Monday, November 29, 2010

Hamley's Goes Live with Sanderson Retail-J

Sanderson, the publically owned UK provider of software and services to the retail market, announced that its latest customer, Hamleys, has gone live with the Retail-J EPoS solution.

According to Sanderson, Hamleys, the iconic London based toy store has joined its Regent Street neighbours, Kurt Geiger and Jaeger, in becoming the third Regent Street retailer in a row to partner with Sanderson for the supply, installation and support of Retail-J. They join a further three retailers on the prestigious London street whose Retail-J system is also supplied by Sanderson.

Following the implementation across its ten UK and Ireland stores, Hamleys has been able to offer international customers enhanced service by offering "customer preferred currency" and tax-free shopping options. Hamleys are also considering the use of mobile PoS and giftcard functionality to help maximise sales and revenue.

David Oakley, Head of IT at Hamleys of London states that “Sanderson has worked hard to deliver the EPoS replacement project within the agreed timescales and we’ve been able to make use of our existing hardware which is cost-effective. The Sanderson team are very responsive and up-front about what can be achieved. The new system is already delivering tangible benefits.”

David Mahoney, Managing Director of Sanderson RBS concluded “We’re pleased to be working with Hamleys. They have a committed team and realistic goals, which allowed us to ensure the system was rolled out within two months of the pilot. They now have a future-proof solution that will support the business long-term.”

SOLSTICE Launches eComm Platform on Demandware

Demandware, Inc., a global leader in on-demand eCommerce, has announced that SOLSTICE, one of North America’s largest sunglass specialty retailers, is taking its first step into the eCommerce arena by launching its new online retail store on the Demandware Commerce platform.

As part of a long-term strategy to sell across multiple channels, SOLSTICE has developed a new standard for selling luxury eyewear online to reach a more style-conscious, digitally connected fan base. The new site mirrors the company’s upscale store design, combining clean sophisticated lines with the seasonal advertising campaigns from more than 40 luxury, designer and sport sunglass brands. The site replicates the luxury experience, yet presents customers with easy-to-navigate search options to make shopping easier.

The new site will be integrated with many of the top social networking sites. Customers will not only be able to send detailed product information and photos from the online store to their mobile devices using the latest mobile shopping technology. Combining ecommerce with social networking allows for instant uploading of favorite picks on Facebook, sharing new styles on Twitter, or simply sending a few selections via e-mail.

Thursday, November 25, 2010

Most UK Call Centres Not PCI-Compliant

In a surprising and dismaying development, CallCentreClinic reports that "New research from Connected World, leading provider of communication solutions for businesses today reveals that despite 36.7% of contact centres judging themselves to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the vast majority (89%) admitted to not understanding its requirements and penalties.

"Compounding further concern and reflecting a high level of disarray in the market, a third of all contact centre respondents (33%) claimed at best to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard's stringent requirements."

The survey included more than 200 contact centre decision makers in industries from retail and leisure to public service and finance. It was commissioned to mark the launch of Connected World's PCI TeleSafe's network-based telephony solution that protects customer account data and resolves a host of PCI-DSS compliance issues.

Tuesday, November 23, 2010

AllthingsAtoZ Goes Live on Magento, OrderMotion just went live with OrderMotion's Platform for SaaS-based campaign management and order processing, plus OrderMotion's Connector for Magento...check out the range of product-specific online stores. Very nice-looking site.

OrderMotion, a PCI Level One Service Provider, can integrate with a variety of eCommerce Websites as well as fulfillment warehouses, call centers, customer service centers, payment processors and media agencies, acting as a hub for real-time data consolidation. 

Consumers Want Better mCommerce Sites!

eMarketer notes: "More consumers than ever before plan to use their mobile phones to shop this holiday season, continuing to build up the m-commerce trend that is growing steadily among shoppers but only slowly among retailers. According to October 2010 research from mobile and social marketing consultancy Brand Anywhere and Luth Research, 51% of consumers say they are more likely to buy from retailers that have a mobile site. But fewer than 5% of retailers have such a site." 

Check out the stats at eMarketer. And see also "Three Mobile Campaign Mistakes Big Brands Make & How To Profit From Them" (Search Engine Land).

Monday, November 22, 2010

Europeans Ready for mCommerce

I tried to check something today at the Radio Shack Website using my Samsung Android phone, but alas, Radio Shack has not yet set up an mCommerce version, so navigating the site was a miserable experience. Get with the program!

