Logo

Hop Studios is Canada's top ExpressionEngine
Web consulting, design and development firm.

ask about your project

Work With Us!

Get A Quote

Blog

One Touch Payment Using Apple Pay

Apple Pay iconWe got to do something exciting at Hop Studios last month: We set up Apple Pay for a client! (If that doesn’t sound exciting to you, maybe you’re not a Web developer with a giant crush on Apple. We’re hopeless here.)

Apple Pay is Apple’s new payment system. It’s integrated into all Apple devices that have a fingerprint scanner—phones, iPads, Apple computers. Once users set up their existing credit or debit cards in Apple Pay, payment can be made instantly by activating Apple Pay, either by holding the iOS device near a physical register, or online by using an Apple device and the Safari browser.

There are two major advantages to Apple Pay. First, it’s very, very fast. The transaction can literally be completed with a single finger touch. In person, that’s handy, but online, that means you get to skip filling out multiple form fields with credit card details, which is pretty great. So now, instead of the smartphone being a tricky way to get someone to pay, it’s actually a faster way. Second, because of how Apple Pay works, the user never shares their actual card information with the merchant: If the merchant gets compromised, no credit card number is in their system to be stolen.

Speed is great, security paired with speed is even better.

We built this Apple Pay donation system for our long-time client Sam Harris. Visitors to Sam’s site could already make donations using PayPal or a credit card. Now they have a third option: Apple Pay.

imageThe method is pretty obvious on a smartphone. And here’s how it works when making a donation from a Mac using Safari:

  1. After filling in your name and email, and selecting a payment amount, you chose Apple Pay as the payment method.
  2. A notification window pops up, where you select the card to use from those you’ve registered in Apple Pay.
  3. At the same time, your phone (always close at hand!), buzzes and displays a payment screen.
  4. One touch on the home button, and the transaction is complete.

The results have been encouraging. Visitors began using Apple Pay almost immediately. We don’t know how many visitors could use Apple Pay (but don’t). And we don’t know how many people use Apple Pay but would have been just as happy to use another system.  But we do know that Apple Pay donations are higher, on average, than Pay Pal or regular credit cards.  This could be simply a different demographic than the overall donation level, but we’re seeing a steady stream of users already.

Thanks, Sam, for the opportunity to try something new and innovative!

 

Will Better Security Warnings Mean Better Security?

These days, we do our banking, socializing, shopping, taxes and so much more online. It’s convenient, but every time we login to a site or type in a credit card number, we expose sensitive personal and financial information to risk. If you’re like me, each time you enter a credit card number in an online store or sign into your bank’s web site, you may wonder vaguely “is this safe?” You try to be careful, by using reputable merchants and not clicking on phishing email messages, but still… you wonder.

One way to know whether a Web page is insecure is to look at the full URL. Consider this address: https://www.hopstudios.com. The “s” in the “http” element means the page is being served securely. But some browsers hide “http” in the address bar (mostly because it’s kind of ugly to look at); meanwhile others offer warnings or show icons when a site isn’t served securely. It can be difficult to be sure if a site is or isn’t secure.

Recently, Google started notifying sites that they might trigger security “warnings” in the latest version of Chrome. The notification says: “Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as ‘Not Secure’ unless the pages are served over HTTPS.”

What does this mean? It means, Google’s Chrome browser has changed both the style with which it displays the https security notice, and the rules by which it decides what to display. Now, when a page that includes a field for a password or a credit card, you’ll see specifically that it is “insecure” (ie. http)  with a quick glance at the Chrome address bar. Compare:

Screenshot of an 'not secure' notification
An insecure site

Screenshot of a 'secure' notification
A secure site

This new look and rule for displaying it are part of a long-term plan to mark any pages served over the non-encrypted HTTP protocol as “Not Secure,” even if those pages don’t contain password or credit card fields.

I commend Chrome for doing a better job of letting users know when a site is or isn’t secure on pages that collect sensitive information.  But I’m less keen about Chrome’s plans to move toward a universal “Not Secure” warning for all http sites, regardless of what actual risk is present.

