Friday, April 30, 2010

UnsubCentral Launches Online Ad Preference Service

Spam compliance company UnsubCentral is launching a new tool that marketers can use to let Web visitors choose the kinds of ads they want to receive, and even whether they want to see ads at all. Dubbed "PreferenceCentral," the service is part of an effort by the advertising and marketing industries to convince lawmakers they can keep online consumers informed on behavioral advertising without new laws.

The program is designed to work in conjunction with behavioral targeting icons, which will carry metadata that includes information about the advertiser and links to the company.

According to Online Media Daily, PreferenceCentral Privacy Officer Steven Vine said "the company developed the tool in response to requests of clients that use UnsubCentral to ensure their email lists comply with the federal Can-Spam law.

"Vine says that companies will be able to integrate the platform with the online networks that serve behaviorally targeted ads. Consumers also will be able to sign in and create ad preference profiles under their own names, or will be able to have information stored on cookies that aren't associated with their names.

"UnsubCentral's new offering comes as an increasing number of companies are allowing consumers to manage their online marketing profiles. Last year, Google introduced Ads Preference Manager, which lets people edit the interest areas Google associates with their cookies [or opt out of ads altogether, although only 1 in 15 do, according to Fast Company]. Yahoo and BlueKai also allow consumers to edit their ad preferences, and mobile ad network JumpTap will do so by the end of June."

Data Leaks, Data Sharing, and Data Breaches

Evan Schuman, Editor of StorefrontBacktalk, has some interesting comments about Albert Gonzales, the ringleader behind the data breach at Heartland Payment Systems, who was recently sentenced to up to 25 years in jail.

"Part of what amazed prosecutors in this case," says Schuman, "was how the thieves could divert so much data out of a system without it being noticed. That particular problem is getting even more complicated by the soaring number of outsourced services that are constantly grabbing data off of retail servers.

"The plethora of data departures include updated information leaving to fuel mobile sites and services that handle customer comments, product shipments and purchases being processed locally on social sites. One side effect of all of those communications is that improper data transfers are obscured. Administrators have chased down so many such data exchanges and learned of yet another partner altering its procedures that a clever piece of malware could easily escape detection, if it doesn’t get too greedy.

"[Kim] Peretti [,senior counsel in the U.S. Department of Justice’s Computer Crime Section who oversaw this case,] fears, though, that the next generation of Gonzalezes will likely target smaller and midsize retailers, which ostensibly have less stringent security and probably watch their event logs even less often than their larger competitors. Still, with less going on, even a small errant data transmission might stand out more at a smaller merchant."
Merchants beware! And remember: PCI-compliance requires constant vigilence!

Stone Edge User Group Meeting

I attended the Stone Edge User Group Conference last week at the Sheraton Society Hill in Philadelphia. They hosted a sell-out crowd of 150+ attendees from 92 companies, all of whom were enthusiastic about the meeting. 

The first copy of the Stone Edge Order Manager was sold on February 16, 2000. In the years since then, the Order Manager has grown from a simple Access-based system for importing orders and printing invoices and packing slips into a complete SQL/Server system (for the Enterprise Edition) for managing small-to-medium eCommerce and general retail businesses.

In ten years, Stone Edge has sold the Order Manager to more than 2,500 merchants, making it one of the best-selling order management systems on the market today. “Most of our users are still small companies that ship 10 to 500 orders per day,” said Barney Stone, founder and president of Stone Edge Technologies, Inc. “But as we have grown over the years, so have many of our clients, and in 2009 we had eleven users in the Internet Retailer Top 500, with some of them shipping four to five thousand orders per day.” 

Stone pointed out that pricing for the only order management systems used by more of the Top 500 merchants is in the $250,000 to $500,000 range, versus $6,000 for the Enterprise Edition of the Stone Edge Order Manager ($1,995 for the Standard Version), with no recurring fees other than optional annual maintenance contracts. “That makes us an incredibly economical alternative for growing businesses,” he said.

The Order Manager is compatible with over 40 Internet shopping carts and other sales channels.  Development on the Order Manager is on-going, with a backlog of more than 800 feature requests from users (not unusual for system vendors who are committed to evolving their solutions in an orderly fashion). 