According to a recent report commissioned by technology provider Akamai and conducted by analyst firm IDC, that's exactly what Europeans are gettting ready to do. Reviewing the report, Catalogue & eBusiness notes "at least one in ten of the European consumers surveyed had already used a mobile phone for retail search, price comparison or online purchasing, with a further 20 percent of respondents planning to do so in the 'short-term.' The second-most cited reason for shoppers using their mobile phones--after checking the status of an order--was searching for store locations, opening hours, and product availability. Receiving alerts about promotions offered by stores nearby ranked third."

The study was based on input from 1,500 consumers in France, the UK, Germany, Italy, Spain, and Sweden.  "When asked what the most influential factor was in their online purchasing decisions, 76 percent of Europeans said a website's ease of use. A close second, cited by 71 percent of respondents, was assurance of payment security, with the Spanish particularly concerned with security online," reports C&eB.

Tuesday, November 16, 2010

Mobile Site Search

If you are considering mobile-optimized sites, don't overloook mobile site search. Shaun Ryan, CEO of SLI Systems, a provider of eCommerce site search solutions that has just launched a mobile search option, spoke with Practical Ecommerce about this, starting with the question: "Why does an ecommerce site need special mobile-optimized site search." Here's his answer, and more Q&A.

How important is this? Well, just listen to Shaun: "If you go to Amazon, you'll notice that on its mobile site, it's dominated by the search." Need we say more?

MORE on mCommerce
See also the following:
"Merchant Shares Experiences with Mobile-Optimized Site"
Assessing mCommerce Performance
J.C. Penney makes a massive mobile push for the holidays
Study Shows Mcommerce Customer Experience Needs Improvement (Multichannel Merchant writes that "The E-tailing Group's First Annual Mobile Commerce Mystery Shopping Study, conducted in the third quarter, shows that merchants are doing some things right with mobile – but the overall experience needs improvement." Search and Gift-giving were major weaknesses.)
Journeys Shares Lessons Learned from Mobile Launch The highlights:
  • An order-by-phone link is important in m-commerce
  • mobile can be used to enhance the in-store experience
  • SMS works for an immediate call-to-action
  • Geo-social programs can drive store traffic
  • 23% of Journeys customers own a smart phone, so for this retailer, it makes sense to have a WAP-based mobile browser instead of apps

Monday, November 15, 2010

DotCMS Adds KonaKart Plug-In for WCM

dotCMS and KonaKart announced they have made the dotCMS/KonaKart plug-in available for general release by both organizations.

Earlier this year, the two companies announced a technical partnership to develop a Web Content Management (WCM)-driven eCommerce platform that merges shopping cart capabilities with a flexible and powerful WCM.

The plug-in wraps eCommerce functionality within the WCM templates, providing a common UI experience as a shopper moves from information-heavy pages to transactional pages. The plug-in also allows organizations to offer a comment function, product rating and cross-sell features on any transactional page – all out of the box.

The plug-in is the basis of the dotCMS ecommerce Accelerator: pre-built templates, structures and applications that are an expression of dotCMS’s and KonaKart’s insights into eCommerce and content presentation. The Accelerator represents the starting point for implementation, allowing enterprises to begin implementation with a running start instead of from a standstill.

“The lines between a great web experience and a transaction are quickly vanishing,” stated Will Ezell, CTO of dotCMS. “The integration between our two products allows our customers and prospects to deliver an uninterrupted experience for their site visitors, and in so doing increase their conversion rates.”

The eCommerce Accelerator will ship with dotCMS and above, and with KonaKart 5.0.0.x and above.

About dotCMS
dotCMS is an enterprise-grade, open source J2EE/Java Web Content Management System. The system allows those with moderate or limited technical capability to make massive changes in a site. This allows corporations, institutions and organizations to move at a quicker pace by removing the need for application development talent on the Web Team.

Among those who run on dotCMS Enterprise Edition include Toyota, Hospital Corporation of America, Thomson Reuters, University of Texas, Aquent, State of Ohio, and the Government of Quebec.

For more information go to or contact Lia Sacco at or 786.594.5276.

About KonaKart
KonaKart is an enterprise-grade, partly open source J2EE/Java eCommerce System that provides an extensive set of features to enable retailers to successfully sell their products over the internet. Key features include ease of integration, performance and reliability.

Customers who have chosen KonaKart include Audi, Sony, Tesco, O2, KYMP, GM, Regional German Government and Ferrero.

For more information go to or email

Maginus Launches Interactive Online Game

Maginus, a leading UK-based multichannel order management Dynamics/AX solutions suite, has launched a new viral campaign today called "the Channel Connect Game."

Designed to increase awareness of the Maginus platform, high scorers at the end of each week win a cute little "My Genius" doll (see left).

