Partner Scheme is Go!

After spending 26 years servicing clients direct, we are making yet another bold move and developing a reseller channel with the 3EX.NET product. By combining the feature-rich and standardised ecommerce platform with the skills, experience and coverage of a network of partners, we predict an acceleration in the sales of 3EX.NET. It strikes us that most creative houses are in need of a solution that helps them focus on brand development, acquisition and conversion WITHOUT having to employ programmers and develop custom code. That is where the inherent flexibility of 3EX.NET and its ecommerce module comes in. This, along with the comprehensive back office makes for a compelling proposition - a 'total' approach to running an ecommerce business. It must be good, because within 14 days of the scheme officially starting, we have already signed up our first partner, a Leeds-based digital agency with a wealth of clients and ambitious growth plans. More to follow....

Backing the right horse?

Our seminar at last week's eCommerce Expo North show was a very insightful event. We were considering the basis of our next technology decisions and it seemed that far from crystallising, many delegates were in need of inspiration. Most people acknowledged the critical importance of joined up systems and were perhaps surprised to hear that truly integrated back office and front-end solutions like our own 3ex.net existed. But what market and technological conditions will be prevalent in 3 years that we should be preparing for now? Amongst many others, we are seriously investigating the potential of mobile commerce - not mobile web browsing (impractical in our minds) but apps that could change the way consumers interact with merchants. The problem is that like Windows vs Apple on the desktop, there is no clear leader in mobile OS yet. Choose any from Symbian, Android, Windows Mobile, iPhone, RIM - all have their followers and distinct features, but no interoperability. As a developer the big question is which runner and rider (if any) will ultimately dominate?

Commerce for a Cause

Just been taking a look at the newly-launched Green Baby website http://www.greenbaby.co.uk/, developed on the 3EX.NET platform and launched in record time. It is a nice looking site and our first to use a 'one column' format and dynamic hierarchies (our term for navigation). What is more, it really is satisfying seeing a job well done for a company that has built a brand on the principle of fair trade in a niche market segment. We are Green Baby's 'total outsourcing partner', a bit of a mouthful, but it means that we provide the customer service and fulfilment functions backed by a back office and ecommerce platform that is shared between both companies. This means that the client retains close control over their business, without the fixed costs. And that proves the whole point about what we do - enabling entrepreneurial businesses establish an grow without punitive software and logistics costs. All you need is a good idea....

Window Dressing

The biggest challenge for our R&D team is creating an integrated environment that enables clients to enjoy almost carte blanche at the 'front end'. We compete against many web design/development applications and a loyal band of 'open sourcerers' who believe that control over code is sacrosanct and the only means of creating a bespoke eCommerce website. Our tools in trade are CSS and ASP.NET Master Pages which enable a developer to create custom look websites. What is really neat is that the 3EX.NET application gives a non-technical user total control over the positioning and content of each page/web element. The ability to fundamentally change the look, feel and structure of a site at will, coupled with a powerful back office suite puts 3EX.NET users at a distinct advantage over a generation of online retailers struggling to stitch together disparate systems and databases. Add in the ability to create and run white label websites in minutes and the possibilities are endless.

The blitz

We really did not want 2009 to end. The meetings, proposals and negotiations on new contracts continued to flow until xmas eve and in some cases during the break. We have also just commenced a radio advertising campaign on North West commercial station, RockFM, which has already generated a staggering number of hits on our website.
So all lining up to be a very busy first quarter. The project team is flat out completing installs and we should see some exciting new websites seeing the light of day by the end of January. Of particular interest currently is the white label capability of 3EX.NET which really opens up a world of opportunity by enabling users to create a new site in minutes. See more information at http://www.exactabacus.com/White+Label+Ecommerce+Software.htm
How about a site selling snow shovels - i reckon it would do a roaring trade at the moment!

The kid in the candy store...

