In recent years, the retail industry has shifted its focus increasingly toward more security-centered business processes. As the threat environment continues to evolve, the personal information of retail customers is still incredibly valuable for hackers, and thus remains a prime target.
In addition, instances of breached retail data have been on the rise. The past year brought us a number of high-profile cases that impacted millions of customers, affecting Home Depot, craft store Michaels and Dairy Queen.
As vendors collect ever-expanding databases of information about their customers for marketing and customization purposes, the retail industry becomes an even more attractive target.
"With some retail stores suffering data breaches affecting millions of people and recovering after data was stolen from customer credit cards, businesses need to balance a desire for more data while keeping IT systems secure," wrote Tech Page One contributor Brian T. Horowitz.
As a result of these conditions, retailers are placing a higher importance on security.
Hoarding data: Protecting sensitive customer information
These days, a rising number of retailers use predictive analytics, where historical and real-time consumer information is leveraged to predict future preferences. While the plethora of data collected can provide real benefits for both the brand and its clients — including a more tailored, enjoyable end-user experience — it can also create considerable risk.
U.S. Representative Peter Welch noted at the National Retail Federation conference in early January that these practices have to come with a balance between information gathering for marketing purposes and concern about security and breaches. For this reason, Welch and other lawmakers proposed creating a single set of standards for the retail sector to rely on to prevent breaches.
"You can't have a retailer dealing with 50 different standards, so the challenge for us is to come up with a standard that's simple and straightforward for the retailers," said U.S. Rep. Marsha Blackburn.
Boston Retail Partners Principal Ken Morris told Luxury Daily that the current threat environment calls for more robust standards in the industry.
"Simply meeting PCI compliance standards is no longer sufficient to protect customer data," Morris said. "Hackers have become increasingly sophisticated, requiring retailers to reanalyze and revamp their current security protocols to adequately protect their customers and their brand."
Until a new standard is established, retailers can fall back on the protection measures that are consistently required in current guidelines. These include encryption to safeguard customer details as well as authentication credentials for the databases containing this information. With these security measures in place, chances of a breach or other unauthorized access are greatly reduced as only those with the proper usernames, passwords and decryption key are able to view protected data.
Securing payment systems
A recent survey from Boston Retail Partners found that 63 percent of all retailers reported that payment security is among their top three priorities this year. With Neiman Marcus and Kmart suffering through payment system infiltrations, it is more important than ever to make sure these systems are secure. A breach doesn't just impact the customers whose information was leaked, it's a bad reflection on the brand.
"To breach is to die. It is a brand killer and CEOs will lose their jobs," Morris said. "Retailers are taking this risk seriously, as the negative impact of a data breach can be massive in terms of financial cost and, more importantly, the damaging effects on customer perceptions and loyalty."
In this spirit, many retailers are looking to upgrade their payment systems to leverage the EMV standards set by Europay, MasterCard and Visa. Currently, companies must comply by October 2015 to avoid being held responsible — instead of the financial institution — for any fraudulent charges.
Other retailers are shifting their encryption processes so that the decryption key is stored by the bank instead of the vendor. In this way, hackers have to breach the bank as well as the retailer to access sensitive information. Luxury Daily noted that 45 percent of retailers are planning to increase their encryption capabilities by October.
Companies are also increasingly leveraging tokenization processes, where customers' payment card information is turned into a token. This prevents any third parties from gain access to the card number or other associated information.
Overall, one of the best ways to boost security is to work with an expert like Hostway. Hostway provides a range of security services via both its network presence and its application use. Hostway also offers anti-virus, threat analysis and testing. To find out more, contact Hostway today.
Previously, we outlined how to evaluate a company's compliance with the Health Insurance Portability and Accountability Act. In this piece, we'll take a look at the essentials to keep in mind with communication solutions, and in particular, email.
GFI noted that several industry regulations and governing bodies — including the Sarbanes-Oxley Act, HIPAA, the Food and Drug Administration, the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority and the National Association of Securities Dealers — have special requirements when it comes to companies' email solutions. Each of these necessitate that businesses have a searchable email archive to ensure transparency in connection with corporate communications and other dealings. For this reason, organizations operating under or in conjunction with these rules and groups must have specialized email systems in place.
Here are a few crucial factors to consider when it comes to compliant email and communication solutions:
Protected communications archive
As noted above, firms must have a searchable archive of their communications on hand, both to comply with industry standards, and to provide for auditors. When an audit takes place, the company must prove they have followed regulations. Having an archive of all communication including all emails and messages sent and received streamlines the audit.
