The Target breach has been in the news for some time since it was first reported in December of last year. There have been some fascinating articles written on the forensics of exactly how the biggest hack in retail history happened. There have also been scapegoats, finger pointing and revelations that alerts and notifications were raised prior to the actual breach occurring. How then could this have possibly occurred?
Incidents like this often prompt swift, possibly ill-considered, reactions by politicians. Though they may be well-intentioned, resulting legislation can be fashioned by individuals who may have little to no knowledge of how things really work in the private sector.
Target had recently completed their PCI certification. If anyone reading this has ever participated in a PCI certification audit, you know that it is extensive, involves core and peripheral systems, infrastructure, security, design, process, procedure and a myriad of other operational aspects – some of which often seem completely arbitrary. With all of the recent attention and focus on this, surely it would be front and center in everyone’s mind at Target, right? That is exactly it. Regardless of the systems, automation, training, alerting, etc., it still takes a person to process all of it.
Security systems by their very nature are designed to capture what we call “false positives.” It’s a conservative approach that ensures we look at everything, as innocuous as it may seem, to validate that it is legitimate or suspect. Only once we do, and this is entirely dependent on a company’s specific environment, do we allow the activity. While some may say obviously this activity is suspect and should be shut down, there can be valid business reasons why certain activity is allowed.
Consider that an application is set up to alert on the presence of nine digit numbers in emails.
These numbers could represent an individual’s social security number and the high occurrence of emails with these numbers (identified by one email found having it included) could signal the transmission of Personally Identifiable Information (PII) for use in identity fraud. So you lock it down, right? Then what numbers do you let go through? Ten digit? Nope – that’s a phone number and considered PII. It is also the same length as the National Identification Number in Bulgaria (the equivalent to a social security number in the United States). Twelve digit? Nope that is the same as a credit card number, and so on. So although you can set automated alerts, someone – a human being – must review them and make a judgment call.
So where is all of this going? Compliance isn’t something that is the responsibility of IT, or Legal or HR. It is the responsibility of every individual to be on the lookout for something that just doesn’t look right. To ask questions when you aren’t sure of something, to make sure that your teams are trained so that when they start to design a solution, or solve a client issue, that they are doing so within the proper framework.
Until we take compliance seriously, and personally as a corporate code of conduct, the lessons to be had from Target’s unfortunate experience will continue to happen and we will once again be looking to place blame and asking “how could this have happened?” The answer will be staring us back in the mirror.
The Cloud. Everyone knows what the Cloud is right? It’s cost effective. It’s reliable. It’s scalable. It’s secure. It’s global. It’s all of these things. It’s none of these things. Here’s what the Cloud is – it’s an extension of your business and as with all things, for every action there is an equal and opposite reaction. To effectively leverage the Cloud, you need to understand your business and more importantly your business requirements. While it’s critical to understand what your business does, understanding how it does it and what your responsibilities are as they relate to support, compliance, cost and the intersection of a myriad of other requirements is critical.
As with all new things, the Cloud came with the promise of doing everything you do today only cheaper. Storage was the first major issue that the Cloud addressed. Following the law that says “nature abhors a vacuum,” storage always seems to get utilized. The trouble is no one can ever tell you why they need what’s in storage, just that they need it. In today’s world of compliance, litigation and discovery, not just storing all information, but knowing what you have and where it is becomes paramount. The only problem is that early Cloud storage providers kept costs down by not only aggregating storage across multiple clients, but by reducing operating costs around the environment by locating it in low cost labor geographies. Users did not know exactly where their data was, only that they could keep all of it and the cost was lower.
Then comes the challenge of changing providers because someone else is cheaper yet. Now you find you have terabytes or petabytes of data in the Cloud, but no means to quickly and easily move it. Your pipes aren’t big enough to mass move data that has trickled out over the span of several years. Even worse, your inexpensive provider is closing their doors and you have little to no time to move your data. In addition, you find that your data is offshore. The government work your company or educational institution performs does not allow for that. PCI and PII require that you know where your data is and that it is secure in the event of a breach. Now you have company and customer information literally outside of your control.
Recently I was talking with a friend who runs the IT organization for a bio/pharma company. He confirmed anecdotal conversations I have had with other peers that when you wrap all of the controls, compliance, data migration, and ILM components around the Cloud, the cost becomes comparable to keeping it in house. That isn’t to say that there can’t be real beneficial uses of the Cloud in your business systems landscape, but it brings me back to my initial point – you need to understand your business requirements first, not just know how your business runs.
We recently signed a multi-year deal with a private Cloud provider leveraging their SaaS solution for our global contact centers. We went through a diligent process of validating our business requirements against their service offering. In doing so, we entered into the agreement with our eyes wide open, knowing where our data was, how it was being handled and stored, who had access to it and finally how we could easily get to it. The industry has matured significantly in the past several years since Cloud made its prime-time debut. Organizations are starting to do the diligence required that should be done with any supplier of critical services to an organization. Conversely, Cloud providers are realizing that cheap isn’t going to win your business. They need to have answers for all of these questions.
Remember, cost isn’t always everything. You do get what you pay for and if you didn’t understand what you were getting into to save money, then the responsibility rests with you no matter how much you saved. Be prepared. Find vendors who understand your business. Validate that they are actually doing what they say they are. If compliance or data privacy are a concern (private or public company not withstanding) make sure you partner with someone who has a proven track record versus someone who says that they will go out and get those resources to meet your requirements. It ensures that they have a model that has been tested and shown to work versus a capability and a willingness to win your business. You will be happy you did.