Version 6.0 of Order Manager is PA-DSS compliant, using tokenization in lieu of storing credit card numbers. It will also support a broader number of processing gateways.

In addition, Vers. 6 (Enterprise Edition) will have a new warehouse management module, advanced e-mail management, more USB support for POS terminals (and encrypted USB card swipers), and vendor and merchant quantity-on-hand tracking. They are scheduled to have formal Return to Vendor functions by the end of the year.

Down the road, the Order Manager will have a set of user-programmable APIs, allowing users to fine-tune the system to meet their specific needs.

Other speakers at the meeting included Michael Ober, Sr. Manager, Merchant Development, at Yahoo; Marty Wesley, Director of Product Marketing at Bronto (e-mail marketing analytics and automation); Gordon Jennings of; Marlin Harris of eMerchant; Wing Ng of DYMO Endicia; and Nathan Focht, President, CommerceV3, an eCommerce Stone Edge partner.

User case studies provided an in-depth look at some of the many ways that Stone Edge has been deployed, including methods for saving users money in managing their operations.

There was also a "Training Track" for new users, and even some prospective system users were in attendance to become more familiar with Order Manager. That's always a good move on the part of a vendor -- to include prospects at User Group meetings -- but one that many vendors, unfortunately, are reluctant to take.

You can download many of the presentations from the conference at the Stone Edge Website.

Data Tokenization Vendors

I am aware of the following vendors for tokenization/data security management to protect credit cards for PCI-DSS compliance. Please submit additional vendor suggestions in the Comments for this blog entry. The vendors can provide data encryption services as well, but the ability to manage tokenization is the key thing here. Thanks!

Aladdin (eToken)
RSA (The Security Division of EMC) 

From the "Comments" section below:
Shift4 Corporation (which coined the term "tokenization")
XiSecure On-Demand (Paymetric)
Electronic Payment Exchange (EPX)

Sterling Adds nuBridges Token Manager for PA-DSS Compliance

nuBridges has announced that Sterling Commerce, an AT&T company, has added support for nuBridges Protect™ Token Manager into its Sterling Selling and Fulfillment Suite, a direct commerce order management and fulfillment solution. Adding this support enables the company’s customers to reduce corporate risk due to security breaches and to meet Payment Card Industry Data Security Standard (PCI DSS) requirements.

Available now in Sterling Selling and Fulfillment 9.0, these capabilities also enable the solution to meet Visa’s fifth Payment Application Data Security Standard (PA-DSS) security mandate requiring all merchants to use a PA-DSS compliant solution before the deadline of July 1, 2010.
“Tokenization is rapidly gaining traction with companies that want to reduce the high costs of PCI DSS compliance and audits, and also the risks that come with collecting and storing large volumes of consumer information”
nuBridges Protect Token Manager, the company’s "Format Preserving Tokenization™" solution, enables Sterling Selling and Fulfillment Suite to use tokens in place of credit card numbers in order to protect consumer data, reduce scope for PCI DSS audits, and to reduce corporate risk due to security breaches.

“The popularity of Sterling Selling and Fulfillment Suite in the retail industry is growing dramatically as retailers look for ways to optimize their cross-channel selling and fulfillment operations,” said Jim Bengier, global industry executive, Retail, at Sterling Commerce. “Delivering the highest levels of security has always been paramount, especially as we add new mobile apps as access points to the Suite. Adding security capabilities such as those offered by nuBridges enables us to meet our customers’ strictest security requirements.”

Sterling Selling and Fulfillment Suite is a comprehensive solution for a seamless customer experience across all channels, including in-store, online, catalog, call center and mobile. The suite allows companies to present a tailored buying experience in all the ways they sell—Web, call center, store and field sales—and provides control over the entire fulfillment lifecycle, including order management, transportation and delivery to supply management, returns and settlement. The company also recently launched mobile applications that extend the order and transportation management capabilities of Sterling Selling and Fulfillment Suite to a mobile device.

