While NuCaptcha introduced its in-CAPTCHA video ad solution last October and its Engage self-serve platforms for advertisers and publishers in April, this launch features upgraded back-end technology for optimized security. This includes better defense against optical character recognition (OCR) tech though overlapping/moving text (thanks to its Behavior Analysis System for video-based CAPTCHAs) and the use of random letters. ReCaptcha tends to use real words (frustratingly distorted) scanned from texts for Google’s Library Project.

Instead, NuCaptchas prompt users to type in three undistorted letters (sites that want more security can add up to eight letters) displayed on screen when they reach an online security checkpoint. According to the company, average fill-in time is three seconds.

NuCaptcha offers four packages: Free, for websites that require 25,000 or fewer a month; Pro, for above 25,000 and additional features; Enterprise, for pubs seeking full customization, reporting and other services; and Engage, which serves in-CAPTCHA ads through NuCaptcha’s network.

“What’s been missing on the Internet is a customizable Captcha that’s freely available for everyone,” said Michel Giasson, CEO and cofounder of NuCaptcha. “We’re giving site owners the freedom to do what they like with Captchas – whether it’s simply offering a better, more readable user experience, or the ability to add their own look-and-feel, messages and other customization, depending on their audience.”

It’s interesting that NuCaptcha has been playing up the security angle of its service to wrangle in publishers, while competitor Solve Media seems more focused on winning advertising business and highlights the revenue opportunities for pubs. Last month, Solve mentioned that its publisher base had grown 460% to over 2,000 while its advertisers had topped 75. The company’s Type-In ads boast 29% engagement rates.

You can view NuCaptcha product demos here. Check out the promotional video below, and a piece COO Ron Moravek wrote for Adotas about the big marketing opportunities within CAPTCHAs.

Make The Switch from NuCaptcha on Vimeo.

1. You can use Captchas in many different ways to drive engagement.

Interactive video: Advertisers with existing IAB video assets can turn them into video-based captcha assets for a better engagement tool right where and when users are paying attention. These placements yield a 10x brand recall, as Captcha is one of the most powerful interactions offering a brand 100% share of voice and a guaranteed engagement. (My company NuCaptcha offers this type of technology.)

Mailers and email letters: Marketers are always fighting spammers and fraudulent signups to their lists, causing an ongoing battle with ISPs to stay in the inbox. By employing Captcha on registration pages, you can ensure only humans are signing up with real email addresses , which in return gives you a highly responsive mailing list.

“Gateway” advertisements: Ensure engagement anywhere on the page. For newspapers and publishers wanting to drive new revenues, Captcha yields a CPM that’s four times the average for an interstitial, which means you could serve it a quarter of the time, generate the same revenue and create an uninterrupted experience for users. Your readers will no longer skip right past these – as Captcha provides a guaranteed engagement for brands.

Drive new “fans”: It’s easy to incorporate Captcha advertising into social strategies to juice up fan acquisition programs.

2. A Captcha protects your site against spam.

While you may not always need a security-enabled Captcha for all applications, security is essential when it is needed. Why? If you want to convince your IT or Web security folks into changing all the Captchas on your site into the next great revenue generation tool, you better have a good answer for security.

As a marketer, you need to understand the different types of advertising Captchas currently on the market: There are ad units (provided by companies such as Solve Media, which serve the same images and are easy to solve); mid-security Captchas (typically used in forms, blogs, etc); and high-security Captchas (for authentication, transactions, etc).

The majority of Captcha uses on the Web today require the latter — the highest difficulty in solving for intruders. If existing Captchas are there to protect against spambots, human farms, etc., they must continue provide this function, and ideally improve on it.

One of the easiest ways to tell whether a Captcha offers any real security is to simply look at the image needing to be typed in. Is it constantly changing or static? If the image doesn’t change, it can be immediately cracked by a spam bot, and is not an option for both security and revenue generation combined.

3. Not all Captcha technology is created equally.

The Captcha market is massive, yet, a large majority of sites still rely on ReCaptcha’s 10-year-old technology for security, despite limited functionality and annoying its users. There’s a tremendous opportunity for marketers to adopt newer, video-based technology that is easier to read and offers ad-serving capabilities – along with better security.

If marketers and advertisers want to see this medium open up to the broader market, they must go beyond the immediate low-hanging fruit of revenue generation, and embrace truly secure technologies that can replace what’s already “good enough.” Make sure you understand where and how you want to use your Captcha technology before picking a provider; if you need options that go beyond advertising and include security with an SLA, you need to pick a Captcha platform that explicitly does this.

With the launch of the iPhone 4 and iOS 4.0, Apple added this paragraph to its privacy policy: “To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device.”