The move is almost certainly intended to serve the general Web audience by encouraging use of SSL certificates on all Web sites. While this is probably good for the overall safety and health of the Internet, I am concerned that applying these warnings to sites where security isn’t really a factor will actually create more confusion among Web users rather than less. I’m not sure the average Internet user understands the distinction between a site that is labeled “Not Secure” and doesn’t pose security risks, and one that does. The risk level of giving a non-secure site your credit card number is relatively high; the risk of browsing a non-secure site that doesn’t collect any personal data at all is fairly low. Of course, there are certainly factors other than having password and credit card fields that represent security risks. (There’s an excellent breakdown of this here.) But, labeling all http sites with the same warning weakens that warning when it actually represents trouble.

Aside from my Chrome qualms, however, it is true that any web site publisher who takes credit card numbers or has user accounts should absolutely be serving pages securely. If this is you, read on…

Let’s unpack what “securely” means. At base, a secure https site is one with an valid SSL certificate from a valid certificate authority, installed and set up correctly. Security certificates provide two layers of protection. First, the certificate validates the identity of the site (i.e. that you are actually accessing the hopstudios.com web site). Second, it ensures that the data exchanged between your computer and the server is encrypted during transfer, when it is most vulnerable. When a company serves their site securely, it’s a good sign that they are taking security concerns seriously, although it doesn’t mean your data is protected from all types of security breaches.

SSL certificates typically run from $150 to $300 per year, depending on your site’s needs and size—though there are several projects attempting to make SSL certificates available for free. You can expect a Web developer to need a couple hours to set up and test the certificate. Once the certificate is set up and working properly, you shouldn’t need to do much to maintain it beyond renewing the certificate annually.

As always, if you have questions or need help with SSL certificates, Hop Studios is here to help!

 

Meet Hop Studios’ New Senior Designer

Katie, by Katie
Katie, by Katie

We hired Katie Holmes! Ok, sure, not that Katie Holmes. This Katie Holmes is a talented graphic and interaction designer.

Katie joins Hop Studios after 10 years of agency and freelance design, where she worked with clients like LuluLemon, Skipper Otto, and Starbucks. She was one of the first to graduate from Simon Fraser’s School of Interactive Arts + Technology, but that wasn’t even close to the beginning of her work with design and technology.

“I got into design at 14 in order to make a [Ed: She doesn’t want me to tell you this, but hey, I’m the boss. -TS.] Harry Potter fan site,” Katie said. “I’ve always liked making things, so it was never really a decision to ‘go into’ design, it just kind of evolved.”

Actually, Katie tells us what she really dislikes is not knowing how to make things. You name it, and Katie has probably done it: knitting, painting, weaving, woodworking, drawing… the list goes on. Katie brings this same curiosity and application to her web work.

“I like looking at the bigger picture, being able to see the whole scope of the project and how it all fits together. To create consistent, coherent, intuitive sites, you have to understand the whole thing at the macro level, and also in the details,” Katie says. “User experience is all about finding the least painful route the user can take to achieve a result. Add good design, and you can create interactions that are enjoyable and seamless. You shouldn’t even notice the process, just move smoothly through the technology.”

And if that doesn’t match the Hop Studios approach—good. clean. fun.—well, then we don’t know what does.

Welcome, Katie!

 

DC Commuters Get Some Help On the Road

The new year is starting with a vroom for Hop Studios as we launch our newest news project: DC Commute Times!

Photo: DC Commute Times Web site screenshot

DCCommuteTimes.com provides news and traffic information for commuters in the metropolitan Washington, D.C. area. The D.C. area has the dubious honor of having some of the the worst traffic in the country. When I say it’s bad, it’s really bad. One recent study showed that the average commuter in this area—D.C., Virginia, and Maryland—spends up to 82 hours held up in traffic each year (PDF) as they struggle to travel between work, home, and every other place they want to go. We’re talking almost six hours of rush hour commuting.

