How does Geofencing work and what is it for?

Source

Geofencing is a buzzy mobile app capability that’s been around for at least a decade; however, developers are only now seeing the full potential of geofencing for building a great user-first experience. While geofencing received some attention in relation to user privacy, new tools are considering how geofencing can better surprise and delight customers – and in the future, radically change the way companies deliver location-based experiences. 

From sending a tailored promotion when a customer enters a retail store to powering order-ahead food delivery, geofencing plays a key role in making mobile apps contextually aware. How does geofencing work, and how can mobile app developers better deploy this technology? Here’s what you need to know about geofencing. 

Geofencing: What is it?

Geofencing is a location-based service in which an app or other software uses GPS, RFID, Wi-Fi or cellular data to trigger a pre-programmed action when a mobile device or RFID tag enters or exits a virtual boundary set up around a geographical location, known as a geofence. 

What does it mean in practice? Think about it like this: geo-fencing is like an electric fence for your dog but in the real world. Geo-fencing allows for the setup of virtual fences or areas, wherein the entering and exiting through the areas triggers a response or action by the individual or company monitoring the geo-fence. So, instead of alerting a pet owner when Fluffy wanders into the neighbor’s yard, geofencing triggers alerts for a business owner when key things happen: a customer visits a store, for example, or the store of a competitor. 

 

How does it work?

To make use of geofencing, an administrator or developer must first establish a virtual boundary around a specified location in GPS- or RFID-enabled software, which can be as simple as a circle drawn 100 feet around a location on Google Maps. This virtual geofence will then trigger a response when an authorized device enters or exits that area, as specified by the administrator or developer.  Put simply, picture virtually unfolding a paper map, taking a virtual pencil, and then drawing a virtual circle around a desired part of the map. Then, whenever someone or something enters or exits that area, you are alerted. 

 

What is it used for?

Early geofencing projects revolved around using GPS to track herds of livestock or using ankle monitors to keep an eye on criminal offenders. This tracking then developed into keeping track of truck drivers on their routes as well as using  “smart cards” to track employee movements in a building. 

Today’s use of geofencing has evolved beyond simply tracking where a target customer (or a herd of sheep) is at any given time. With privacy concerns challenging companies to rethink their use of geofencing, companies like Radar are leading the way in innovating how geofences can improve the user experience. 

Take, for example, Burger King’s Whopper Detour Campaign. Burger King ran a promotion to sell Whopper burgers for $0.01 – but only to customers within a 600-foot radius of a McDonald’s. Customers could download the Burger King app and head to their nearest McDonald’s. When they were within the geofence, the app would redirect them to their nearest Burger King to redeem the promo. 

 

This is just one-way brands are thinking creatively of how to use geofencing to surprise and delight customers – without invading their privacy.

Geofencing: A Matter of Privacy

As expected, not all individuals are comfortable having their location data shared via geofencing. In fact, in 2017, Massachusetts was one of the first states to enact a consumer protection law that objected to the use of location-based advertising. The Attorney General blocked an ad campaign from Copley Advertising, which was hired by a Christian organization to set up a geofence around women’s health clinics that would target women in the waiting room or nearby with anti-abortion ads.

While many ad-tech companies use geofencing to collect data on customers, new pioneers in the geofencing space, like Radar, are careful to put the user experience at the forefront of innovation. In a space dominated by ad tech and data monetization companies, Radar’s privacy-first approach means they do not sell any data they collect, nor do they share location data across customers.

 

Geofencing: 2019 and Beyond

The geofencing industry is expected to grow over 27% by 2022, citing “technological advancements in the use of spatial data and increasing applications in numerous industry verticals.” 

While retail and travel are two industries already invested in geofencing, there’s a lot of potential for this technology to grow to government, healthcare, and more. Surprising and delighting customers is just the first step to integrating geofencing more thoughtfully in nearly every aspect of life. Over time, users will come to expect, rather than be surprised by, the way companies use geofencing. We expect to see companies use geofencing more strategically to send contextually relevant messages, build contextual experiences, and understand location data more thoughtfully. 

 

This article is contributed by Radar.

 

Introduction to MySQL Query Expansion – Part 1

We all know that back in stone age, the cave-man had no issues with data incompatibility, storage and search because stones & leaves were the only medium for data storage and search but that is past and  today we are in 21st century where we have to dealt with tons and tons of data and the data searching becomes more important.

Today we are going to learn the basics of MySQL Query Expansion. There are some cases,  where you want to find some information based on limited knowledge that you have. You use some keywords to search for information, and typically those keywords are too short. To solve this problem and help users to find what they want based on the too-short keywords, MySQL full-text search engine introduces a concept called query expansion.