Almost a year later, outrage is all over the tech media as a few researchers discovered the file that houses this data. The iPhone logs a user’s precise geo-location up to 100 times a day and saves it in a file that is synced with a user’s computer. The real news is that the file is supposedly not very secure.

But Apple hasn’t been collecting this date there secretly; it was right there in the privacy policy and a number of media outlets — check out articles from The L.A. Times and GigaOm — wrote about the addition of that paragraph.

Business Insider’s Henry Blodgett asks, “Why no public outrage?” That’s easy to answer — too many people blindly trust Apple. I’ve got nothing to hide, it don’t matter if they got my locations! Besides, Apple is collecting the data “anonymously,” whatever that means.

Also most of us have come to accept the digital surveillance state. We’ve come to accept it as a consequence of technological convenience that we’re constantly monitored by our own devices. Modern life does get a bit more like a Philip K. Dick novel every day.

My question is, why the delayed outrage from the government? Why did it take nearly a year for Senator Al Franken to write a letter to Apple CEO Steve Jobs asking why this information is kept?

I can’t think of anything else new to say — I wrote it all last year:

“Don’t give me that ‘trust us’ bullshit — why won’t Apple just come out with some bullet points, a PowerPoint presentation (OK, maybe not PowerPoint) that details how long the location data will be stored, who exactly it will be shared with and the various ways it will be used, not some limp example like ‘providing better apps….’

“This is why federal regulation is necessary — it would certainly make consumer worry warts sleep a little easier knowing that an agency is watching out for them.

“Stifle competition and business? That’s crap — companies should want their users comfortable with how their information is being used. You really think it’s better business to leave your customers worried about who’s tracking their every move?”

Labeling the HTTP protocol as “a welcome mat for would-be hackers,” he argued that incorporation of the more secure HTTPS URL provides protection against personal data hijacking for the increasing number of users accessing the Internet through public wifi at coffee shops, bookstore and other hangouts.

Schumer claimed that hacking has become so easy that you don’t have to be a disgruntled computer genius and Harvard student unceremoniously dumped by his girlfriend to be a menace to the web — now any schlum who gets his/her hands on the right program can steal user information to raise havoc or go on a shopping spree. The Wall Street Journal notes that some Internet experts believe the lack of the HTTPS protocol is how Facebook CEO Mark Zuckerberg’s fan page was hacked the other week.

“With the privilege of serving millions of U.S. citizens, providers of major websites have a responsibility to protect individuals who use their sites and submit private information,” Schumer said. The senator also has sent large websites a letter — not an email — regarding this matter.

To make social retailers feel safe conducting business on the most popular social network, Adgregate Markets has added Symantec’s VeriSign Secure Sockets Layer (SSL) Certificates and the VeriSign Trust Seal to its ShopFans Facebook storefronts. In addition to added transactional security, merchants will be able to hang Symantec’s “VeriSign Trusted” seal on their pages.

“The attraction to Facebook as a platform for commerce is irresistible, but retailers must ensure that their Facebook presence is one that establishes the levels of trust necessary to convert fans into customers –- and to keep them coming back,” said Fran Rosch, vice president of Trust Services at Symantec. “We’re delighted to work with an innovator like Adgregate, whose vision for social commerce is helping to take the Facebook experience in an entirely new direction. By displaying the VeriSign Trust seal, Facebook stores created with ShopFans will transform more browsers into buyers.”

The Symantec partnership comes after Adgregate signed a security deal with McAfee and formed a privacy alliance with TRUSTe.

Gizmodo, which must be Apple’s favorite tech news site by now, reports that loading a PDF file from a web page on your iPhone leaves you vulnerable to being hacked. The PDF file could contain a font hiding a program that will cause stack overload and take over your device.

And do what? Whatever the hell it feels like! Gizmodo lists deleting files and installing monitoring software as just a few horrifying possibilities.

Coincendentally (not ironically) Gizmodo notes that the Safari-based Jailbreak Me 2.0 app — which allows users to open up Apple devices to unapproved apps — apparently uses the same method to crack Apple’s security.

But wait! An update says that not just devices running iOS4 are targets — apparently any Apple mobile device (iPhone, iPad and iPod Touch) running iOS3.1 or later. Zounds, Scoob!

The flaw is actually in Safari itself — Apple is yet to release a corrective patch, but has warned browsers not to download PDFs from untrusted sources and avoid direct PDF links. Gizmodo points out — and this is ironic — jailbird iPhone users can install a program that asks for authorization every time a browser encounters a PDF.

Yes, it looks like you might be more secure by busting through Apple’s security.

This story is extremely interesting to me, because it shows not only that interactive advertising has scams and frauds out there, but that even those working for a major interactive advertising network are quite gullible and ignorant of the methods and scams. I’ve been covering types of scams like this for years — as have the publications I founded including ADOTAS. This means it’s time to review again what one should do while working with new clients.