Being stuck in traffic, of course, leads to people to thinking about one key question: How can a local commuter reduce the amount of time they are spending in transit?

DC Commute Times is the brainchild of Jeff Wong, who lives the horror himself as a resident of Arlington, VA. He believes real-time information updates are at least part of the answer. That might mean choosing a different mode of transport on really tough days, or taking a different route than usual, or just waiting a little while. Jeff’s goal is to provide that timely information commuters need to make these daily decisions for using roads, Metro, buses, trains, and even bikes.

The newly launched Web site uses many local commuter resources to present timely updates and traffic maps, along with hyper-local coverage of the commuter experience. On the site, Jeff also presents editorial content on everything from tips to stay on the road during icy conditions, to managing the fluctuations caused by the holidays.

If you’re a DC commuter, consider making DC Commute Times part of your daily routine before you head out the door!

 

Distributed Content Poses a Quandary for Online Publishers

Online publishers are facing a looming dilemma: Is the loss of direct control over the reader’s experience worth an increase in traffic and attention?

Apple, Google and Facebook believe the answer is an unequivocal “yes,” and each has entered the distributed content publishing arena with a method to permit publishers to customize content for more attractive and faster display on mobile devices.

Apple would like you to use its flexible and deeply integrated Apple News Format; Facebook is very bullish on Instant Articles, now also integrated into Messenger; and Google is downright evangelistic about Accelerated Mobile Pages present.

Publishing articles via social networks and other aggregation sites and apps can definitely increase traffic and reader interaction, but that interaction takes place on on the social network itself rather than the publisher’s web site. It’s not so much that there is a high price to pay to participate, it’s that no one knows what that price tag will ultimately be—and in fact, that price tag may look very different for large publishers than it does for small ones.

The concept is simple: Publishers format their stories in each tech giant’s format and those stories are served directly from the servers and apps of those companies, essentially bypassing the web site (and much of the advertising, design and additional functionality) of the publisher. The publisher gets their content displayed extremely quickly, usually with some sort of mark indicating to readers that it’s fast and optimized for mobile, and possibly even priority access or promotion, especially in the case of Apple News.

All these features may have thrown a garland over the horns of the dilemma, but it’s made them no less sharp.

If, say, The New York Times publishes articles into Facebook using Facebook Instant Articles, and readers interact with that content only within Facebook, what will happen to the readership of the nytimes.com site over the next 10 years? Or even just two? Now ask the same questions about smaller entities, like The (Sonora, CA) Union Democrat, which gets 420,000 page views a month?

The growing primacy of mobile device uses has only increased this trend. A mobile Facebook user has a better experience if they stay within Facebook, rather than jumping between app to browser repeatedly, and the same holds true for any social media app. Apple has begun to push news content into its device search results, which it can only do with Apple News content.

Consider, for example, Now This, a news resource (it’s hard even to know what to call it…) that dumped having any site at all in favor of placing the news it reports directly where readers are: Facebook, Vine, Twitter, Tumblr, Instagram, Youtube and Snapchat. Is a publisher still a publisher if it has no publication? For some, all page views are created equal, whether they happen in Apple’s iPhone search, a Facebook feed, or in a tweet—but some of these platforms have limited advertising options, and some have none at all.

There’s one more consideration: When you publish on another firm’s platform, they can set restrictions on what you can publish. Both Facebook and Apple include an application and/or review process for content.

Though these technology giants tout distributed content publishing as an exciting opportunity that no publisher should miss out on—more readers, better looking content, additional advertising models—the jury is still out for most publishers.

Don’t forget: The biggest companies used to be in oil; now the giants are in technology. When you play with Google, Apple, and Facebook, you’re playing in the big leagues.

You may be interested in reading more on the Hop Studios blog:
Google Accelerated Mobile Pages
Apple News Format
Facebook Instant Articles

 
more posts from December 2016 More From December 2016

 
Web Design and ExpressionEngine Development Consulting - Vancouver (BC) Canada