However, storing this information can offer a valuable hacking target. Thus, the archive should be protected by authentication credentials — two-factor where possible. This can ensure that only authorized viewers are able to see the records.
Security for each message
In addition to protecting the message storage system, company managers should also adequately secure each individual message being transmitted. A best-of-breed email platform will have advanced encryption in place at the point of sending, which can prevent messages from being intercepted. Hosted email systems, such as the compliant-ready solutions offered by Hostway, have this capability built in.
Encryption is particularly important considering the incredibly sensitive information corporate emails can contain. For instance, employees may need to send a list of customer details to another staff member or partner. As the list may contain names, email addresses or payment information pertaining to consumers, protection — which falls in line with industry regulations — is needed to ensure the safety of this data.
Compliance when sending commercial emails
In addition to considering emails sent to and from the company's employees and its partners, decision-makers must also take into account the messages they send for marketing purposes. According to the Federal Trade Commission, these must follow the CAN-SPAM Act, which provides rights for the recipients of commercial messages.
As email campaigns become more prevalent, it is paramount to ensure compliance with CAN-SPAM. When sending out emails for marketing purposes, senders must maintain the following requirements:
Overall, taking these items into consideration will help guarantee that messages are secure and compliant with the regulations governing the organization's industry.
Hostway's #MoreThan Mania, our E-Commerce Roadshow, is coming to a city near you!
Emphasizing flexibility, expertise and responsiveness, Hostway's Magento offerings provide more than you'll get from most hosting providers. Learn more at our roadshow, which is coming to South Florida, Denver, Boston and Philadelphia in the next five months. Our first stop is in Fort Lauderdale:
We have put together a collection of leading e-commerce experts from around the country to join us in South Florida at the Marriott North in Fort Lauderdale for the eCommerce Expo. Our partners at this event include:
We will talk about Magento Community Edition and Enterprise Edition, along with various extensions that can increase your efficiency. Join in the social conversation by using #EcommerceSFL! Sign up for this free event here, or learn more about Hostway’s e-commerce solutions at our website's Magento sub-section.
Hope to see you there!
The phrase "The customer is always right," took hold in the early 1900s, when Harry Gordon Selfridge of Selfridge's department store first uttered it. As, the world of commerce changes, the commitment to addressing consumers' preferences and demands never fades.
In today's landscape, it can be challenging to ascertain what a brand's consumer base wants. Thankfully, some of the guesswork can be taken out of the equation by looking at current industry-wide trends.
So what exactly is today's e-commerce customer looking for?
Mixing channels through mobilization
Much of e-commerce requires utilizing an array of channels, including a company's website as well as its brick-and-mortar location. A recent study from PricewaterhouseCoopers illuminates some of the reasons customers worldwide leverage multiple channels.
The study found that over half of today's consumers — 52 percent — make their purchases through online platforms because they've experienced better prices or discounts. Another 47 percent also noted that online shopping capabilities enabled them to connect with brands and make purchases at any hour, whereas physical store locations were beholden to specific hours of operation.
The study also found that many consumers utilize several channels during their purchasing journey. For instance, 76 percent of participants said they visit stores to browse and check out merchandise in person before completing their transaction online. This enables these clients to see and touch the item, giving them a better idea of what they'll eventually be purchasing online.
Another 65 percent of consumers take the opposite approach, browsing online and then making their purchases in-store. This prevents them from having to pay shipping or other extra costs through the online channel.
While mobilization is a big part of these activities, only one-third of survey respondents said they were happy with brands' practice of mobile device location targeting. Although this strategy can enable more personalized, targeted advertisements, the majority of consumers were uncomfortable with the idea.
A personalized shopping experience
A separate study from MyBuys found that consumers do appreciate a certain level of personalization, especially when items are suggested based on their past browsing and shopping preferences. According to the survey, 53 percent of participants will spend more with a brand that makes merchandise recommendations according to the shopper's previous browsing or transaction activities. In fact, 39 percent noted that it can be frustrating when a brand does not personalize their shopping experience in this manner.
"Consumers want consistent personalization everywhere they shop and on every device they use," said MyBuys President and CEO Rita Brogley. "Consumers engage and shop more when they receive a truly personalized shopping experience across all channels. When done right, customers consider personalization a valuable service rather than an annoyance."
Brogley also pointed out that this strategy is beneficial for the brand as well, as it often leads to higher conversion rates, increased sales and boosted brand loyalty.
Personalized pricing: The future of the customized shopping experience?