Paymentech and Kount Partner for Fraud Prevention

Chase Paymentech, a leading merchant acquirer and payment processor, and Kount, a Boise, Idaho-based company that specializes in card-not-present (CNP) fraud prevention, have announced an agreement to offer a comprehensive suite of fraud detection, management and prevention tools for merchants.
Chase Paymentech processes a significant share of global CNP payments, in a wide variety of payment methods, and authorizes transactions in more than 130 currencies. Its expertise and fault tolerant infrastructure, paired with Kount’s advanced fraud prevention technology, introduce a new class of fraud management tools to significantly improve the reliability and security of card-not-present transactions with the ability to provide merchants with a real-time fraud score at the time of bank authorization. This benefit, coupled with "dynamic order linking," "device fingerprinting," "proxy piercing" and other Kount capabilities will allow merchants to accurately detect and reject a significantly higher percentage of fraudulent orders, saving merchants costly chargeback fees and fines associated with fraud. 

“This alliance underscores our commitment to provide merchants with the tools they need to significantly improve and sustain financial performance. Our partnership with Kount offers merchants the first truly integrated fraud-monitoring tool at the point of transaction authorization. This is a significant step toward a global effort to reduce CNP fraud,” said Chase Paymentech president Mike Duffy. 

“The result of our partnership with Chase Paymentech will be a new class of tools and utilities for controlling card-not-present fraud,” said Kount CEO Brad Wiskirchen. “The comprehensive suite of products will give merchants a new level of certainty that current and future forms of fraud can be controlled."

Wednesday, April 28, 2010

International Sales Up at Amazon

Catalogue & eBusiness reports that international sales at Amazon, representing the company’s UK, German, Japanese, French, and Chinese websites, were up 45 percent to $3.35 billion (£2.18 billion) in the first quarter 2010, compared with the same period last year. Excluding the favorable impact from year-over-year changes in foreign exchange rates during the quarter, sales grew 37 percent.

Social Media for Direct Marketers

Are you missing the benefits of social media because you don’t know where to start? Or, have you been posting and tweeting with no measurable results?

Here's your chance to get up to speed: noted Direct Marketing consultant Debra Ellis has written the definitive guide to Social Media for Direct Marketers.

This is the definitive guide for people who want bankable results, not just followers, friends, and fans. Social Media for Direct Marketers isn't a hype-filled eBook about how the Web 2.0 world replaces traditional marketing. It is  a systematic approach for creating a social media presence that enhances your direct marketing. It begins with an introduction to the Web 2.0 world and ends with how to integrate your online presence with your direct marketing channels.

Click HERE for more information, or to order a copy of this eBook today!

Debra Ellis is a writer, speaker, consultant, and coach specializing in improving customer acquisition and retention using marketing, analytics, service, and strategic planning. She is recognized as an expert in marketing integration, customer retention and acquisition, and strategic planning.

She has been featured in CNN/’s Small Business Makeovers and the NY Times. Her articles have appeared in Catalog Success, DM News, MarketingProfs, Multichannel Merchant, Operations & Fulfillment, and Target Marketing. She has written e-guides The New Rules of Multichannel Marketing, Email Treasure Map, 10 Signs Your Company is Sinking, and The Reality Check Manifesto. She is a frequent speaker at conferences and events.

SQL Injection Hacks

In March Albert Gonzalez (28) and two Russian co-conspirators were sentenced to 17 - 25 years in jail for the Heartland Payments Systems security breach (along with several other smaller breaches), in which they stole 130 million credit card records and made a reported $4 million on the scam.

As reported in PC Magazine, Gonzelez and company hacked into these systems using a "SQL injection" method, which is similar to a buffer overrun attack but more "brute force." According to John Verdi, senior counsel at the Electronic Privacy Information Center (EPIC), many companies are exposed to SQL injection hacks because of the prevalence of SQL and a lack of strong security practices. "Heartland did something dangerous, but it didn't do anything other companies aren't doing also."

SQL injection hacks are easy to prevent using commonly available encryption techniques. It's not rocket science, and it's essential if your system is based on SQL/Server databases. Even better is to prevent user -supplied input which contains malicious SQL from affecting the logic of an executed SQL query.For a discussion of how to do this, see the SQL Injection Prevention Cheat Sheet.

Monday, April 26, 2010

Lightening Pick Has Wireless Pick-to-Light System

Lightning Pick, Germantown, WI, has announced the NW Series of Wireless Pick-to-Light Modules, allowing expansion of product locations without rack or shelving infrastructure or where locations must be continuously mobile. Examples include pallet locations on open floors and product bins located on monorails or carts.

