s risk for people? I think there"s more risk than most people realize. I said there were two things that worried our small-business customers. One of them was: "Will the technology bite me?" The other one -- and it gets just as high a percentage, both of them get 67 percent checked -- "Will my or my customer"s information somehow be taken or abused? Is it safe to be online?"

I would submit to you until we all get serious about making it safe and making people feel confident that it"s safe, we"ll never see this medium reach its full potential. It doesn"t matter whether [fear of putting data online ] is rational or not.

Responding to fear with rational discussion is completely pointless. We think that it"s very important that everybody who"s planning to be a long-term player on the Internet understands that we have to make it a place that is not only secure, but that people are confident that it"s secure.

And look, we had our issues. When I walked in the door, do you know what the fraud rate was at Network Solutions? 19.88 percent. One out of five dollars was a fraudulent transaction. And they were doing nothing about it. Today our fraud rate is 0.18 percent, lower than the off-line merchants. And in fact Gartner has written us up as the only people who have figured out how to beat fraud online.

We just felt that was an absolute essential. Not only good business practice, but also the reputation that it gives the whole Internet when people are suffering those kinds of levels of fraud -- when you get a call that says your credit card"s been used by somebody in Romania to buy 15 e-mails and five Web sites that they will never use but they will process the cash through into their account -- is not going to make you comfortable. We take it real seriously, but we can"t force everyone else to.