Business of Fashion contributor Kate Abnett noted that some brands are taking customization a step further with a practice known as personalized pricing. This approach is nothing new, however, and is akin to a market vendor offering a specific price based on what they think a customer will pay.
By leveraging information including past browsing and purchasing behavior, it is now possible for a company to not only predict what a customer might be interested in buying, but when they are likely to make the purchase and the price they will be willing to pay.
"In theory, charging all consumers the same price is ineffective, because some of those consumers would have been willing to pay more, while others who opted not to buy would have responded to a lower price," Abnett wrote. "Personalised pricing, so the economic theory goes, can save companies this lost revenue. By analysing customer data, a retailer can work out a customer's 'reservation price' — the maximum amount they would be willing to pay for a specific product, before they had 'reservations' about buying it — and then charge them that amount."
Although this strategy has been leveraged by e-commerce giant Amazon for several years, it has yet to take hold in the majority of the industry. However, it could represent the future of the customized shopping experience.
Overall, these trends reveal one very important underlying aspect: Companies must have a robust online presence, including an optimized website, in order to address current consumers' needs. These resources can make all the difference, especially when hosted through an expert provider like Hostway. To find out more about e-commerce hosting and other essential solutions, contact Hostway today.
For merchants, agencies and technology partners, the Imagine Conference is one of the most highly anticipated events in e-commerce. With the excitement of the “next big thing” in the air, attendees witness announcements about new technologies and learn about what agencies are the best of the best. The Imagine Conference is the place to be, and the theme this year was “Unbound”: the idea that change is no longer something to be afraid of. Embracing change, not stopping it, is essential for the movement and discovery that drive the industry forward. Merchants, agencies and technology partners alike need to be unbound in whatever they do in order to see the benefits that come from risking change.
Here are five key points to take away from the conference this year.
Beta is Good Enough – Even Perfect: We all are timid when releasing a beta version of whatever it is we are putting out there. That needs to stop. In order to speed up innovation and creativity, we need to put our beta versions out there without hesitation and embrace feedback; the answers we get to the questions we didn’t even know we should ask are crucial to improving our products.
Examine the Shopping Experience: Understand your customer even better. Understand how they shop when they are not online, and bring that experience to your website. Data-driven personalization from on-site optimization to digital strategy when the customer has left your website will build brand loyalty and result in more sales. Show your customer that you know who they are and understand what they want.
Buzzword of the Week: “Omnichannel” It was only a few years back when the buzzword was “responsive.” Everywhere you went, every keynote speaker used the word responsive and we all went back and sold it to our clients. This year it was “Omnichannel.” It means shrinking the distance between your customer and your product, and optimizing the buying journey. Make your product available in every marketplace and every channel possible so that your customer can connect with your products and brands wherever they may be.
eBay Enterprise is the #1 E-commerce Platform Provider in the IR Top 500: This was announced and celebrated – it’s a huge deal! Everyone at this conference has been a part of the e-commerce ecosystem that is now eBay Enterprise. We all have succeeded in making Magento the most scalable and supportive platform on the market, allowing merchants to process hundreds of millions of dollars in annual online sales. That’s something to be proud of!
What About the Party? It wouldn’t be Imagine without a good party! The Legendary event was held at XS and was a big hit. Live music, aerial performers pouring us champagne from the ceiling and an open bar let us all become unbound!
The marketplace was full of some familiar agencies and new technology partners. The biggest take away is that while there are many changes taking place, Magento and eBay are still growing, still innovative and still an exciting group to be a part of. Just Imagine what it will look like next year!
Each year brings new patterns to the retail industry that can be leveraged to drive business strategy for companies with the capability to track them. Examining these trends can help retail leaders decide where to allocate funding, what sections of their organization need improvement, and how they can provide the best experience for their customers.
Experts have predicted that the following trends will help shape the way consumers do their shopping this year and beyond. Recognizing these patterns can put your company in the best position for success.
Strong retail growth for dollar, big box and department stores
According to the Chicago Tribune, experts expect considerable growth in the retail industry this year, including expansion for dollar stores, big box retailers and department stores. Considering that the industry's sales typically reach $2.6 trillion annually and make up 70 percent of the U.S. GDP, this is good news for more than just retail vendors.
In particular, dollar stores, mass merchants and department stores will see significant growth. The Tribune noted that there is rising demand for these types of retailers, both online and at brick-and-mortar locations. Kantar chief economist Frank Badillo noted that the bulk of this market expansion will be driven by younger consumers who have experienced considerable employment gains recently.