The wireless modules take advantage of several recent technological advances allowing them to remain active for long periods between recharges. The most important of these is the use of “White Paper” or electronic paper display technology, also used in eBook readers like the Amazon Kindle. The white paper lights retain information displays without the need to draw power. The system runs on a low power radio technology which uses a fraction of the energy required by tradional Wi-Fi networks.

NW Series lights can present data in unique ways including numbers, text, and even bar codes. High contrast white on black information is easy to read and clear from both long distances and a wide range of viewing angles. Within Lightning Pick software, wireless locations can be configured as in traditional track-mounted lights. Bays and zones can leverage a combination of track and wireless modules.

This truly mobile, flexible, and environmentally friendly technology has multiple messaging options for configuration to your requirements.

Sunday, April 25, 2010

Endicia Rebrands as DYMO Endicia

Endicia, a leader in Internet postage with more than $4 billion in postage printed, recently announced a re-branding as "DYMO Endicia."

DYMO Endicia unveiled the new branding at the 2010 National Postal Forum (NPF) show held in Nashville April 11-14.

Endicia was formed more than 25 years ago as a technology consulting company, and launched its Internet postage business in 2000. Since then, it has been at the forefront of Internet shipping and mailing technology innovations, including being the first provider to print shipping labels with postage, offer Stealth Postage, automate International Customs forms, and correct addresses over the Internet, among other features.

In 2005, it was the first to introduce a complete Web Service for printing postage-paid shipping labels and in 2006, the first to introduce a no-monthly fee mailing solution under the DYMO brand.

"Our new branding is a symbolic step, as DYMO Endicia continues to evolve ...," said Amine Khechfe, general manager for DYMO Endicia. "While the company isn't changing, the new name further showcases the integral role we play within the DYMO family of solutions. These products and services provide businesses, educational institutions and consumers with innovative and easy ways to share, manage and organize information."

Tuesday, April 20, 2010

nGenera Launches Social Customer Service Platform

nGenera Customer Interaction Management (CIM) a division of nGenera Corp., has released nGen CIM 9, which adds nGen Community and nGen Social Media channels to the suite and enhances its core channels: nGen Knowledgebase, nGen Email and nGen Chat.

The company claims nGen CIM 9 enables organizations to deliver a superior experience in the time of the social customer. The highlights of this significant new release include:

nGen community, powered by nGen Knowledgebase--Customers can now engage in social self-service by creating and sharing knowledge and experiences as well as participating in community management. Community members interact in forums and contribute via wiki while the organization retains overall control. Members can evaluate content and users through reputation modeling. nGen Community’s integration with nGen Knowledgebase ensures community-generated content is fed back into the knowledgebase and can be accessed by users through federated search.

nGen Social Media--Contact centers can now listen, interpret and respond to conversations across popular social networks such as Twitter, Facebook and YouTube. nGen Social Media swiftly identifies chatter, prioritizes incidents using sentiment technology, and then, depending on sentiment score, routes incidents to the agent the same as a traditional customer-initiated inquiry. The agent can then respond using social media or traditional customer interaction channels.

nGen Knowledgebase search--Customers and agents now have powerful intelligent search available for the contact center. nGenera CIM has expanded its federated search capabilities to include knowledgebase content, Web site content and file server content. With CIM 9 nGen Knowledgebase, database and social content have been added to the search.

nGen CoBrowse--Contact centers can simply and easily engage customers in collaborative CoBrowse sessions to help them complete purchases or solve complex issues. It’s reportedly the only co-browse solution offered both on demand and on premise.

nGen Survey--nGen Survey is a full-featured and completely integrated post-interaction survey module.
“Enterprisabilty”--nGen CIM 9 features architecture enhancements that ensure the scalability that is critical to the company’s target market: large enterprises. Administration enhancements enable efficiency in the management of thousands of users in a distributed global contact center throughout the suite.

Monday, April 19, 2010

Highjump Offers WMS in the Cloud

SupplyChainBrain reports: HighJump Software Inc. is now offering its warehouse-management system application in a “cloud” delivery model. The hosted system will have the same features and functionality as HighJump’s on-premise WMS, as well as the ability to build new business processes by way of the vendor’s adaptability tools.