Maginus provides a range of software and technology solutions that meet a wide spectrum of business management needs in a single integrated environment. Their core solution areas – Microsoft Dynamics AX, e-Commerce, POS,  Managed Services and  ERP – are all scalable, adaptable and highly functional to meet the specialised needs of multi-channel retailers and distributors.

Wednesday, November 10, 2010

Royal Mail Testing Evening Package Deliveries

The BBC reports that the UK's Royal Mail is launching a trial of evening deliveries for customers in south-east England. The six-month pilot will apply to anyone living within the greater London M25 motorway (i.e., all of metropolitan London) who shops with House of Fraser or beauty chain L'Occitane.

Customers of those two retailers will be able to ask for items to be delivered by Royal Mail between 6pm and 10pm.

A recent study by Royal Mail found that 58% of people would do more of their shopping online if they could choose more flexible delivery options. Royal Mail is reportedly in talks with other retailers about the possibility of joining the trial.

Royal Mail Director Mike Brown told the BBC: "Consumers increasingly want more control over when and where they receive their orders, and Royal Mail is looking to fit the online delivery experience around the shopper, enabling them to select, rather than being told, when their goods will be delivered."

BrandAlley UK Launches New Concept: "The Lab"

November 2010 sees BrandAlley UK strengthen its position as a market leader with the launch of its revamped Website, brand identity and the announcement of new strategy, code-named "The Lab."

An evolution of the "Little Black Dress" project which saw BrandAlley produce 10 limited edition dresses from up-and coming-designers, 'The Lab' will act as a melting pot for editorial and creative content, product and social networking, creating a space for open dialogue between key opinion formers, established and emerging designers and lovers of fashion.

"The Lab," an international initiative between BrandAlley France and BrandAlley UK, will give members the opportunity to voice their opinion on brands, new product categories and vote for up and coming designer products that will lead to the creation of further BrandAlley Bespoke collections.

 CEO BrandAlley UK Rob Feldmann says "Our aim is for 'The Lab' to become an exchange of ideas, an open dialogue that brings us closer to our members. It will create a community of participants; from simple feedback on favourite brands to discovering new talent, our members will play a pivotal role in the world of fashion, design and the development of our business. We look forward to seeing the power of crowd sourcing and opinion through our members and being an even more supportive partner to designers and brands."

Chairman BrandAlley Sven Lung says: "Crowd Sourcing is set to become a major buying tool in the fashion industry that will help define new trends and support up-and-coming designers. As the number one player in the private sales business in England and with more then EUR100m turnover as a group, BrandAlley is well positioned to take advantage of this initiative that will change the face of fashion."

BrandAlley UK launched in February 2008 and is an online brand emporium offering its members up to 80% off designer fashion, beauty and homeware through 4-5 day flash sales on - for "the non-stop designer lifestyle"

DemandWare's On-Demand Pricing Model

Demandware, Inc, a major on-demand eCommerce vendor, has new pricing that makes it possible for retailers and brands that are in the early stages of eCommerce to deploy the full capabilities of its enterprise-class platform, including Web, mobile and call center applications, starting at $60,000 annually.

The new offering includes all of the capabilities of Demandware’s on-demand eCommerce platform, including  merchandising and development tools that allow retailers to build highly branded consumer experiences. It aso supports mobile, social, multiple-branded sites, international expansion and more.

Users can also take advantage of the DemandWare LINK partnerships to provide a wide spectrum of useful, sales-generating, customer-focused eCommerce ad-ons (see blog entry: Demandware LINK Integrates Key 3rd-Party eCommerce Modules). 

Certified DemandWare partners, including Fluid, Gproxy Design, Ignition Commerce, Lyons Consulting Group, SysIQ and Tachyon Solutions, will provide ongoing operational support and business services, including strategy, creative design, implementation, marketing and merchandising. 

More information on the advantages of this offering can be found at

Square Mobile C.C. Processor Goes Live

Square, the mobile credit card payment system from Twitter co-founder Jack Dorsey, unveiled last December, has developed apps for the iPad, Android and iPhone. PayPal and Slide veteran Keith Rabois is General Manager.

Finally out of its beta testing phase, Square is now processing millions of dollars in mobile transactions every week, according to TechCrunch. Small businesses, independent workers, and merchants comprise most of Square’s rapidly growing user base. Of the roughly 30 million US merchants who make less than $100,000 per year, only six million are currently accept credit cards. The remainder, or 24 million businesses, are all potential Square customers looking for a low-cost and simple way to process credit cards.

The technology only requires its tiny credit card scanner that fits into your audio jack and Square’s app. The device and the software are free, but Square takes a small percentage of each transaction (2.75% plus 15 cents for swiped transactions).

