• No results found

Building Your Ecommerce Strategy

N/A
N/A
Protected

Academic year: 2021

Share "Building Your Ecommerce Strategy"

Copied!
14
0
0

Loading.... (view fulltext now)

Full text

(1)

Building Your

Ecommerce Strategy

Written by: Lizetta Staplefoot, Online Marketing Content Strategist

(2)

Table of Contents

Getting Started

2

1 Step One: Compliance & Security Considerations

3

2 Step Two: Addressing Performance,

5

Availability, and Scalability

3 Step Three: Mapping Site Flow and Processes

7

4 Step Four: The Inventory

9

(3)

Getting Started

Ecommerce is broad topic spanning many areas of an organization: business, technical, and users to name a few. Though these areas have differing goals and objectives, they have to work together to build and maintain a successful end-to-end buying experience. Consider the following sample of stakeholder concerns around an ecommerce site:

Each perspective adds value to the overall strategy. However, accounting for each voice means there is no one-size-fits-all ecommerce strategy applicable to every organization. Current ecommerce merchants or anyone thinking about entering the world of ecom-merce must consider the demands of multiple stakeholders to build a successful strategy. Whose goals and objectives are most important? Ultimately, the desired customer experience drives the business focus, the technologies used, and the security measures implemented to build trust, loyalty, repeat business, and referrals.

IS AN ECOMMERCE STRATEGY IMPORTANT TO MY BUSINESS?

Having an ecommerce strategy helps you meet your goals and objectives —regardless of your organization’s focus. We’ve established that there is no one-size-fits-all strategy, and that no one strategy is better than another. The key, then, is ensuring that you have a strategy appropriate for your unique business needs.

WHAT HAPPENS WITHOUT STRATEGY?

Best case scenario, nothing. But the worst case scenario could cause a breach of customer information resulting in the loss of customer trust, large fines, bad press, and other associated horror stories. Imagine a great marketing opportunity that gets your website or product a prominent media mention. When hordes of eager customers come knocking at your site, there’s no answer because your site crashed under the load. We’ve all heard stories of large-scale security breaches that damage a company’s reputation and stock price. Many of these types of disasters arise from an incomplete or non-existent strategy.

Starting with a sound ecommerce strategy helps you identify and plan for gaps,

account for compliance, and support customer experience by thoroughly considering all the moving parts of your store.

Business Perspective Technical Aspect User Expectations

• Conversion rates • Cart abandonments • Customer retention • Security • Compliance • System Performance • Time to load

• Quality of site content • Ease of transacting

(4)

If sensitive consumer information is transmitted, stored and/or processed through your ecommerce system, you need to factor compliance into your strategy. Compliance plays an important role in the architecture and security requirements of your ecommerce site. As such, it is extremely important to understand the role an ecommerce system plays in the payment card authorization process.

If an ecommerce system processes, stores and/or transmits cardholder informa-tion, specifically the primary account number, the Payment Card Industry Data Security Standards (PCI DSS) compliance is required. Measures to meet those requirements should be included in the inventory.

Ecommerce sites have three ways to meet the PCI DSS requirements. Merchants can either:

• use a payment gateway which involves integration with an Application Program Interface (API) to facilitate the transmission of the Primary Account Number with or without the storage of this information;

• transmit and store the Primary Account Number internally; or

• choose to outsource the transmission, storage and/or processing of payment data. Ultimately, the route an organization takes to meet the requirements of PCI DSS is a business decision and should be evaluated carefully. Each approach has benefits and downfalls to consider.

PCI COMPLIANCE

Ecommerce transactions must be performed in a way that helps build consumer trust by limiting the risk of fraudulent activities, while ensuring the privacy of consumer infor-mation. The reality, however, is that since 2005, the Privacy Rights Clearinghouse has recorded over 152 million breached records resulting from retail transactions in the U.S. alone.2 These records include credit card numbers, personally identifiable information,

or other cardholder data that was lost, stolen, or accessed without authorization. PCI BENEFITS TO BUSINESSES

To minimize this risk, the Payment Card Industry (PCI) created a commission, the

Payment Card Industry Security Standards Council (PCI SSC), charged with setting

and maintaining the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS helps alleviate the vulnerabilities associated with the transmission, storage, and/or processing of cardholder data, specifically the Primary Account Number.