What is query expansion?

The term query expansion in MySQL is used to broaden the search result of the full-text searches based on automatic relevance feedback which is sometimes referred as blind query expansion. Let us understand  how MySQL full-text search engine performs the steps when the query expansion is used:

• First, MySQL full-text search engine looks for all the rows that match the search query provided by you.
• Second, it checks all rows in the search result and then it finds all the relevant words.
• Third, it performs a search again but based on the relevant words instead of the original keywords provided by the users.

Since you understood the basic concepts of query expansion, it might be clear  that you can use the query expansion when the search results are too short. You need to  perform the searches again but with query expansion to offer users more information that are related and relevant to the user.

Lets us understand the syntax:

In order to use query expansion, you need to use the WITH QUERY EXPANSION search modifier in the AGAINST()function. The following illustrates the syntax of the query using the WITH QUERY EXPANSION search modifier.

SELECT column1, column2

FROM table1

WHERE MATCH(column1,column2)

      AGAINST(‘keyword’,WITH QUERY EXPANSION);

In the next post, I’ll be continuing this topic with relevant examples and will see some quick facts about the full- text search. Please share your feedback and share if you like this topic.

Categorization of CMMI Processes Area

Once again back with process improvement topic, when we though of process oriented organization, few of us think that it can be achieved easily but believe me it don’t happens over the night. There are teams who sweats day & night to establish a formal process and in every organizations there are people who don’t like changes but change in inevitable in nature and we must be ready for the same. CMMI is a framework for process improvement and today we are going to categories CMMI processes area.

CMMI Process area are divided into two categories respectively:

1. Maturity Level wise
2.  Category Level wise

Further if we categories maturity level, it can be divided into 5 maturity level. Any company or organization which is having no process is by default at level 1.

1. Maturity Level 1 – Initial (Having no processes and nothing being followed)
2. Maturity Level 2 – Managed
   1. Configuration Management
   2. Measurement & Analysis
   3. Project Monitoring & control
   4. Project Planning
   5. Process & Product Quality Assurance
   6. Supplier Agreement Management (SAM)
3. Maturity Level 3 – Defined
   1. Decision Analysis & Resolution
   2. Integrated Project Plan
   3. Organizational Process Defination
   4. Organizational Training
   5. Organizational Process focus
   6. Producut Integration
   7. Requirement Development
   8. Risk Management
   9. Technical Solution
   10. Verification
   11. Validation
4. Maturity Level 4- Quantitatively Managed
   1. Organization Process Performance
   2. Quantitative Project Management
5. Maturity Level 5 – Optimizing 
   1. Casual Analysis & Resolution (CAR)
   2. Organizational Performance Management

If you want to divide category wise process area then it can be divided into four category ;

1. Project Management
   1. Integrated Project Plan (IPP)
   2. Project Monitoring & Control (PMC)
   3. Project Plan (PP)
   4. Quantitative Project Management (QPM)
   5. Requirement Management (REQM)
   6. Risk Management (RM/RSKM)
   7. Supplier Agreement Management (SAM)
2. Engineering
   1. Product Integration (PI)
   2. Requirement Development (RD)
   3. Technical Solution (TS)
   4. Validation (VAL)
   5. Verification (VER)
3. Process Management
   1. Organizational Performance Management (OPM)
   2. Organizational Process Definition (OPD)
   3. Organizational Process Focus (OPF)
   4. Organizational Training (OT)
4. Support
   1. Casual Analysis & Resolution (CAR)
   2. Configuration Management (CM)
   3. Decision Analysis & Resolution (DAR)
   4. Measurement & Analysis (MA)
   5. Product & Process Quality Assurance (PPQA)

If you have counted there are 22 process areas and each represent some activity in Maturity Level. If you want to learn more about these areas, I would encourage you to read my book on CMMI for Development.

 

If you are looking to hire an consultant for CMMI implementation, you can reach me on mukund002(at)gmail.com.

Top Misconceptions about PCI

Today I am going to focus on the major misconceptions that people have about PCI. So before getting started with the misconceptions, lets understand what is PCI & to whom it applies.

What is PCI ?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all the companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB card.)  Now since you have some knowledge about PCI, you might have understood that it applies to all the organizations regardless of  their size or the number of transactions, that accepts, transmits or stores any cardholder data.