Mrchants have to qualify for the app, but Square’s qualification rules are more relaxed than those of standard credit card processors. There are no initiation fees or monthly minimums, and when merchants apply for a reader, Square doesn’t just focus on a credit check but also takes into account the influence a company holds on Yelp, Twitter or Facebook.

“We are getting an email per day from interested investors and there are certainly lots of interesting things one could do with more capital,” Rabois told TechCrunch.

Tuesday, November 09, 2010

Gift Card Restrictions Summarized

The Credit Card Accountability, Responsibility and Disclosure Act enacted last year imposed new restrictions on gift cards that are designed to make them more consumer-friendly, reports USA Today.

Under the CARD Act, gift cards sold after Aug. 22, 2010, can't expire in less than five years. The law also bars issuers from charging an inactivity fee unless the card has been dormant for at least 12 months. In the past, some gift card issuers deducted inactivity fees after just 30 days. Issuers are also barred from charging a fee to replace a lost or stolen card.

While the Act offers some relief to gift card recipients, the purchasers may still have to pay purchase fees to the issuers, typically ranging from $3.95 to $6.95 per card for general issue cards (although most retailers and restaurants don't charge a fee for their own gift cards and may even offer an incentive to the buyer).

The CARD Act mandates that all gift card issuers must provide specific information on the back of their cards, including fees, expiration dates and a toll-free number by January 31, 2011. Had the date been any earlier, "the gift card industry would have been forced to destroy more than 100 million gift cards," notes USAToday, since it takes about six months to produce gift cards, making it impossible for card manufacturers to fill retailers' orders in time for the holidays.

The CARD Act doesn't include any provisions protecting gift card holders if the issuer goes bankrupt. Anb the  restrictions on expiration dates and fees don't apply to rebate, loyalty or promotional cards, or to paper gift cards and gift certificates.

Monday, November 08, 2010

DemandWare Offers mCommerce Platform

Woburn-based eCommerce software provider Demandware Inc. debuted Demandware Mobile today to take the functionality and operational benefits of Demandware’s web-based eCommerce platform to the mobile channel.

Demandware Mobile easily integrates with a brand’s existing eCommerce platform and is, according to the vendor, "The first browser-agnostic ecommerce option for mobile storefronts," including iPhone, Android, Blackberry, Windows Mobile, Symbian and others, and maintain data consistency across multiple channels.

Demandware Mobile enables personalized content on a mobile site through DemandWare's Active Merchandising functionality. This feature drives dynamic customer interactions by enabling retailers to present personalized content and promotions to mobile consumers. Key functionality also includes a robust product catalog, flexible price books, comprehensive promotions, optimized mobile checkout, dynamic content slots, configurable site search, security, and data integration.

Customers are accessing our mobile site for essentials such as product information, pricing, and availability while they are watching television, which requires tight data synchronization between our mobile site, website and TV network," said Craig Shields, vice president of ecommerce, Jewelry Television. “In a short timeframe, we developed a feature-rich mobile web storefront on Demandware that made it extremely easy for us to capture this engaged and growing mobile population.”

“Given its rapid adoption, mobile has to be a core part of retailers’ overall commerce strategy and they need an enterprise-class solution to support this critical, fast-growing channel,” said Jamus Driscoll, vice president of marketing for Demandware. “Demandware Mobile can be used by any retailer to deliver rich, branded mobile shopping experiences, regardless of their existing ecommerce platform. Of course, we prefer that all retailers use Demandware for both ecommerce and mobile commerce, but now retailers who are locked into platforms such as ATG, WebSphere and others, can leverage the robust functionality and operational benefits of Demandware for the mobile channel.”

Say Cheryl Morris of BosInnovation, "with nods to the rich experiences offered by HTML5 and 4G in DemandWare's whitepaper “Critical Success Factors for Mobile Commerce,” it seems we can expect more announcements from Demandware in the future.

Sunday, November 07, 2010

FedEx, UPS Dim-Weight Form Factor To Increase

MultiChannel Merchant reports that effective Jan. 3, FedEx and UPS will change the Dimensional Weight form factor will change from 194 to 166 for Ground and Air packages that are 3 cubic feet (5,184 cubic inches) or larger for shipments within the U.S., and from 166 to 139 for International Ground shipments to Canada.

Dimensional weight is calculated by multiplying the length by width by height of each package in inches and dividing the total by form factor.

Many shippers are contacting their carrier reps to negotiate the new factor to something greater than 166, Rob Martinez, CEO of Transult, told the magazine. Several will try to “grandfather” the current dimensional-weight factor into the next term of the pricing agreement, he says. And some shippers will redesign their corrugated packaging and packing configurations to try to reduce dimensional weight.