Achieving compliance with PCI DSS is a continuous process of performing assessments, remediation efforts, and reporting the results. The Council maintains a library of

docu-mentation to help merchants and service providers mitigate risk and maintain secure

online transactions.

1. Step One: Compliance & Security Considerations

96% of businesses

in 2012 that were

subject to PCI DSS

and suffered a

breach were not

in compliance.

1

(5)

GENERAL PCI BEST PRACTICES

Because ecommerce is more complex than simply purchasing a shopping cart or setting up an account on Square or PayPal, businesses that utilize online transactions must first identify potential risks both to the consumer and to the business itself. Once risks are identified, they should then consider how well existing resources can meet those needs and mitigate risks. If the existing resources cannot sufficiently and reliably perform those functions the business should consider a solution that best fits the business and protects all parties according to PCI DSS.

OVERALL SITE SECURITY

PCI DSS is based on best practices for the protection of sensitive cardholder information. There is little to no guidance on how to scale an ecommerce environment while maintaining compliance and performance. Nor does it

provide guidance on how to manage elements of an ecommerce strategy outside of PCI compliance. Additionally, the systems (server, storage system, etc.) that support ecommerce transactions are not always in the scope of PCI DSS. This is an area where

hybrid cloud solutions, which allow merchants to combine cloud and

dedicated or on-premises gear, is growing. With a hybrid approach, merchants can take advantage of cloud efficiencies while maintaining compliant systems to actually transmit, process, and/or store cardholder information.

Outside of PCI DSS compliance, ecommerce websites have a host of other security considerations that need to be captured and accounted for when building out strategy. Malicious attacks from DDoS attacks and email-born viruses can still grind operations of a compliant site to halt.

Just as compliance plays an important role in the architecture of the environment, risks to performance, availability, and scalability are equally important.

2012 Breach Sources:

• 81% utilized hacking

• 69% used malware

• 10% included physical

attacks

• 7% involved social

engineering

• 5% from misuse by

authorized users

• 97% of breaches were

avoidable through simple

or intermediate controls

3

Rackspace

®

Hosting

offers guidance that

can help identify

risk as well as assist

in the development

of a plan to become

PCI compliant.

(6)

2. Step Two: Addressing Performance,

Availability, and Scalability

The risk mitigation portion of an ecommerce strategy includes threats associated with availability, performance, and scalability. The areas discussed in this paper represent a broad range of audiences from a single merchant hosting their own ecommerce site, to a hosting provider for ecommerce merchants, to a company that makes shopping cart software, or someone considering public or hybrid cloud offerings as an ecommerce solution.

AVAILABILITY

Not having the ability to handle faults or spikes to maintain operations is a big risk to an ecommerce site. If your environment encounters an issue with a patch, an update to code, a service or hardware component failure, or a natural disaster, what happens to your site? Can it still serve your customers? If not, do you have a ‘sorry’ page or a contingency plan for expected and unexpected downtime issues that cannot be quickly resolved?

Say your marketing effort was more successful than expected, is your environment prepared to handle large bursts of traffic or would it cancel out your marketing efforts by shutting down and becoming unavailable? Your ecommerce strategy must identify and address infrastructure needs to support availability.

PERFORMANCE

Stable and reliable performance is also a critical factor for an

ecom-merce environment. If a site does not respond in a timely fashion or reacts erratically, customers will abandon the site. Performance must be monitored in real time and over a period of time to determine if resources are overtaxed from both a hardware perspective and from a response perspective. Without these tools to test and monitor the overall responsiveness of a site, an ecommerce merchant could lose valuable response time without even knowing it.

Performance should be considered throughout the entire ecommerce environment— from network throughput to disk I/O and even memory or CPU utilization—as the single weakest link can cause the entire environment to respond poorly.

SCALABILITY

Your store needs to deliver a consistent experience whether serving five concurrent users or 5,000 concurrent users. Some merchant sites may experience predictable seasonal traffic which provides time to prepare the environment. Other sites— particularly new sites—may not know what levels of traffic to expect but need to be adequately prepared. Both environments need to have a strategy in place to account for scalability but may end up taking vastly different approaches.

Nearly half of companies

(48%) report that

downtime negatively

impacts their brand

and reputation.