"As a result, smaller stores, from neighborhood convenience stores to upscale specialty stores, will be a key growth category because they appeal to younger people who tend to live in urban environments, dine out and shop on an as-needed basis," Tribune reporter Alexia Elejalde-Ruiz wrote.
Social media will provide purchasing power
In the past, social media has always offered a beneficial branding and marketing platform for retailers. A further shift is under way, particularly as top websites like Facebook and Twitter include buy button options enabling customers to make purchases directly from the platform. Currently, retailers like Target and Nordstrom are testing out these abilities through Twitter.
"A customer who'd like to purchase an item she sees on the retailer's feed can tap on the Like2Buy link found on…[the] Instagram profile," Vend explained. "Clicking on the link will take her to the retailer's Like2Buy site, which looks similar to its Instagram page. When the shopper taps on an image, she'll be taken directly to its product page, where she can find more details and proceed to checkout."
Social media buying features provide a more unified shopping experience for customers, especially as social media becomes increasingly popular with consumers. Thus, retailers must ensure their online footprint supports their brand and their clients' preferences.
Personalization through beacon technology
In addition to boosting online efforts, technology is on the rise in brick-and-mortar locations as well. Beacon systems - sensors placed at digital touch points in retailer's stores with the capability to connect with shoppers' mobile devices through wireless standards like Bluetooth - are being increasingly deployed. These systems allow retailers to better engage customers through a personalized in-store shopping experience.
This is often a way for brick-and-mortar companies to compete with e-commerce giants. Just as online retailers offer customized recommendations for consumers based on the items they view and purchase, beacons will enable brands to do the same in their physical locations. Vend noted that several vendors have already seen success with the beacon system.
Mobile will continue to be an essential channel
The further rise of smartphone and tablet use has significantly changed the way consumers connect with brands and shop. Mobile will continue to play an important role in retail this year, particularly as brands offer more applications for mobile ordering, loyalty programs and mobile payment.
One of the biggest changes seen in mobile retail is the increase in mobile payment systems like Google Wallet and Apple Pay. These technologies utilize near field communication systems to enable customers to pay from their phone instead of using cash or payment cards. These require specialized consoles at in-store locations to allow the use of these mobile payment technologies. As more smartphones come equipped with NFC, it will be important for companies to support this new payment trend.
Overall, this year will continue to bring considerable growth for the retail sector, particularly as brands work harder to offer a customized shopping experience based on consumers' preferences.
If your organization operates within the healthcare sector, chances are good that you're familiar with the guidelines of the Health Insurance Portability and Accountability Act, or HIPAA. This industry standard applies to firms that in any way deal with healthcare records, outlining specific rules for storing, transmitting or using this information.
According to the Department of Health, one of the main aims of HIPAA is to ensure sensitive healthcare information remains confidential and secure. In order to guarantee this, healthcare providers, doctor's offices, medical practitioners and any other company that handles these details must do so in a careful and secure manner.
Often, organizations focus on the Administrative Simplification title of HIPAA, which pertains to the sending, receiving and overall maintenance of healthcare information using an electronic record system. The Privacy title of the standard goes on to explain the protections needed for this data, which must be considered on a daily basis to ensure that all procedures and tasks are carried out securely.
Let's review the most important facets of this legislation for organizations in the healthcare industry to ensure their HIPAA compliance:
Information protected under the act
The Department of Health refers to the types of information that are covered under the act as protected health information, or PHI. This includes all data relating to the patient, his or her household members or his or her employer: names, birthdates, phone numbers, addresses and other contact information, Social Security numbers and any photographs are included. In addition, the dates of any treatment, medical record numbers, finger or voice prints and any other identifying information are also protected under HIPAA.
Encrypted communications
Because of the plethora of data that falls under HIPAA, healthcare organizations must be particularly careful with how they store and transmit information. For instance, any text, email or other message containing personal details about a patient must have security built in to ensure the sender is complying with the law. A recent TigerText white paper noted that HIPAA – as well as other regulatory guidelines including the Sarbanes-Oxley Act – require the use of encryption to protect sensitive information both at rest and in transit. Thus, only those with the decryption key can decipher the communication, reducing the risk that sensitive details could fall into the wrong hands.
Disaster recovery preparations
Besides ensuring data is safe from unauthorized viewers, organizations must also guarantee that records are secure in case of a disaster. Healthcare industry companies are thus compelled to have a robust disaster recovery program to respond to a service outage, weather-related event or other damaging incident. HIPAA.com recommends backing up information off-site so that it can be accessible if the firm's main location is impacted.