Friday, November 05, 2010

Tokenization and Encryption Solutions

RSA, the Security Division of EMC, has announced its RSA Data Protection Manager to provide comprehensive application data protection capabilities that combine tokenization and application encryption, two popular application-based controls, with advanced token and key management to deliver end-to-end data security.

By protecting data at the source, within the application that’s creating or using it, RSA's product helps ensure seamless data protection throughout the information lifecycle.

"The majority of on-line data breaches happen within the server or application, so mitigating this risk is critical for overall data protection," said Jon Oltsik, principal analyst, Enterprise Strategy Group. "Application-based data security provides a high-level of protection because data is protected at the point of capture and then remains protected throughout its lifecycle. Application-based encryption and tokenization can be quite effective for this type of data security."

"Compliance and key management continue to burden our customers," said Dan Schiappa, senior vice president, Products, RSA, The Security Division of EMC. "They want to protect all of their sensitive data using a robust protection method like encryption, but also want to limit the impact on compliance and environment changes by using a cost-effective solution like tokenization. Combining encryption, tokenization, and key management in the same product provides flexibility and reduces management overhead."

Tokenized values maintain their original format, which limits the deployment impact while still providing a high level of protection. In addition, tokens can maintain certain portions of the original data (i.e., the last four digits of a social security number) so other applications can potentially make business use of tokens without ever having access to the real information.

RSA said the Data Protection Manager targets larger merchants who don't want to use a third-party provider for tokenization services. DPM does not require a professional services team to implement, but RSA said it frequently gets requests to tune the DPM server for performance. "A hardware appliance is also available for enterprise key management use cases, which makes for easier deployment with customer resources," RSA said.

RSA also offers a point-to-point encryption and tokenization service with payment processor First Data Corp., an option that may be popular with small and midsized merchants attempting to reduce the scope of PCI DSS by moving all payment data out of company systems. RSA has a similar arrangement with San Jose, Calif-based point-of-sale systems vendor, VeriFone Systems Inc., incorporating tokenization and encryption into VeriFone's secure payment systems software (see "VeriFone, RSA to Offer End-to-End Payment Card Security Service").

Also offering off-the-shelf tokenization/encryption software are Protegrity Corp. and Voltage Security Inc., which offer format-preserving encryption, something RSA does not do (although it does do it for tokenization). This allows you to keep the same format as the unencrypted data, such as a credit card number string. In addition, nuBridges offers nuBridges Protect, an integrated encryption, tokenization, key management and logging solution. nuBridges Protect supports field, file and database level encryption.

Wednesday, November 03, 2010

Guest Editorial: Oracle Acquires ATG

By Jamus Driscoll, Vice President of Marketing, DemandWare [we thank DemandWare for permission to publish this blog entry in its entirety]

The day that we’ve forecasted has arrived. It’s consolidation season and the online commerce world is aflutter again. This time with news that Oracle is buying ATG for $1 Billion. For most of the day yesterday I was asked to share our thoughts on the news and what it means for Demandware.

To address all the questions, I thought I would take a moment to share some of our first reactions to this news with everyone. Here it goes… 

Good for ATG! 
As one of the early pioneering companies in ecommerce, ATG helped to build an industry that is now fundamentally changing retail and how brands engage with consumers. ATG’s history is in many ways a history of ecommerce itself. From the early days with its Dynamo App Server, ATG’s product evolved into the platform it is today - improving business functionality as the evolution of eCommerce increasingly left the technology side of the house and became the domain of merchants.

As a veteran/survivor/addict to early stage technology companies, I know how much sweat, passion and conviction (often in the face of incredible market doubt) it must have taken to build a company like that and so I have tremendous respect for what they have achieved. Good for you guys. And thank you.

Good for the industry
For years, the ecommerce grapevine brought whispers of this match. It was on-again, off-again, but the constant of the pairing was always there. It makes sense. ATG is written in JAVA and Fusion-friendly and Oracle had made such a strategic bet with Retail that not having a credible eCommerce platform made the whole multi-channel story a bit, shall we say, suspect? So I wasn’t so much struck by the match as I was by the valuation - $1 Billion.

Given ATGs market cap, that’s around a 40 percent premium on yesterday’s market cap. In the world of corporate acquisitions, that may not be a gaudy exit, but it’s certainly hearty. And that’s good for everyone in eCommerce. Why? Because the transaction speaks volumes for how eCommerce is being valued by retailers and apparently also to software giants like Oracle. This bodes well for everyone in the industry - vendors and practitioners alike.

So what does this mean to Demandware?
Ultimately it comes down to this…In our view, while this is great validation for the industry, this acquisition does nothing to change Demandware’s belief that software alone is not the answer and that the future is still on demand.