The cloud-computing model allows the WMS vendor to host both the software application and hardware infrastructure. Customers access the system via a Web browser. Companies turn to hosted software as a means of reducing their need for up-front investment and the maintenance of applications residing behind corporate firewalls. HighJump already offers a cloud-based version of its transportation-management system software. The option allows companies of all sizes to simplify and lighten their IT loads while gaining the benefits of a Tier 1 WMS, according to HighJump chief executive officer Russell Fleischer.

Friday, April 16, 2010

Virgin Tries Promoted Tweets

Jennifer Van Grove reports in Mashable: "Promoted Tweets are now live. Yet most of us are still generally curious about how this will work in the wild.

"... What we discovered is that if used correctly — something Twitter plans to manage with "resonance scores" — Promoted Tweets could actually be meaningful additions to the Twitter experience.

"Twitter hand-selected a few businesses that they’re using as advertising partners during the phase one rollout of Promoted Tweets. In speaking with Virgin America’s Vice President of Marketing, Porter Gale, we learned that Virgin America was approached by Twitter (and not the other way around) to participate in the new program. She credits the company’s inflight WiFi, general Twitter savvy, presence at tech events, public discussions about using Twitter and their all-around social media savvy as the primary reasons why Twitter selected them for this partnership.

"Gale speaks very highly of Twitter and the opportunities that the ad platform make available to Virgin America. She says, 'We love their brand and we think it’s a good fit because they’re tech savvy.'

"During the discussion it became apparent that one of Virgin America’s goals is to highlight their own tech savvy, something this deal certainly affords them. The company is already seeing 300 to 500 inflight tweets per day, with anywhere from 6% to 15% of travelers logged into inflight WiFi. Participating in the Promoted Tweets initiative is certainly a logical next step on the Twitter front for the company.

"As for the financials, we don’t know what the advertising partners are paying for their Promoted Tweets; Twitter has mandated that none of the partner brands disclose those details just yet. We do know, however, that whatever the payout, Virgin America is happy with the early results from their first promoted tweets.

"Gale spoke strongly about Virgin America’s position around Promoted Tweets being about better engagement. She doesn’t see the paid-for-tweets as advertisements, but instead as opportunities to enhance the communication that they’re having with customers and followers.

"To that effect the company is purposely burying their Promoted Tweets in nearly impossible to find search listings. By opting to select highly specific keywords Virgina American can assure that they will only be seen by Twitter searchers looking for something very specific. Gale describes the follower relationship as something sacred and one the company has no intention to disrupt. She says, 'people have to really want the promotion to find the tweet.'

"In fact, the company’s three promoted tweets are almost impossible to find in ad form. I tried practically every related keyword search term I could think of and still couldn’t find them. Save for using the specific term associated with the promo, Virgina America’s sponsored tweets won’t appear in your search results. And that’s the point. The airline has no intention of spamming their audience.

"...Despite Twitter users’ reticence towards ads, we have a hard time believing that any of these Promoted Tweets would anger searchers who discovered them. In fact the inflight calls to action are actually quite clever. A passenger at 35,000 feet in air could be pleasantly surprised to find that the airline actually cares about their experience, as it’s happening.

"Other than travel deals and tailored engagement initiatives, Virgin America believes that Twitter and the Promoted Tweets program could potentially replace existing traditional marketing and advertising initiatives. They plan to put that theory to the test next week when they announce and promote the launch of a new market (a new destination city that they will fly out of) entirely via Twitter.

"Gale tells us that, 'We believe in the power of Twitter, and the power of retweeting, communities and digital influencers.'”

Saturday, April 10, 2010

PCI and Project Management

I am speaking on PCI Compliance and other data security issues at the National Conference on Operations and Fulfillment in Orlando on Tuesday, April 20.

One of the key findings coming out of the PCI world is that the companies who manage data security the best are those best at project management. PCI-compliance is not a one-shot effort: it is an on-going commitment. Getting everyone on board with the program, and keeping them there, requires not only good planning and communications skills, but good project management skills as well.

