We had unprecedented success at the Retail Systems Awards last night where Integrated Store, our cross-channel solution, won not once but three times.
The combined entry from Aurora Fashions, Thomas Pink and ourselves won “Best multi-channel retailer”, “IT Team of the Year” and “Best Overall Entry”.
The three project teams have worked really hard to deliver the solutions at Warehouse, Oasis, Coast and Thomas Pink in time for Christmas and it was great to see their diligence and professionalism recognised so publicly. The fourth Aurora brand, Karen Millen, goes live early in 2011.
While multichannel is clearly the hottest topic in retail right now, the judges’ citation highlighted how impressed they were to see retailers and suppliers collaborating in new product development.
We’ve known for some time that hard- pressed IT teams need to forge true partnerships with their technology vendors. The exciting thing about this project is that it demonstrates that there’s also value in working closely with non-competing retailers too.
BT were also involved in the mobile gift voucher project for which Oasis and Eagle Eye Solutions won the EPoS innovation of the year award.
By the way, since entering these awards, JJB Sports are now also live with Integrated Store, and we are all working on the next phase, to be released in 2011.
The Payment Card Industry Security Standards Council (PCI SSC) updated its compliance guidance earlier this month. Many retailers were hoping the update would give a clear way forward in terms of their PCI DSS compliance. So have their hopes been in vain?
The guidance covered two areas:
1. Europay, MasterCard and VISA (EMV): the guidance concludes that EMV does not address PCI DSS and therefore the two need to coexist. It also goes on to state that: “EMV can substantially reduce fraud in face-to-face environments” and “can mitigate the risk”. So clearly the SSC are supporting EMV but it is still not insisting that EMV become the global standard so UK merchants are put at risk every time they want to accept payment on cards which are not EMV smartcards, and UK card holders are put at risk because their stolen data can be used on cloned cards outside of the UK where swipe is still the default standard.
2. Point To Point Encryption (P2PE): the SSC states that the technology is at an “immature” stage. The reality is however, that there are solutions in the market today which fit the P2PE definition and which are PCI DSS certified.
Most UK merchants who process customer present transactions will be faced with PCI-PTS problems in 2012 because the (EMV) Chip and PIN solution they implemented in 2004/05 will not comply.
Indeed, anyone who has not replaced their PIN Entry Device (PED) estate from 2008 on will have this issue. Committing to a PED replacement (in terms of hardware and engineering to roll it out) is not an insignificant investment so you need to make the right decision and know what the costs are likely to be.
The cost of compliance
A key factor in this decision-making process would be whether to allow for P2PE solutions or not as the requirements on the PED are different to what we have in most merchant environments today and this has cost implications. Similarly, when looking at P2PE you need to consider whether the potential “simplification” of scope is worth the additional cost likely to be incurred when selecting a service provider to deliver the solution versus the continued cost of compliance in-house.
Reports over the past six months put UK merchant compliance at between 11 per cent and 25 per cent, so how do the 75 per cent or more decide on what is best for them?
One answer could be to wait for further PCI SSC guidance in 2011 but given the need to plan for PCI-PTS issues in 2012, is this really advisable?
The alternative is to look at solutions that simplify your PCI requirements in the meantime and we can help with this!
We’ve launched a new managed, secure, end-to-end payment service that’s designed specifically to help meet the PCI DSS compliance standard. To find out how it can help you call 0870 8506880 or visit www.btexpedite.com/managedpayments
Kevin Burns - PCI Specialist, BT Expedite
The Importance of Multi-Variant Testing
Every ecommerce manager dreams of the perfect website. One that’s effortlessly easy to use, with a phenomenal conversion rate and a huge email database. But the reality is there is always something you could tweak just a little bit, or that looks perfectly logical when it went through testing but is not working as well as you’d desired now that it’s live. Then there are the pages that have you scratching your head in bewilderment when you look at the stats.
This is where multivariate testing comes into its own. On paper, it’s a no brainer. So why do so few retailers do it?