With software, merchants still need to operate, maintain, upgrade, customize, secure and support it. They need to feed, care and worry about it. But the funny thing is that all the merchants really need (and the merchants ultimately run the business) is to be able to differentiate the brand and sell more product to consumers.

These are very exciting times. As one of the eCommerce leaders shaping the future of this space, we are very interested in see how this acquisition all plays out in the coming months.

How about you? What are your thoughts on this acquisition and what it means for eCommerce?

LoopFuse Announces OneView Marketing Automation Platform

eWeek reports that sales and marketing automation specialist LoopFuse has released OneView v3.28, a marketing automation platform aimed at small to medium-sized businesses, featuring inbound, content, and search engine marketing to enable marketers to analyze Website traffic in real-time, providing insight into which marketing programs are driving qualified leads to the Website.

"Similar to Google Analytics, OneView now offers real-time Web analytics that reveal who is linking to the Website’s marketing content articles. It also tracks how many visitors have accessed content from a specific source or referrering Website, as well as where visitors navigate to, after arriving from a particular referring site. In addition, OneView now provides insight into the keywords used to find the Web site across 12 supported search engines.

"Dashboards provide a real-time view across a company’s sales and marketing activities, including information on touchpoints with prospects, companies, customer relationship management (CRM) leads, and CRM contacts, as well as email marketing open and click rates and the number of leads created per hour within the CRM.

"Lead capture forms integrate with current Web site forms, allowing users to automate the process of capturing, funneling (in to the CRM), and qualifying leads. A Lead Nurturing feature automates the process of qualifying prospects in to leads or keeping existing customers' attention. The company said OneView's Lead Nurturing module is capable of analyzing all touchpoints with a particular prospect; Web site activity, contact information, email activity, and even real-time integration with the CRM."

Monday, November 01, 2010

Teradata Offers Integrated Web Intelligence

Most organizations have mechanisms in place to track their customers’ online and offline behaviors. But, historically, integrating Web data and traditional business data has been difficult, so many companies are not currently set up to track and analyze customer behaviors between channels. Accordingly, these organizations have enormous blind spots when they try to determine the efficacy of marketing campaigns in either channel or hone their communication plans and strategies.

To help remove these blind spots, Teradata has formed partnerships with Webtrends, a top Web analytics consulting firm, and Speed-Trap, a specialty Web data extract, transform and load (ETL) solution provider, to offer an easy, effective way to integrate Web data in the warehouse.

These partnerships enable integrated data that companies can use to analyze trends and customer behaviors across online and offline channels:

Webtrends, a global leader in Web analytics, provides a broad suite of reporting and analytics tools to capture and analyze Web data. With the purpose-built adapter offered by Teradata, data is transferred from the Webtrends server to the data warehouse. Technical support and expertise is jointly provided by Teradata and Webtrends to ensure the adapter’s successful implementation and ongoing optimization.

Speed-Trap is a unique software provider that offers a product that uses Web 2.0 technology to capture traditional and non-traditional Web data. These include HTML, flash, and data from a variety of interfaces, such as mobile phones, personal digital assistants and gaming consoles. With Speed-Trap, companies can track all the interactions of a Website visitor from the individual’s own browser and transfer the data, in near real time, to the data warehouse for detailed analytics.

Working with Teradata, these partners and others are part of an expanding, Web-focused ecosystem of solutions. Together, the various components enable customers to quickly and easily access information that was previously unavailable or extremely difficult and time-consuming to access.

In addition to Webtrends, Teradata has also developed adapters for other Web analytics vendors such as Omniture, Coremetrics and Google Analytics, as well as for search engines like Google, MSN and Yahoo, to bring valuable Web behavior data into the warehouse. In addition, Teradata is reaching out to other innovative software companies to offer new ways to capture data from the ever-growing number of online sources, including social networking and advertising sites.

SAS Offers Two New Hosted Services

Doug Henschen reports in InformationWeek that SAS has added two new hosted services to its portfolio of customer analytics aimed at mining online interactions.

The first is the SAS Conversation Center, an add-on module for driving customer engagement on social media networks such as Twitter and Facebook. "SAS had already announced a Social Media Analytics service last April, but feedback from the handful of customers implementing that service led to the optional Conversation Center module announced last week."

 "Social Media Analytics didn't address how you engage people in the social media space once you've identified relevant comments, so we came up with the Conversation Center," explained John Bastone, SAS's customer intelligence strategist.

Debuting in January, Conversation Center will start with comments spotted by the Social Media Analytics service and prioritize them based on their influence, such as the numbers of followers and retweets on Twitter. The module will also route comments to appropriate response queues.