To be completely frank, I am surprised that someone at Casale was so… well.. there is no other way to say this… so STUPID that they allowed this company in the first place to do business with them. Casale has been around for quite a while and is generally considered one of the highest quality interactive advertising networks in the business.

Interactive advertising, because of its nature is extremely vulnerable to all types of fraud. With the internet opening up borders, anyone from almost any country can pretend to be anyone, from almost any other country. With PO boxes, postal forwarding, IP phones, a virtual company can look like a 100-person company in minutes. In fact, there are some players including agencies and networks that work mainly virtual — and do volumes of business that would be unthinkable just a decade before without a “real” office.

In this case, someone at Casale obviously screwed up. “Bellas Interactive” was obviously a fraud. The website was poorly made, looks like a cheap template site, and despite the claim on the site that they have been in business since 1994, the website was registered in April 2010.

That being said, let’s look at some keypoints that are important in dealing with new (and perhaps existing clients) and how to spot some obvious fraud by “fake companies”:

1. Do research. Look over the domain registration (WHOIS) and see if it matches the information provided. If a website says that it was founded in 1994, and the domain registration says it was registered in 2010, there is a huge red-flag right there.

Domain registrations can provide significant information, including other possible email addresses that area associated with the domain and domain hosting information. If the registered contact email address is affiliated with something else that looks fishy, that can be a huge giveaway that there is a scam.

If the phone number is international in the registration or does not work, that’s another sign something ain’t quite kosher. Similarly, any real marketing company that isn’t engaged in questionable practices will not have a “private” registration. Also, verify corporate information with the state they are doing business with. Every single State has an online verification system now.

2. Look over the website. If it looks like a simple template with no real information about the company except basic template crap about how they’ve been doing business, how they help their non-mentioned clients, then something is wrong.

Similarly, look over the address and phone number on the website. Any company that doesn’t list its address or phone number on its website is a dead giveaway of some sort of scam. All companies that are in this business want people to call them and do more business with them.

Also, check out the address on the website — if it goes to a dropbox, or someone else’s address that should make your spidey-sense tingle a bit.

3. Check your references. References are extremely important, and they should be used as a key guide. Those references must be people that you know. If a company is unable to provide references from people that your company does business with, then you need to ask them for other references.

In the case of Casale Media, the scammers just made up other companies and put them down as references. That reference should be someone that you yourself would give credit to because they are well known, trustworthy and what they say about another company is credible. Verify the information also with other people that you know – ask people in the industry about a company that seems fishy, and find more information.

4. Be smart. I’m just bewildered by the complete lack of common sense in the industry sometimes. I’ve been writing about this for years — you’d think people would be listening right? However, time and time again, people are fooled by extremely obvious scams.

It’s often because of new people in the industry with little experience. In those cases, the company owner or the supervisor should be watching everything that employee does if there is an issue.

During the credit check process, for example, numerous people should be copied on the applications including the CEO, the VP of sales, and other people — just to overlook the process in case they see something. Be smart — there are a lot of scams out there and being a little diligent will make a huge difference.

5. Look at reputation. This is the hardest part and often requires knowing people in the industry. My clients often hire me because of this. If a company has a horrible reputation of doing bad things, that is should always make you wary.

Companies that have been targets of enforcement actions, law enforcement, compliance issues, payment issues, you name it, should be avoided. Would you, for example, allow a convicted sex-offender babysit? Similarly, if a company consistantly has issues, you need to examine if its worth doing business with them.

I’ve found that people who cause issues consistently will always cause issues — a tiger cannot change its stripes, a leopard cannot change its spots. Once a scumbag, always.

What’s your opinion?

Originally printed at Industry Pace.

Instead yelling “Smoke!” when there’s no fire, perhaps SMobile should be looking closer to home: Apple announced that Vietnam-based developer Thuat Nguyen had been booted from the App Store along with his apps after he took 42 of the top 50 rankings in the eBooks category over the holiday weekend — though most of them were spurious titles, and almost all in Vietnamese.

Apparently 400 iTunes accounts were hacked and used to buy Nguyen’s “works.” Though Apple said in a release that Nguyen had violated the developer license agreement “including fraudulent purchases,” the company is mum to admit actual fraud occurred.

“Developers do not receive any iTunes confidential customer data when an app is downloaded,” Apple made sure to comment.

Of course, that was followed by a paragraph telling users whose credit card numbers of iTunes passwords to call their financial institutions immediately. To further allay concerns, apparently Apple is going to ask for credit card CCV verification more often.

But how did Nguyen get into those 400 iTunes accounts? That may be a small percentage of iTunes accounts, but it certainly raises great security concerns. And while the App Store may have been breached this time, similar safety questions need to be examined regarding the Android Market.