Employee training
In addition to preparing technological systems, companies must be sure that their staff members understand HIPAA's provisions and how they affect their responsibilities. Firms should have ongoing training sessions so that all employees know how to treat protected information and understand the related policies and procedures in place.
Risk assessments and audits
One of the best ways to ensure HIPAA compliance is to run a risk assessment. HIPAA.com noted this is especially important with the use of electronic records systems. An assessment of this system can help pinpoint any weak points or changes that might be necessary to improve security.
Additionally, decision-makers may also want to consider utilizing the services of a third-party auditor. This can provide a new set of eyes and help the organization recognize any weaknesses they might have overlooked.
Compliance with HIPAA is essential in the healthcare industry, and reviewing the issues above can go a long way toward ensuring that the firm follows the letter of the law.
Hostway’s e-commerce offerings are evolving, and we’re taking our show on the road to spread the word about about the powerful potential of our Magento products.
Join us at Imagine Commerce 2015 from Monday, April 20 to Wednesday, April 22 at the Wynn Las Vegas. We’ll be at Booth 419.
Also find us at our pre-Imagine event, Sunday, April 19 from 2-5 pm on the Brahms Patio at the Wynn, next to the hotel pool. It will be a catered reception with drinks and light food.
In the meantime, read over our Imagine Survival Guide, or learn more about Hostway’s proficiency with Magento in our case studies with customers Databerry and Great Stuff.
Hope to see you there!
The search shift from mostly desktop to mainly mobile is under way. Now, Google is adding fuel to the fire – and putting additional pressure on marketers – with two algorithm updates that mean significant SEO changes for mobile:
1. A mobile-friendly ranking signal
2. Easier access to mobile apps in search results
The search engine made an official announcement in the Webmaster Central blog last week, explaining these updates will give users more high-quality results.
If your website isn’t optimized for all platforms, you should make it priority for the first half of 2015. Google is giving webmasters a grace period that lasts through April 21 to update their pages and make them viewable on smartphones and tablets. If your content isn’t mobile friendly, Google will be less likely to show it to people searching for information on mobile devices.
This could be a problem for the majority of marketers. Earlier this year, a Google poll found 82 percent say they have a mobile-friendly site, but a separate study concluded this isn’t necessarily the case and only about 18 percent of sites actually use responsive design. This means the remaining 80 percent will need to develop solutions to ensure their sites provide experiences their visitors expect or they risk dropping off of page one into search obscurity.
At SMX West, Google’s Gary Illyes confirmed the upcoming roll out of a global mobile UX algorithm, and he hinted the impact will be huge. The algorithm will run page by page, in real time so any marketers who “miss the deadline” can redeem their sites with fast action.
Still, this new algorithm must serve as a wake-up call for 91 percent of business sites that are not mobile optimized. Illyes and the panelists shared exclusive insights on the upcoming mobile UX algorithm, and best practices for mobile SEO.
Additionally, to get that coveted ”mobile-friendly” label in SERPs, sites cannot have blocked access to CSS and JavaScript. Marketers MUST unblock access to be considered mobile-friendly.
Bryson Meunier, SEO Director of Vivid Seats argued heavily for responsive, while other members of the panel argued for m.dot sites. The issue, according to m.dot advocates is that building a separate mobile site creates more room for error. In order for a site to earn benefits, it has to be done right.
On other issues:
What constitutes a “mobile” search experience?
Illyes: Any internet-enabled device users can carry, except a laptop computer, is a mobile device.
What’s the difference in assessing mobile (phone) sites and tablet sites?
Illyes: There is no specific different treatment for tablet experiences at this time.
What’s the impact of the mobile UX algo? As significant as Panda, or smaller – like SSL?
Illyes would not respond to this. He joked that this will have a “42 percent impact!” but gave no real insight. However, he subtly hinted at the weight of the algorithm, saying “April 21st will be an important day. Mark it.”
What if a developer team misses the deadline?
This algorithm will run frequently (Illyes suggested it will detect changes in real time). And it will operate page-by-page as opposed to site-wide. Panelists all encouraged marketers who don’t already have mobile (responsive) sites to pick their priority pages according to revenue and start optimizing from there.
What’s the best strategy to rank in mobile search?
Illyes: All we (at Google) want from you is for you to focus on your user.
The moral of the story: No company can afford to take its search visibility for granted. If there’s an SEO arms race, it’s not about acquiring the most links or using the most keywords anymore. It’s over who can provide users will the most valuable information in the best way.