(Henschen also reports in Intelligent Enterprise that "SAS is far from alone in addressing sentiment analysis. Attensity and Verint are among a handful of vendors now spotting and speeding responses to Tweets, Facebook posts, blogs and other forms of social network feedback. Both companies recently announced software that blends sentiment analysis with CRM applications. Verint's Impact 360 Text Analysis application was developed in partnership with Clarabridge, a head-on competitor to SAS in sentiment analysis.")

The second new service is SAS's Customer Experience Analytics, an application that  was formerly a user-hosted offering. CEA mines the detail of Web sessions and matches Web analytics, such as page navigation and campaign response, against known customer records and customer segments, such as loyal and high-value customers.  
Henschen notes that SAS works with the Speed-Trap data capture service to collect raw session data. "In the on-premise version of Customer Experience Analytics, the captured data is stored and compared to behavioral data behind the customer's firewall. SAS says it came up with the hosted service announced last week because many customers don't want to have to manage yet another data warehouse. In this scenario, customer behavior and segmentation data is sent to SAS for analysis against Web navigation data."

"Many of the larger companies we work with don't have a problem sending us customer behavioral data in a secure way," Bastone said. "They would much rather gain the convenience of getting up and running within a couple of weeks."

PCI and Tokenization, Standards, and Log Management

Mike Vizard notes on ITBusinessEdge that Protegrity claims to have the fastest, most distributed tokenization architecture for secure credit card data management. At the same time, virtualization vendors HyTrust, VMware, Cisco, Savvis and Coalfire have announced that they are working on a reference architecture for deploying PCI DSS 2.0-compliant systems on top of virtual servers, which HyTrust CTO Hemma Prafullchandra said is a deployment model that is now officially supported in the PCI DSS standard.

Ulf Mattsson, CTO, Protegrity, notes that chief security and compliance officers also need to consider the following issues:
  • Interoperability: Encryption algorithms, FIPS 140 equipment and key management solutions that are based on industry standards will be necessary to facilitate the sharing of sensitive information across the different stakeholders in the complete payments process, but standardization will require a central body to initiate and arbitrate trust between participating organizations and individuals. This could offer a great opportunity for an established player within the payments ecosystem (retailer, payment processor or vendor) to lead the way.
  • Protect the card:  The beginning of a comprehensive end-to-end solution must always start with protecting the card. Approaches such as EMV smartcards, for example, remove the payment processor from the equation by giving the merchant a direct relationship with the issuing bank. The challenge is that approaches like this need to have wider adoption to make a sustained difference.
  • Tokenizing to reduce audit costs and risk:  Tokenization is an emerging data security method that is closely related to encryption, but instead of encrypting the data in a reversible fashion, tokenization assigns a value that is only associated with the "real" data in a well-protected lookup table. "As merchants and credit card processors continue to struggle with securing cardholder data, many of them are increasingly using this approach to help reduce the scope of their risks. With the allure of easier deployment and smoother interaction with applications, tokenization's biggest draw is the fact it can dramatically reduce the need for costly PCI audits."
"Taking into consideration these factors, I don't see one silver bullet to answer the payment industry's data security problems. Rather, a combination of changes needs to happen that focus on safeguarding data in every part of the payments data flow." Vizard concludes that "the best thing about the new specification is that it calls for a risk-based approach to credit card security, which is code for telling people they need to rank their risks and apply levels of security rationally from there. What that really means is that when it comes to PCI DSS, don’t let the requirements drive you crazy."

Finally, Brian Prince notes in eWeek that the changes in the Data Security Standards taking effect in January focus on Log Management. He quotes Bob Russo, general manager of the PCI Security Standards Council: "If you don’t use a centralized logging facility then your guys have got to look in more places, and chances are if [they] have to look in more than one’ll wind up missing some of this stuff," he said, adding it is a "proven fact that every time we find a breach, it’s always found in the log.” [my emphasis]

Validation against the previous versions of the standards (1.2.1) will be allowed until Dec. 31, 2011 to give organizations time to implement the latest incremental changes. From Jan. 1, 2012 onward, all assessments must be under version 2.0 of the standards.

PS - Gary Palgon, VP Product Management, nuBridges writes: "While the new PCI Data Security Standard 2.0 (PCI DSS) and the Payment Application Data Security Standard 2.0 (PA-DSS) have been released along with the recently issued supplemental guidance documents, 'PCI DSS Applicability in an EMV [EuroPay, MasterCard, and VISA] Environment' and 'Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance' many organizations are now waiting for the subsequent “validation” documents that will eventually accompany this recent guidance.  At the same time, the merchant community is eager for the guidance to be released from the PCI Security Standards Council about tokenization, tentatively scheduled for late November." Palgon leads the Tokenization Working Group within the Scoping Special Interest Group (SIG) and they’ve made great progress in pulling together the beginning of a “tokenization standard,” which will not only help the PCI community, but also those companies wishing to use tokenization beyond just cardholder data, like PII, PHI and other evolving requirements.