2009 has been a very interesting year from a Research & Development perspective. As 3EX.NET software has reached maturity, we have seen the increasing influence of new clients/users over the direction and future roadmap of the product. In the early years we were fed a diet of basic staples such as user definability, processing rules and database normalisation. However over the last six months, we have seen some really sexy new fuctionality being introduced into the product. We have just had a sneak preview of Release v2.6 and one cannot help but get excited about the potential of extended White Label website functionality, an upgraded HTML editor, inbuilt sripting engine and automated demand forecasting. This, coupled with strong demand for 3EX eCommerce software generated from October's trade exhibitons sets us up nicely for a flying start to 2010.

PCI DSS Compliance...a Clients Tale

One of our clients, WCF, who run mail order brands including James Meade and Country Collection have recently achieved PCI compliance. WCF use Exact Abacus' Customer Relationship Management software and Company Secretary, Jo Ritzema, has kindly provided some hints and tips gained from their 18 month long process.

"Where needed, do engage a QSA that you can connect with, as you will be spending lots of time with them. It also helps if the QSA firm will commit to the same consultant throughout the scoping, gap analysis, consultancy and audit phase so that you avoid covering the same ground multiple times and the consultant grows to understand the culture and nature of your organisation.

Spend as much time as possible at the start of the project trying to segregate the Cardholder Data Environment from the rest of your corporate network and therefore reducing the scope of compliance. A few thousands of hardware spend can save you many thousands in consultants time.

Assign a Project Manager who is not involved directly in IT, your IT Manager will have too much on his plate with technical issues to guide the overall direction of the project.

You will gain more credibility if you adopt some of the main principles of PCI across your entire network, even if outside the scope of the CDE (eg, passwords, change requests, user authorisation requests). Indeed there are some PCI security principles that are useful elsewhere.

Fight against buying too many technical solutions if they are not right for your organisation. Research all makes and models, a cost effective solution is out there somewhere.

Do buy Tripwire and syslog, for reasonably low cost outlay you suddenly get lots of ticks in lots of boxes! Make sure all the IT equipment that you buy is capable of creating and outputting the logs required.

Remove system administrator access privileges from as many users as possible. Clean up menu structures such that users only have access to what they need. Menus are easy to re-add if you have been a little over zealous. And you get to find out what people really use!

Be wary of answering yes if doing a self-assessment without a thorough understanding of the requirements of the standard. A comparison of our gap analysis versus that of the QSA showed some major discrepancies.

A couple of days pre-audit consultancy is useful to take the mystery out of the audit process and enables you to be prepared with “audit evidence” before the audit commences. The audit is draining enough even when you are prepared.

Always refer back to the “intent of the standard” when answering the questions rather than blindly following the words of the questionnaire. Do not be afraid to question the standard with your QSA if you feel that its needs are too onerous for your size of business.

Be wary of using standard policy and document templates. We started with one and ended up changing completely as found it was too general to address what ended up being quite specific requirements.

Cross reference every section of the IT Policies and Procedures to the PCI guidance, it saves hours during the audit when trying to find the relevant section and is a nightmare to do retrospectively once the policy has been written.

Do involve your staff with the project and ensure that it is not seen as an IT project. Briefing sessions with staff helped address their concerns and ensured that they understood the reasons behind what seemed like fairly big changes. We did not even have changing user passwords or a visitors’ book when we first started the project.

Don’t assume that once compliance is obtained you can breathe easy. With log reviews, change requests, user authorisation changes, risk assessments, etc it will be easy to fall short on the second audits if initiatives are not maintained. Ensure that your IT department understand that maintaining compliance is just as important as obtaining it.

Do not assume that your bank can give you any guidance on the detailed requirements of the standard but they can tell you what items have the most priority to them so that you can focus on those items first. Getting clean ASV scans for any websites is a good way to immediately gain some time from the bank whilst you focus on the more onerous requirements of the standard.

Accept that you will need CCTV in some parts of your organisation!"

Thanks go to Jo for taking the time to share her experiences, which we hope will be of benefit to other clients.