Let us now see the common misconceptions:

• Since we don’t store credit card information, we don’t have to be PCI compliant. This statement is false as PCI DSS does not only apply to the storage of credit card data but it also applies to the handling of data while it is processed or transmitted over networks. Since you are not storing credit card data it does eliminate compliance requirements as the majority of the controls dictated by the DSS remain in effect. The only way to avoid PCI compliance is to transfer the risk entirely to someone else, such as third party payment,for example; PayPal’s Website Payments Standard service where customers interact with the PayPal SDK directly and credit card information never traverses to own servers.
• The PCI Data Security Standards is only a recommendation and not a requirement. This is also a false statement. The Payment Card Industry Security Standards Council (PCI SSC) is a private regulatory body that enforce the PCI DSS standard for merchants and service providers, regardless of their number & size. If the company stores, processes, or transmits any of the information recorded on a credit or debit card then they must abide by the PCI DSS else they have to face significant fines, higher opex costs through increased compliance requirements, and potential suspension or expulsion from card processing networks.
• Since we process a few number of credit cards only, so we don’t have to be compliant. Again a false statement. The merchants who process less than 20k transactions a year is not bound to seek the compliance validation  but the obligations of PCI compliance is still there as the data you store can be compromised and have serious consequences.
• Since we use PayPal/Authorize.NET therefore we don’t have to be PCI complaint. People often thinks that we have transferred the burden of PCI compliance to the payment services provider but there are certain services (e.g. PayPal’s Website Payments Pro).If your website integrates with PayPal via an API then you are still liable for PCI compliance since your servers capture and transmit the credit card data first.
• PCI  compliance only applies to eCommerce. The compliance is not applicable to any particular domain and hence it is applicable to every domain including eCommerce.

There are lots of other misconceptions about PCI which are not listed in this post. The purpose of the post is to share the general information and misconceptions of payment compliance. Please do share your feedback about this post.

References: 

https://www.pcisecuritystandards.org/document_library?association=PCI-DSS

https://www.pcisecuritystandards.org/

 

 

 

Planning & Implementing ISO 27001

In Today’s modern era security is still a big challenge for any sized organizations until you don’t have some form of control in place. These controls are necessary as information is one of the most valuable assets that a business owns. If you are IT services Provider and handling customers information then you must have to use security techniques such as Information Security Management System (ISMS).

What is ISMS?

In Layman term, ISMS is a framework of policies and procedures that include all legal, physical and technical controls involved in overall organization’s information risk management processes. Let us now move to the main focus area of this post which is planning & implementing ISO 27001.

Planning the Implementation 

Before implementation of ISO 27001, one needs to consider the cost of implementation, duration of the project, understanding of the model. In today’s time, every organization who wants to cut the cost without compromising the information security are looking at ISO 27001 certification as a promising means to provide knowledge about their IT security. The major cost involved in ISMS can be categorized as :

• Internal Cost, such as resource cost including HR function, IT function, and support functions.
• External Cost, such as consultants cost and this would be again to minimize the efforts required and reduce the cost.
• Certification Cost, this is one of the costs which cannot be reduced as there are few companies providing certification and one has to pay the certification cost certifying bodies.
• Implementation Cost, this can be analyzed by gap analysis and risk assessment procedure.

Another question may arise in your mind, how much time is required to complete this certification? On an average, the time four to nine months is required depending on how mature an organization is in term of Information security, and size & nature of the organizations.

As any standard practice, ISO 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its ISMS and it follows Plan-do-check-act (PDCA) Cycle.

1. Phase 1—Identify Business Objectives.
2. Phase 2—Obtain Management Support.
3. Phase 3—Select the Proper Scope of Implementation.
4. Phase 4—Define a Method of Risk Assessment.
5. Phase 5—Prepare an Inventory of Information Assets to Protect, and Rank Assets According to Risk and Classification Based on Risk Assessment.
6. Phase 6—Manage the Risks, and Create a Risk Treatment Plan.
7. Phase 7—Set Up Policies and Procedures to Control Risks.
8. Phase 8—Allocate Resources, and Train the Staff.
9. Phase 9—Monitor the Implementation of the ISMS.
10. Phase 10—Prepare for the Certification Audit.
11. Phase 11—Conduct Periodic Reassessment Audits

Conclusion: The success of ISO 27001 is its alignment with the business objectives and effectiveness in realizing those objectives. IT and other departments/functions play an important role in the implementation phase. An organization also needs to have the detailed understanding of PDCA implementation phases.

In the next article in the same series, I’ll try to explain each phases mentioned in PDCA Cycle and highlights on the importance of ISO 27001.

Thanks for reading this article, share your views.