4

1-sec delay

in response

can lead to

7% drop in

conversions.

5

(7)

One of the biggest scalability questions for any ecommerce site is focused on how many connections the site can handle, which is a difficult question to answer without performing tests. Every system has physical limits and most ecommerce environments will have some uniqueness to them. The only real way to know an environment’s scaling capacity is to test all aspects of the site and view the results from an end user’s perspective.

Performance, availability, scalability, and compliance and security are critical factors in building a solid risk mitigation strategy in any ecommerce environment. By under-standing the potential threats to each of these factors, you can start evaluating ideal site flow and building an inventory to serve as the foundation of a strategy to create the optimal ecommerce experience with each site visit and transaction.

CHOOSING YOUR ECOMMERCE STORE PLATFORM

The effort needed to execute a sound ecommerce strategy revolves around the plat-form you choose to run your store. There is no one-size-fits-all answer applicable to every ecommerce site. Each operator needs to review their options against their strategy to choose the right combination. Options include:

• Cloud: Takes advantage of massively scalable infrastructure and pre-configured or highly customizable environments to reduce hardware and management burdens. Choose a public cloud for low cost or private cloud for workloads subject to strin-gent security or compliance mandates.

• On-premises: Puts the burden of hardware, security, performance, and scale on your IT team and your budget giving you ultimate control with all the headaches that accompany being responsible for the entire ecommerce infrastructure. • Hybrid: Combines on-premises or dedicated hardware with cloud resources to

achieve cloud efficiencies while meeting certain security or compliance needs. In a hybrid environment, a retailer can opt to move certain workloads, like email or content delivery to the cloud while maintaining control over other critical systems best run on dedicated or on-premises gear.

(8)

Sit in the role of the consumer and follow the steps they need to take to purchase on your site. Though it sounds simple, taking the time to carefully connect all the dots between the inventory line items, back-end processes, and customer experience to find and fix gaps is critical to future success.

The following sample connects the site flow process as categorized into areas of focus: business, technical, and customer facing activities:

BUSINESS:

• Marketing campaign, sales promotion, or media mention drives customers to website

• Social media activity stimulates traffic • Internal/employees access site for reference CUSTOMER:

• Users access site using an internet browser and their desktop, mobile, or tablet device

• Request travels over the Internet (caching name servers/root name servers)

TECHNICAL:

• Registered URL configured to resolve to a Public IP Address through DNS then IP resolved to an Internet Service Provider (ISP) • IP Address request sent through a series of routers to your data

center

• IP Address and port number (80-http/443-https) travel through a series of switches.

• Web service server accepts the request and responds with content or sends a request to a database server.

• Information travels back to the customer for each request CUSTOMER:

• Views the requested data

• Makes a decision to continue browsing the site • Adds an item to the web application/shopping cart • Continues to the check-out process

Plan for mobile:

Mobile commerce

(M-commerce) accounts

for 1 in 10 e-commerce

6

dollars and is set to

grow to $86 billion by

2016.

7

Incorporating

mobile elements

(design, features, and

infrastructure) to best

represent your brand and

web properties across

multiple devices gives

you more access to more

opportunities to engage.

3. Step Three: Mapping Site Flow and Processes

(9)

TECHNICAL:

• Checkout and/or site registration process must adhere to privacy regulations • Payment gateways must meet compliance guidelines

• Confirm payment method used BUSINESS:

• Generate purchase confirmation

• Transactional and order follow-up communication • Inventory and fulfillment coordination

With an understanding of how your site needs to operate (Steps 1 & 2) and the processes required to support user experience (Step 3), you’re ready to create an inven-tory.

(10)

4. Step Four: The Inventory

An inventory defines the pieces that make up an entire ecommerce site allowing the organization to take a strategic look at the individual components it has, or needs to have, in order to operate. An ecommerce site’s inventory may include:

These items span across departments. All stakeholders should point out aspects of their particular focus that are not represented. For example, examining the inventory from a business perspective may point out that marketing isn’t listed, and without marketing there wouldn’t be any customers visiting the site. The technical perspective points out that there isn’t any hardware or even a data center listed. The security perspective points out that there isn’t a firewall, SSL certificate, or the 200+ other requirements that should be considered for an ecommerce site. All of these points are valid and demonstrate that each organization’s ecommerce inventory is unique and needs to be tied to your goals and the requirements of those goals.