You don't need Microsoft Project to get the job done. However, if you want an application that not only provides a project management framework but also the methods, templates, and tools to handle projects effectively, take a look at the Method123 Project Management Methodology.You can download a trial copy for free. And be sure to let me know what you think.

Friday, April 09, 2010

MasterCard To Launch Online Marketplace

The New York Times reports that MasterCard will be launching a "predictive online marketing business" called MasterCard Marketplace through a new partnership with Next Jump, a New York company that monitors customer behavior from thousands of retailers and uses the data it gathers to help merchants tailor their product offerings.

MasterCard will introduce its Web shopping mall on Monday, saying it will be able to pinpoint with considerable accuracy what its cardholders are likely to purchase.

MasterCard’s competitors are also trying to expand their presence in online commerce. For instance, American Express has a site called “Daily Wish” that offers discounts, and Visa is in the process of introducing RightCliq, intended to help consumers comparison-shop online.

Next Jump’s putative advantage is that it draws on buying histories across thousands of retailers, giving it a huge sample size of consumers to analyze.

Charlie Kim, the company’s founder, says Next Jump converts one in every 11 browsers into buyers, a rate that far exceeds the industry norm. Running employee discount and reward programs for many big companies for more than a decade, it has gathered data to help refine its algorithms for predicting what people are likely to buy.

On the new MasterCard site, shoppers will be asked to select a handful of merchants they favor. From there, Next Jump will monitor how they use the site and adjust offers accordingly, said Joshua Peirez, MasterCard’s head of innovation platforms.

“Next Jump measures everything you do on the site,” Mr. Peirez said.

Next Jump’s technology is already available on Yahoo’s shopping site, as well as on the sites of many corporate perk programs that offer merchandise discounts to employees. In 2008, MasterCard began offering discounts to debit card holders on a Web site called MasterCard Savings that employed Next Jump’s algorithms; officials described it as a pilot project.

While the technology developed by Next Jump worries some privacy advocates, MasterCard said it was working to assure customers’ privacy. For one thing, customers are not automatically enrolled in the marketplace site but must sign up on their own. Retailers will not be provided names of specific customers but rather a batch of customers who share certain characteristics, like income level or having young children.

Sources of Data Loss

The two blog entries below include charts from the magazine Digital Transactions (to give credit where credit is due). The April issue, where they appear, also included the chart below, which is an enlightening look at the how credit card data goes missing.

Only 14% of data breaches (presumably of the total number of incidents, not the total amount of data) were from hacking. Just over ten percent (11%) was from "Web Access," although it is unclear how this differs from "hacking." But the other 75% of the lost data was attributed to everything from insecure waste disposal ("dumpster diving") to stolen computers (3%).

Speaking of dumpster diving, the Open Security Foundation, which is the source of the data in the chart, shows on its own website a litany of recently reported data leaks from data disposed of -- unshreded -- in dumpsters. That's an astounding situation in today's environment....

Why Merchants Hold Onto Credt Card Data

A study by the Ponemon Institute that surveyed 155 PCI Qualified Security Assessors (QSAs) found that merchants hold onto customer credit card data primarily to handle chargeback resolutions (83%), as well as for customer service follow-up (68%):  see chart below.

The study did not indicate how much of the stored data is in encrypted or tokenized formats, although it did indicate that some merchants felt that encryption was an unnecessary expense if other safeguards (typically classified as "compensating controls") were in place to protect the data from unauthorized access.

The study also found that in the opinion of 42% QSAs, Level One merchants are not making data security "a strategic priority."

Level 1 Merchants' PCI Costs

Level 1 merchants who do on-site security audits to ensure compliance with the Payment Card Industry Data Security Standards (PCI-DSS) are paying an average of $225,000 each year, and 10 percent of these business are paying $500,000 or more annually, according to a new study by the Ponemon Institute. In spite of that, 2% of them fail these audits.

The study surveyed 155 Qualified Security Assessors (QSAs) worldwide who are authorized by the PCI Security Standards Council to conduct annual technical reviews of the largest merchants' networks. With $225,000 to $500,000 spent annually on a PCI audit, "that's a large chunk of change to be doing each and every year," says Dr. Larry Ponemon, the Institute's founder. That cost doesn't include the technology changes and the operating and staff costs associated with the audit, according to the survey. Ponemon notes that sometimes the annual PCI audit "leads to a better security posture, but not always."