Aria Offers Universal Payment Token

Aria Systems, Inc., a leading provider of cloud billing and subscription management solutions, today announced the Aria Universal Payment Token, an option for merchants facing new requirements in the next version of the Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS 2.0.

Offered as part of the Aria Billing and Subscription Management Platform, the Aria Universal Payment Token gives online merchants the flexibility to change payment processors without causing customer churn. The Aria platform’s cloud-based delivery model also provides an outsourced alternative for merchants looking to avoid the cost and risk associated with achieving internal PCI DSS compliance.

Payment Processor Lock-in and Customer Churn
Typical SaaS-based billing and payment solutions rely on a technique known as “tokenization” to enable secure, recurring payment card transactions over the internet. Tokenization works by replacing entered cardholder data with a surrogate “token”, a unique ID that can be stored and then reused with a given payment processor, which in turn enables merchants to avoid having to store cardholder data.

This approach lacks open standards for tokenization across different payment processors, leaving merchants “locked in” to a given payment processor. If a processor raises its fees, or another offers superior service, merchants are unable to switch without forcing their customers to re-enter their payment card information, a process that creates significant potential for customer churn.

Outsourcing Compliance to Avoid High Fees, Customer Churn and PCI Challenges
The Aria Universal Payment Token approach securely encrypts cardholder data without relying on a payment processor-specific token. Merchants can easily move between payment processors for better services or lower fees without having to recapture all of their clients’ payment card information. In doing so, merchants save money and get better service, while avoiding unnecessary customer churn.

In addition to the challenges with vendor processor lock-in, merchants are struggling with the costs and complexity associated with PCI compliance. Leading analyst firms have estimated million-dollar costs for many merchants to achieve PCI DSS Level 1 compliance, due to the technology, process controls, security infrastructure and mandatory periodic audits required. Aria Systems offers a much faster, less expensive alternative by using Aria’s cloud-based delivery model as a means to outsource the risk and complexity of compliance, with complete support for a wide range of monetization models that blend one-time, recurring subscription fees, usage-based charges as well as virtual goods and currencies.

“A vendor-neutral, universal approach is the best way for payment card tokenization to be flexible and cost-effective. Aria Systems would like to see the payment card industry create open standards in the future to prevent vendor lock-in and lower costs for customers,” said Ed Sullivan, Founder and Chairman at Aria Systems. “Fortunately, with the addition of the Aria Universal Payment Token to our Aria Billing and Subscription Management Platform, merchants now have a secure, low-cost way to outsource PCI DSS compliance and avoid processor lock-in, excessive processing fees and customer churn.”

VeriFone, RSA to Offer End-to-End Payment Card Security Service

VeriFone Systems, Inc. and RSA, The Security Division of EMC, have announced a strategic partnership to market their end-to-end encryption and tokenization solutions as an integrated payment security offering to be branded VeriShield Total Protect.

When implemented, VeriShield Total Protect will use industry-proven security technology and leverage electronic payment systems deployed in the majority of merchants world-wide to provide a consistent, consolidated approach to protecting payment card data from end-to-end, both pre- and post-authorization.

“Merchants have had to navigate among a variety of technical offerings in order to protect customers and meet compliance requirements for credit card transactions,” said VeriFone CEO Douglas G. Bergeron. “RSA and VeriFone are combining to solve this problem and let merchants focus on meeting customer needs, not mastering security protocols.”

In addition to proven technology, the goal of the strategic partnership is to bring extensive implementation and business enablement resources to processors to ensure successful deployment of the service within their infrastructure and sales channels. This will ensure broad availability and a deployment model that offers the greatest degree of risk reduction and PCI DSS scope reduction.

Processors will market the solution to merchants as a means to reduce cost and effort associated with PCI compliance, gain new abilities to safely use transaction data to support customer analytics, and drastically reduce their overall risk profile. VeriFone’s VeriShield Hidden Encryption (VHE) preserves both data format and data field structure, so end-to-end encryption can be implemented without major retrofit with existing retailer POS systems. Elements of RSA’s SafeProxy™ architecture tokenize card data for safe storage and use by merchants post-authorization.

VeriFone will be offering VHE algorithms royalty-free to any point-of-sale producer interested in offering their customers compatibility with VeriShield Total Protect.

About RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

About VeriFone
VeriFone provides expertise, solutions, and services to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets.  
Web Analytics