The average site visitor never considers most items in the inventory, but the inventory must capture as much information – high-level and granular details – to formulate a solid site strategy for a seamless experience. What customers will notice is the site’s ease of use, its accessibility, its performance and its availability, none of which are listed on the inventory. The educated consumer might also pay attention to the privacy or chargeback policy, the ‘lock’ or ‘green bar’ image on the browser (Extended Validation), the available payment options, or even the ability to purchase over a mobile device (M-commerce). A

well-developed inventory guides the strategy that delivers a superior user experience. It can also uncover areas for improvement and those areas no one thinks about until something goes wrong, like security or shopping cart functionality.

Creating a vetted inventory is exhausting, however it’s an important first step to under-standing how all of the site’s pieces work together. Once you’ve completed this inventory, you’ll have a better understanding of what you need to do to implement the technologies

(11)

Summary

According to the 2013 Forrester and Shop.org “The State of Retailing Online” study, the benefits of incorporating the elements of ecommerce strategy discussed in this paper do pay off. For example, survey respondents indicated a 40% increase in ecommerce-related IT spending gained a 58% increase in conversions between 2011 and 2012.8 If your site isn’t designed to bring customers back, you could lose the 41%

of sales accounted for by repeat customers. This may explain why four out of five respondents plan on re-designing to optimize their ecommerce properties this year. The impact of building and executing a thorough ecommerce strategy can mean the differ-ence between the success and failure of your ecommerce empire.

NEED HELP?

From planning to deployment, we’re here to serve you. Whether you need our

Enter-prise Cloud Services team to help plan your configuration, Critical Application Services

for guaranteed uptime, or our experienced, Fanatical Support® staff to help manage

your server – we’re available. Hundreds of thousands of businesses count on Rackspace due to our experience, commitment to transparency, and responsiveness. Our focus on support is why we we’re the #1 hosting provider to the top 1,000 web retailers, according to InternetRetailer.com.

(12)

Real Customers Talk Real Benefits

Employing Rackspace Cloud into their

Ecommerce Strategy:

COMPLIANCE:

“When PCI standards were first issued, we realized we needed a hosting provider that was an expert in security. Rackspace is that provider. They know how to configure our infrastructure which helps us in our compliance with PCI standards and are working with third parties to provide the ongoing monitoring to stay compliant. Not only did this make it easier for Modern Retail to get its PCI compliance but it also eliminated much of the work and time it takes to become compliant, which of course saves us money.”

Todd Myers

President, Modern Retail Read full case study AVAILABILITY

“Rackspace provided us with three different firewalls in three days when growth was exploding. It took only hours to stop the bottleneck caused by users flooding to our site because I can call Rackspace and say ‘here’s the problem, here’s what we need, how do we solve this.’ Rackspace’s Fanatical Support is real.”

Aaron Batalion

CTO and Co-Founder, LivingSocial Read full case study

PERFORMANCE

“Key factors in our choice of Cloud Sites were the conve-nient and cost-effective pay-per-use model, load balancing, and high availability (HA) capabilities. As we migrated our corporate site, sales extranet and career site to The Rackspace Cloud, the ability of the service to support multiple platforms simultaneously was also a significant driver in our decision to move to Cloud Sites. We are able to run both our PHP and .net asp sites in parallel – eliminating the need for multiple web servers.” Tom Cesario

Director of Information Technology, Radio Flyer Read full case study

(13)

SCALABILITY

“We love being able to scale both horizontally and verti-cally. After New Year’s, everyone goes on a diet, so that’s when our traffic peaks. We might get three times the traffic from January to March. With Cloud Servers, we’re able to spin up new web front ends within a matter of minutes, and then take them back down once traffic goes down. We have this elasticity in our farm that is only possible in a virtualized environment.” Rob Volk

Chief Technology Officer, Live Smart and Beyond Diet Read full case study

COST EFFECTIVENESS

“Before Cloud—what I think of as ‘BC’—we used to have to figure out ahead of time what hardware we needed to run on and estimate future growth. In the past we looked at our computer technology as capital expenditure, but by utilizing your cloud environ-ment, it just becomes operational cost.”