Of those merchants surveyed, 41% rely on "compensating controls" under the PCI rules. Failing an audit means working on a remediation plan, and compensating controls may address what might be done outside of strict PCI DSS guidelines to meet technical difficulties.

In the survey, 54% of QSAs acknowledged that their clients feel PCI DSS is too costly, although 20% did say their clients are "satisfied" with compliance costs. More than half (52%) of the QSAs said that merchants are not proactively managing data privacy and security in their environments. The survey suggests that restricting access to cardholder data remains problematic.

Encryption is the most effective technology their clients use, according to 60% of the QSAs surveyed, although the industry currently has no specific requirement for end-to-end encryption of cardholder data.

New IKEA UK iPhone App To Go Global

Acknowledging the growing importance of mCommerce (particularly for promotions and customer pre-purchase reserach), home furnishings company IKEA has announced a series of new developments to their 2010 UK Catalogue iPhone app.

Following customer feedback provided at launch, IKEA redeveloped the app over a two month period, after inviting fans who had downloaded the app from the Apple iTunes Store to suggest ways the app could be improved via twitter, a phone hotline, email and on the App Store.

The latest version of the catalog app now features the most requested functionality, including:
- a search function enabling customers to select products using keywords
- bookmarking, helping customers to save pages
- contents page: a color-coded index with links to main sections

Other updates IKEA is currently investigating based on user feedback include detailed product information on-demand, functionality to find your nearest store, and information about what is in stock in your local store.

Jason Baker, IKEA UK and Ireland Marketing Project Manager said: “We’d like to say a big ‘thank you’ to everyone who downloaded, emailed, phoned and tweeted us their thoughts. Based on the success of this initiative, and fitting with IKEA’s own philosophy, we will continue listening to our customers and developing our products in line with their feedback.”

Following on from the success of the app in the UK with over 300,000 downloads in the first month, it will now be rolled out for IKEA catalogs in other countries.

Always on the lookout for practical ways to help customers with their daily routine, IKEA is still open to hearing from ways to improve the mobile version of the catalog.

The updated IKEA Catalogue 2010 UK edition is available as a free download from the Apple iTunes Store from 8 April 2010.

Customers are invited to offer further feedback by:
Twitter Hashtag: #ikeaappideas
Voicemail Hotline: 44 (0)207 307 3132

ACCM now Retail Marketing Conference

Readers of this blog who attend Direct Marketing Assoc. conferences have typically gravitated to the National Conference on Operations and Fulfillment (NCOF, coming up in Orlando, April 19-21, where I am speaking on PA-DSS/PCI-compliance and Systems ROI).

But a lot of the systems vendors also exhibit at the Annual Catalog Conference, so it's important to know that this has now been been rebranded as the Retail Marketing Conference, "revamped, remixed, and reengineered to best represent the integrated marketing environment all retail marketers now operate in," according to the DMA. "Preserving the legacy of our ACCM history, and adding all the best of digital and direct marketing, this new event will provide a robust marketing tool box for attendees looking for innovative content that maximizes customer experience and ROI."

The RMC will be in Orlando May 24 - 27.

Monday, April 05, 2010

Demandware LINK Integrates Key 3rd-Party eCommerce Modules

One of the biggest challenges in setting up and managing a mature eCommerce site is selecting and integrating with the numerous third-party modules, tools, and platforms needed for everything from image management and customer reviews to sales taxes and credit card processing.

To address this challenge on behalf of its users (and at its own expense), Demandware, Inc., a global leader in on-demand eCommerce, has announced the availability of pre-built, no cost eCommerce integrations for many of these external components with the launch of Demandware LINK.

Through Demandware LINK, Demandware clients and developers will have access to an extensive library of integrations between more than 25 best-of-breed third-party technologies and the Demandware eCommerce Platform, removing the integration hurdles that retailers face when adopting eCommerce technologies and based on the belief that eCommerce vendors, not retailers, should assume the cost and complexity of integrating eCommerce applications.

Demandware LINK integrations span a broad range of technologies, including campaign management, imaging, order management, payment management, personalization, PIM, ratings and reviews, social commerce and more, giving Demandware customers a choice of no cost, pre-built product integrations.