I think one of the main reasons is time and lack of internal resource. But I also talk to so many retailers who simply do not know where to start. My advice to anyone would be that it does not have to be a huge revolution. In fact, quick wins can easily be had with small and subtle changes. The positioning, size and colour of an important button has more of an impact that you can have guessed.
Ten Handy Hints
If you’re thinking of setting up a multi-variate test programme for your website, here are ten handy hints to help:
1. Identify what you are trying to achieve. Is it an increase in conversion rate or a reduction in bounces? The definition is important…
2. Start small. Take one key page with significant visits and look at your calls to action. How can they be improved?
3. Don’t run too many variants at a time. You’ll just end up diluting your results
4. Remember conversion can go down as well as up. It may not be the result you were looking for, but it still adds insight to your website’s performance and future design.
5. Devise a strategy following test results. What are your next steps? It’s great to test, but don’t forget to use your learnings. Do you need to do a follow up test? Do you need to repeat the test on a different page?
6. Be pre-emptive as well as reactive. Upgrading your site? Why not try out those changes in a measured and analytical way before they go live?
7. Devise a testing plan. You have an email and online marketing calendar, so why not have a testing one. Even if it’s small, strategy is key.
8. Engage the business. We all know everyone has an opinion, put the internal debate to rest with proven results.
9. It doesn’t have to be expensive. With Google’s Optimizer tool, multi-variate testing is open to small and large business. There’s no excuse!
10.And finally, make the time. A testing strategy and campaign will pay for itself. If you can’t manage it in-house, consider outsourcing options.
About the Author: Posted by Justine on behalf of Laura Summers who heads up the BT Fresca Online Marketing team and manages online services for some of retail’s biggest and most successful UK websites. If you’re interested in outsourcing your multi-variate testing, drop Laura a line via [email protected] or call 0870 8506880.
We’ve many years experience in implementing payment systems as part of large EPOS projects and work on a daily basis with most of the major providers of both payment processing software and PIN Entry Devices (PED’s).
Traditionally, retailers asked us to integrate the payment process with our point of sale software. This had many advantages. Most importantly you eliminate the possibility of errors in rekeying the transaction amount, but retailers also got the added benefits of being able to reconcile the EPOS transaction log with the payments file and to use the card data a key for analysing customer data.
However, since the introduction of the PCI standards, we’ve been working hard with our clients to disentangle payments from as many of our clients business processes as we can. It’s simply not acceptable in today’s climate for shoppers’ card details to be retained in any enterprise systems.
Kevin Burns, our Solution Architect focussed on PCI and payments, has been running an open forum with experts from a number of leading retailers for the past three years. We’ve been meeting regularly to share best practice and map the way forward. Based on these discussions, we’re now firmly of the view that the retailers should be moving towards using a managed payment service to simplify their operation and compliance obligations.
Our managed payment service has the PED encrypting the card data and then talking to a secure data centre which houses the core processing engine and maintains secure connections with the acquiring banks. In store, the POS software just provides a small transaction file to the PED. The retailers’ HQ systems and infrastructure are not involved at all.
The managed payment service provides the retailer with all the necessary reporting for reconciliation purposes. The elegance of this outsourced model means that we can add additional features such as tokenisation (for CRM and detailed analysis purposes), tax-free shopping or dynamic currency conversion at the touch of a button, without needing a site visit.
To make things even easier, BT Expedite is offering a complete service around the payment product itself. We supply the PED’s (which you can buy or rent), project manage the roll-out and offer 4 hour engineer call out if there’s a problem. The service is also pre-accredited with most acquirers, which makes the deployment quick and painless.
We’re convinced that managed payments is the future but keen to hear if you disagree. The best place for conversation is by joining our PCI forum on LinkedIn. If you’re a retailer, click here to join.
Finally, a small word of warning. The managed payments service simplifies the in-store cardholder present transactions for PCI. It doesn’t remove the retailers’ responsibility for ensuring card data is correctly treated in the rest of their organisation….. but that’s another story.