Chris Sonjeow

Co-founder, LoveBook Online Read full case study

Sources: 1 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_ xg.pdf?__ct_return=1 2 https://www.privacyrights.org/data-breach/new 3 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_ xg.pdf?__ct_return=1 4 http://www.itbusinessedge.com/slideshows/show.aspx?c=90238&slide=8 5 http://www.strangeloopnetworks.com/resources/infographics/web-performance-and-user-expectations/ poster-visualizing-web-performance/ 6 http://www.comscore.com/Insights/Presentations_and_Whitepapers/2013/2013_Mobile_Future_in_Fo 7 http://www.internetretailer.com/trends/sales/ 8 http://www.shop.org/research/original/state-retailing-online-2013-key-metrics-and-initiatives

(14)

About Rackspace

Rackspace® Hosting (NYSE: RAX) is the open cloud company, delivering open technologies and powering

hundreds of thousands of customers worldwide. Rackspace provides its renowned Fanatical Support®

across a broad portfolio of IT products, including Public Cloud, Private Cloud, Hybrid Hosting and Dedi-cated Hosting. The company offers choice, flexibility and freedom from vendor lock in.

GLOBAL OFFICES

Headquarters Rackspace, Inc.

5000 Walzem Road | San Antonio, Texas 78218 | 1-800-961-2888 | Intl: +1 210 312 4700 www.rackspace.com

UK Office

Rackspace Ltd. 5 Millington Road Hyde Park Hayes Middlesex, UB3 4AZ Phone: 0800-988-0100 Intl: +44 (0)20 8734 2600 www.rackspace.co.uk Benelux Office Rackspace Benelux B.V. Teleportboulevard 110 1043 EJ Amsterdam Phone: 00800 8899 00 33 Intl: +31 (0)20 753 32 01 www.rackspace.nl

Hong Kong Office

9/F, Cambridge House, Taikoo Place 979 King’s Road,

Quarry Bay, Hong Kong Sales: +852 3752 6465 Support +852 3752 6464 www.rackspace.com.hk

Australia Office

Level 4, 210 George Street, Sydney, NSW 2000 Phone: 1-800-722577 www.rackspace.com.au

© 2013 Rackspace US, Inc. All rights reserved.

This whitepaper is for informational purposes only. The information contained in this document represents the current view on the issues discussed as of the date of publication and is provided “AS IS.” RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS DOCUMENT AND RESERVES THE RIGHT TO MAKE CHANGES TO SPECIFICATIONS AND PRODUCT/SERVICES DESCRIPTION AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/OR PROCESSES MENTIONED HEREIN. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.

Except as expressly provided in any written license agreement from Rackspace, the furnishing of this document does not give you any license to patents, trademarks, copyrights, or other intellectual property. Rackspace, Fanatical Support, and/or other Rackspace marks mentioned in this document are either registered service marks or service marks of Rackspace US, Inc. in the United States and/or other countries. OpenStack is either a registered trademark or trademark of OpenStack, LLC in the United States and/or other countries. Third-party trademarks and tradenames appearing in this document are the property of their respective owners. Such third-party trademarks have been printed in caps or initial caps and are used for referential purposes only. We do not intend our use or display of other companies’ tradenames, trademarks, or service marks to imply a relationship with, or endorsement or sponsorship of us by, these other companies.

References

Related documents

The Payment Card Industry Data Security Standard, PCI DSS, is a proprietary information security standard for organizations that handle cardholder information...

Payment card industry (PCI) data security standards (DSS) are a set of standards that the payment card industry and related organizations use to increase controls around

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit,

The Payment Card Industry Data Security Standard (PCI DSS) is an evolving framework designed to protect cardholder data.. This multifaceted security standard outlines the

Purpose of Payment Card Industry Data Security Standards (PCI-DSS).. §   Set of global security standards and

They will provide a support service for patients requiring complex cardiac devices (ICD’s/CRT devices) and other patients requiring arrhythmia management on a daily basis..

 PCI DSS: Payment Card Industry Data Security Standard  Goal is to protect “Cardholder Data” (CHD)..  Goal is to protect “Cardholder Data” (CHD)  Primary Account

  PCI DSS: Payment Card Industry Data Security Standard   Goal is to protect “Cardholder Data” (CHD)..   Primary Account