The initial Demandware LINK partner community consists of Adgregate Markets, Adobe Scene7, Allurent, Amazon Payments, Baynote, Bazaarvoice, Bizrate, Bronto, Certona, ChannelAdvisor, CyberSource, Fluid, GlobalCollect, Gomez (the Web Performance Division of Compuware Corporation), Invodo, Litle & Co., MainStreet Commerce, Mercent, MyBuys, Omniture, OrderGroove, PayPal, PowerReviews, Prolexic, Resource Interactive, Responsys, Riversand and SeeWhy and will continue to grow with the addition of new partners and product integrations.

All LINK integrations developed by these partners are currently available or under development. Demandware customers and other members of the LINK Partner Community, including systems integrators and implementation partners, can access the integrations and accompanying documentation at no cost through

“Integration is an expensive, time-consuming process that can be a barrier to the adoption of available technologies. I see huge value in the Demandware LINK program. It provides retailers like Columbia Sportswear with more technology choices for driving innovative customer experiences and profitability. We have already leveraged the PayPal Express Checkout integration to Demandware,” said Paul Zaengle, senior director of eCommerce at Columbia Sportswear.

For online retailers, application integration can be as much as 50 percent of the overall cost and time of an eCommerce implementation. By providing pre-built integrations, Demandware LINK dramatically simplifies the implementation process and accelerates the adoption of new technologies. For example, using a Demandware LINK pre-built integration, the typical length of time required for the implementation of a credit card authorization payment system can be reduced by up to 92 percent, which translates into measurable cost and time savings for retailers.

“It’s not right that retailers should have to foot a services bill just to make two technologies talk to each other. We think it’s high time that vendors assume this responsibility and deliver pre-built, supported integrations to retailers. Through Demandware LINK and our ongoing partnerships with leading third-party providers, we’re making the pain of integration a thing of the past,” said Jamus Driscoll, vice president of marketing at Demandware.

Demandware LINK Open to All On-Demand Providers

Participation in Demandware LINK is open to all on-demand eCommerce technology providers at no charge. Demandware supports its partners in the development of integrations, which includes a rigorous approval process to ensure quality before they are made available for download to retailers and developers. Vendors interested in joining the Demandware LINK community should go to for more information.

“The effort required to integrate disparate eCommerce technologies is often a huge burden on the retailer,” said Mitchell Kramer, vice president at Patricia Seybold Group. “By providing pre-built integrations to a broad choice of technologies free of charge, Demandware and its partners are providing measurable savings to customers that translate into tangible value.”

Here's a cute little video outlining the Demandware LINK platform:

Twitter to Introduce Contributors Feature

Twitter has introduced a Contributors feature that will let corporations identify individuals under a corporate Twitter ID. is reportedly the first corporate user, and is featured in the video below:

Cloud Computing Security Issues

eWeek reports: A new survey of IT professionals has painted a troubling picture of enterprise approaches to cloud computing security.

According to the survey, which was done by Symantec and the Ponemon Institute, many organizations are not doing their due diligence when it comes to adopting cloud technologies, which may partly be due to an ad hoc delegation of responsibilities.

Among the findings: few companies are taking proactive steps to protect sensitive business and customer data when they use cloud services. According to the survey, less than 10 percent said their organization performed any kind of product vetting or employee training to ensure cloud computing resources met security requirements before cloud applications are deployed.

In addition, just 30 percent of the 637 respondents said they evaluate cloud vendors prior to deploying their products, and most (65 percent) rely on word-of-mouth to do so. Fifty-three percent rely on assurances from the vendor. However, only 23 percent require proof of security compliance such as regulation SAS 70.

The researchers speculated this may be due to a gap between the people employees think should be responsible for evaluating cloud vendors and who actually is. For example, 45 percent said that responsibility resides with end users, while 23 percent said business managers. Eleven percent said the burden belonged to the corporate IT team, while nine percent said information security.

However, a total of 69 percent said they would prefer to see the information security (35 percent) or corporate IT teams (34 percent) lead the way in that regard. Most often, security teams are not part of the decision-making process at all when it comes to the cloud. Only 20 percent said their information security teams played a part on a regular basis, and 25 percent said they never do.
Web Analytics