The report measured traffic quality across Anchor’s search engine, ad network and advertiser clients from April through June and labeled clicks as valid or invalid. Although the invalid rate dipped from 36.1% in the first quarter to 29.8%, this was primarily due to significant drop in the “innocuous” invalid (for example, a consumer accidentally double-clicking on an ad) from 7% to less than 1% in the second quarter. Attempted click fraud, however, only slid from 29.2% to 28.9%.

Anchor cited less robot traffic from indexing website spiders and test clicks by networks and search engines for the fall in innocuous traffic, and noted that such traffic is regularly prefiltered by ad providers and does not affect ad spend.

According to its Anchor’s analysis, fraudsters seem to be circling around the smaller fish. Anchor customers with more than 1 million daily clicks consistently reported higher volumes and lower attempted click fraud, leading Anchor to believe more successful and better protected ad networks and search engines are receiving less attention from fraudsters. Instead they have their sites on less established and more vulnerable depots.

“Click fraud attempts are not going to go away any time soon,” said Anchor Intelligence CEO Ken Miller. “Cybercriminals will simply reallocate their attempts from well protected ad networks and search engines to those that do not have a fortified line of defense.”

My response was simple: online advertising is a $24 billion industry and any industry making that much money has a huge target on its back.

Online advertising, once thought of as a fad or scheme, has morphed into a necessity for any company engaged in marketing their products and/or services. Because of this innate requirement for the success of product marketing, it can often become clouded and tarnished with very real scams within the online advertising realm.

Damaging practices can range from directly impacting the products currently being pushed, to back-end manipulation by the agencies, to the system being altered by ethically challenged affiliate marketers.

From a high level, many viewed the start of online advertising as a get-rich-quick scheme with few rules, causing a de facto Wild Wild West. Over time, hundreds of groups jumped into the industry, and a significant amount of money was made — and lost.

As the industry continues to evolve, the companies that are dedicated to improving online advertising — beyond the short-lived lining of their pockets — have expended millions to implement rules, fine-tune their advertising methods, hone their tracking software and advance any other aspects of the business they felt would increase profit margins.

Most recently, the top companies in the industry are focusing on compliance while securing their systems against fraud and abuse. Others, like Epic Advertising, are taking a long-term approach by realizing that if they are truly going to protect their investment and make their company grow, they need to protect the whole of the company.

For years, the online advertising industry has been laden with fraudulent actions by various players, while also suffering the scrutiny of the FTC, lawsuits and bankruptcies. The result is that a few major companies that have been following the rules are rising to the top, while simultaneously becoming the targets of the other, less scrupulous players.

With millions invested in tracking systems and system monitors by the top firms, some of the smaller players and criminal elements find it easier to steal what’s been developed rather than build them themselves. The same holds true for pilfering affiliate and advertising contacts, creative creation methods, customer data and back office operations.

Click fraud, cookie stuffing and numerous other schemes have been used against the online advertising agencies for years; but as industry players focus on stopping these methods, the criminals will find other ways to game the systems. Among those ways are social engineering, hacking and outright theft.

As is the case with any industry that grows from its infancy and represents a very large cash flow, online advertising companies need to take steps to protect themselves from both internal and external threats. In order to do this, they must first understand what the threats are, and what needs protecting.

One of the more damaging threats that exist relates to the schemes run by the affiliates or independent marketers, such as cookie stuffing or click fraud, but simply focusing on those threats is being myopic. Advertising agencies need to ask themselves “if I was just starting out, what would I need, and where could I get it?”

Once they answer that question, the following question is “how are we protecting what we have?” This does not mean just doors and locks;, it means policies, systems and consequences. Security means understanding the threats and risks, and then either accepting them, stopping them, defending against them or ensuring against them.

Companies need to focus on what makes them differentce from their competition.

Consider the following:

1. Access to your business contacts, namely affiliates and advertisers
2. The technology that makes their company move.
3. Business contracts, agreements and negotiations.
4. Personnel, skill sets and expertise
5. Back-end customer data

If any one of these sets of data is stolen, the impact to the advertising agency could be catastrophic. The information could be used to win over contracts, or it could be used to find a new way to manipulate the companies lead tracking system and increase an affiliate’s profits.

For companies to grow and truly court the top tier 1 advertisers, they are going to have to prove to those advertisers that they are safe and secure. This means being compliant with all laws, have a robust anti-fraud and anti -abuse system, and demonstrate their data, systems and operations are secure. Coke would not launch a new promotion through online advertising if a representative from Pepsi could figuratively waltz into the ad agency and figure out the strategy.

What advertiser is going to believe, or for that matter sign on with, a company that claims they have the best targeting algorithm in the industry, but has nothing in place to protect it?