Online retailers today are facing what may seem to some as contradictory business challenges: delivering a superior online customer shopping experience and securing transaction information to protect customers and comply with regulatory mandates such as the Payment Card Industry Data Security Standard (PCI DSS) and data security breach laws.
To meet both challenges successfully, e-tailers must define a set of performance metrics to reflect the desired customer experience, security mandate compliance and corporate operational integrity. While this approach requires effort, it will pay off in higher customer sales, cleaner audit reports and better risk mitigation controls.
Establishing Business Objectives
Risk management must be defined in the context of those business operations that satisfy customer demands. Online retailers have a greater challenge than most due to a high dependency on interconnected information systems. The turnaround time for processing customer orders, the total customer experience and the back-end administration of these systems all must take into account the operating thresholds for the business.
To determine the appropriate operating thresholds on which the company should be measured, it falls on the retailer’s executives or owners to provide the ideal operating performance metrics to the risk management and information technology group.
Setting Up Efficient Risk Management Metrics
An e-tailer’s operating metrics should include customer (speed), assurance (accuracy) and confidence (security and accreditations). These criteria form the foundation and oversight to manage the introduction of safeguards throughout the business.
The customer metric should measure the speed at which customers navigate through the system, make purchases and manage their account. An efficient system will enhance the customer experience to encourage the completion of a sale and reduce interruptions during the purchasing process.
This metric should include customer response times, delays and pauses experienced through account verification technologies, and total delays resulting from the time it takes to navigate through implemented safeguards (i.e. latency between customer web browser and product database). Management should define the baseline and future performance targets of this metric.
The assurance metric measures the accuracy of orders to reduce chargeback costs and ensure the accuracy of the financial results. It requires the implementation of system-wide safeguards to prevent customer fraud. The effectiveness of these safeguards should be measured on the front end and back end of the system with regular updates on the total counts and dollar amounts of those orders being tracked. While fraud will always plague online retailers, putting safeguards in place to reduce it will increase the profitability of the organization and improve the customer experience over time.
The confidence metric measures how well the e-tailer instills customer confidence. Unlike in-store purchases, online purchases rely on the customer trusting that the site is secure, the merchandise is of expected quality and that the purchasing experience will be equal to or better than shopping in a store.
Confidence is promoted through the adoption of best practices for security, and demonstrating these achievements by passing security compliance audits such as PCI DSS. E-tailers must evaluate how best to demonstrate and communicate customer confidence. Confidence can be measured through regular internal and third party audits, industry risk scores based on attacks and damages, and evaluation of the partnerships the retailer shares that may weaken the organization’s confidence performance.
The Ultimate Goal: Repeat Customers and Growing Sales
The ultimate goal of a risk management program is to enhance the customer experience to create repeat sales and enthusiastic word-of-mouth referrals. To accomplish this, an effective program will take into account the company’s business operating environment, customer expectations and operational business needs, and it will focus on the continual improvement of each of these evaluation criteria.
To set up a risk management program of continual improvement, consider implementing this process:
- Work with business executives or owners to determine the ideal operating ranges for each defined metric;
- Evaluate current and future efforts and realign these to meet the newly established businesses requirements;
- Understand that continual risk management leads to business success through good customer experiences; and
- Establish a monthly reporting process to give administrators and management the information they need to further the mission of the business.
James DeLuccia works to enable organizations to leverage information, technology and control environments to create competitive advantage and optimize business performance. An architect and contributor for international standards and frameworks, DeLuccia provides regular contributions to the payment card industry and compliance body of knowledge. His book, IT Compliance and Controls: Best Practices for Implementation, will be released in March.