Integrating PayUmoney payment gateway in PHP

Today I am going to explain, how you can integrate PayUmoney in your custom PHP based website. In initial stage of plan to integrate PayUmoney to the website seems to be little confusing to those who are not doing regular coding but once you get involved, it seems to be easy one.  If you have gone through the technical document of PayUmoney, then most of the things are clearly mentioned as easy to understand.

Here is the step by step guide to integrate PayUmoney payment gateway in your site:

1. Go to https://test.payumoney.com/ and sign up as a merchant account.
2. At time of sign up you need to use your valid email id.
3. Then fill all required business details. Use this details for PAN no. ABCDE1234F (use your PAN Number) and DOB – (dd/mm/yyyy) .
4. Add your bank detail, note you can add whatever bank name and details use this IFSC – ALLA0212632 in place of IFSC.
5. Don’t worry about bank details verification as you know this is your test account only.
6. Once your required steps are completed and your account is live,then write mail to support team : (techsupport@payumoney.com) for activating your account and to provide salt key.
7. Now after activation you can get your key go to Manage Account ⇒ My Account ⇒ Merchant -Key Salt copy your key and paste in your code.
8. After receiving you salt key, you are ready to test the code which can be downloaded from PayUmoney site also.

I hope following these easy steps, you can easily integrate PayUmoney to your website.

Sample Code

You can also download the sample code from github.com

https://github.com/payumoney-india/PayUMoney_PHP_Module/archive/master.zip

 

Note:- Don’t forget to change the Merchant Key & Salt in the code.

 

SCORM: Making LSM effective

SCORM is short for Shared Content Object Reference Model. As then name implies it is a Reference Model for creating SCO’s for creating web based training that is able to be shared among  other SCORM complaint LMS or content delivery system.

In simple words SCORM is standard to be followed for delivering content, if you follow the standard then only one time content investment for you.

Advance distributed Learning or The ADL is the body that manages SCORM specification and it addressed four high level requirements :

• Re-usability: The flexibility or ability to incorporate course material in multiple instructions.
• Interoperability: The ability to take course material developed in one location with one set of platform and use them in other set of tools and platform with different location.
• Accessibility: The ability to access and locate course material from location and deliver them in multiple locations.
• Durability: This is one of the best I found and it provides the ability to withstand technology changes without redesign or reconfiguration and hence you can say that it saves lot of effort and  millions dollars.. 🙂

Now you have some basic understanding of SCORM and lets quickly move to its sub specification which will help you in understanding it in detail.

Basically SCORM is composed of three sub- specification namely:

1.  The Content Aggregation: The content Aggregation Model is based on XML and specifies how Scorum content should be described and aggregated which promotes consistent storage, lebeling and packaging. This model uses mainly three technologies namely ‘Content Model‘ which help in creating learning experience and explains how these componets can be organised. Second is Metadata which describes the nature & purpose of package and the third one is ‘Content Packaging‘ is the collection of all files required to run the content and it enables learning to be shared between tools and system.
2. Run-Time Environment: Run- Time Environment section is based on Javascript and specify how the content communicates with LMS. It works on API’s which provide a standardized communication mechanism to communicate SCO’s. The API is responsible for setting and getting information such as score, time limit etc.
3. Sequencing & Navigation: Sequencing and Navigation specifies the rules by which a learner cab navigate between shared content. SCORM sequencing is generally based on concept of Activity tree where rules are attached to each content for sequencing and navigation defines how learning contents events are triggered.

Most of the things are clear so lets quickly move to its implementation part.

Implementing SCORM with PHP

The first thing we need to understand the every implementation vary depending upon what you are trying to implement and you need to determine whether you site is eLearning or just content delivery site. Let us see we an example where you want built a SCORM player in PHP.

• An importer, that reads XML from the imsmanifest.xml file and creates a representation in your system, if needed. The most important thing in this file is to find the “launch point” of the SCORM content.
• A SCORM engine, in javascript, that will communicate with the SCORM content.
• A database backend, to store what needs to be stored (based on the specification)

The second bullet points mentioned above is the most important and difficult portion. I have mentioned the steps for beginners and I can tell you that implementing SCORM from scratch is difficult as you need to work on lots on API to connect with different vendors.

You’re always beginning when you are moving forward.

You never fully become a leader. Goals are achieved. Character is pursued. Humility is the most challenging pursuit. Illusive: All character qualities are illusive. Courage, restraint, and love have new expressions in new circumstances. One day’s success is, at best, another days platform. Humility of all character qualities is most illusive. Mac Davis mockingly sang, “Oh […]

via Oh Lord it’s Hard to Be Humble — Leadership Freak

Women Use Pinterest, But They Don’t Run It

Product Manager Day 77: More than Requirements