So will your customers.
Some of our executives recently attended SCM World Live in Miami. While the reprieve from winter was probably appreciated, the key driver for our attendance is that the organization brings together a large number of innovative, successful, front-line supply chain practitioners who openly discuss problems and solutions. It’s not your typical trade show and we consistently learn a lot from these SCM World events. In the opening presentation in Miami, there was considerable reference to the SCM World Chief Supply Chain Officer Report 2013, a year-long study looking at “perspectives and practices of supply chain management around the world.”
One of the summaries that struck me was in the area of sustainability – something we’ve written about on this blog quite a bit over the last couple of years.
- Almost 1 in 3 supply chain managers and executives polled say their business has already generated cost savings from managing energy efficiency, waste, supplier diversity and/or resource scarcity.
- 80% are motivated by an enhanced image, although the true business case for implementation of programs rests more on savings than on the benefits of improved brand perception.
- Most interestingly, the report indicates that we are moving away from on-the-surface programs – perhaps the most readily available and more easily implemented image builder activities – to systems and processes that are deeply woven into the daily execution of getting products to market.
We are certainly seeing this meaningful change among our clients, particularly those who are involved with groups like the Electronic Industry Citizenship Coalition (EICC), which accomplishes its aggressive goals through collaborative efforts and accountability all the way down the supply chain. Publishing corporate social responsibility KPIs and follow-up reports
helps drive sustainability efforts into standard operating procedure. As we can see from the data, this benefits both brand and the bottom line.
Another data point in the extensive CSCO Report indicated that 89% of client sourcing and supplier management teams view strategic vendor and partner engagement as a competitive advantage. That’s the way we approach our business – by acting as a strategic business partner. The goal is to help our clients differentiate themselves from competitors through a tailored mix of supply chain and logistics programs that integrate efficiency, cost savings, brand objectives and customer expectations, from factory to doorstep delivery.
And this collaboration extends to sustainability in our own operations and by helping clients achieve their goals. Success comes through services that make a discernible difference in costs and on the environment, such as package design, optimized transportation networks and final product configuration close to the customer. For more specifics, download our most recent CSR
report or for a shorter read, take a look at how we helped Toshiba Electronics Europe save money and improve their use of resources.
It’s almost hard now to recall a time when GPS devices were not ubiquitous. A key reason for the rise of this new category of consumer electronics—the Portable Navigation Device—goes back to TomTom’s first stand-alone PND, the TomTom GO. When it was introduced in March 2004 it marked a turning point in TomTom's story and helped drive a new way to drive for millions. The GO met a need for a portable fit-for-purpose navigation device that was simple to use, affordable and one of the best solutions on the market.
As demand grew, the company underwent a significant phase of extremely rapid growth and looked to ModusLink as a supply chain partner to help support their expansion. By closely working together, an optimal execution structure was established allowing both parties to focus on their core competencies and most importantly, allowing TomTom to focus on continued innovation and growth in their market.
Over the last ten years (time sure flies!) this working relationship is made stronger by the commitment of both companies to drive an extensive integration of supply chain and logistics activities. For example, by utilizing the same ERP platform, planning methodology and aligned design for manufacturing, we’ve been able to create a long-term, flexible and cost-competitive supply chain.
Flexibility, commitment, growth – the hallmarks of any great relationship. TomTom – thanks for your continued trust!
-Remco Fontein is a ModusLink Business Manager based in Apeldoorn, Netherlands
We have some great writers and very useful detail on this blog. As a writer myself, I certainly appreciate clever phrasing or the well-chosen word. So I might debate the idea – from a philosophical standpoint – that a picture is worth a thousand words.
But the fact is, if you want to communicate simple concepts quickly, pictures and numbers work and work well. To that end, we’ve created a new infographic that includes a few words here and there, but helps tell our story at a glance.
And speaking of brevity, consider following us on Twitter.
Is it one of those terms you hear but aren’t exactly sure what it means? Is it like digital rights management? Well, sort of. DRM refers more to copyrights and authorized sharing of documents and files, while entitlement management belongs squarely in the enterprise software space.
Think of it this way: the number of times you can burn a CD of purchased songs on your iTunes library is controlled by DRM. Your ability to access an Oracle database at work or your ability to access the Quicken help desk based on your one year subscription is controlled by entitlement management.
Software companies have a product to sell, but obviously not a physical product in the traditional sense. Once it’s purchased, the product is made available to the buyer on media like a CD (less common now than 10-12 years ago) or via direct download online. The CD option is easy, but how can you prove you bought the product so you can download it? This is important, basic inventory management for both the buyer and the seller and you were probably given a code or a key that unlocks your right to download the program. It’s a bit like buying a new sofa and then having to drive to the warehouse and show your receipt to pick it up. In the software world, this verification system is a big part of getting products to market.
But software is clearly an interactive product and what the buyer clearly expects with this purchase is an initial transaction, followed by an ongoing relationship with the seller of some kind—usually in the form of updates, patches, support, upgrades, discounted subscription renewals and the like. And this is where managing the life cycle of the purchased product can become a bit more complicated for both parties.
The best entitlement management software solutions not only grant initial access to the purchased product, but they help the seller and the buyer automatically and seamlessly manage all subsequent interactions to the benefit of both—neither party suffers missed opportunities. Additionally, truly robust entitlement management systems are able to easily track entitlement data across multiple parties, for example the purchase history and rights of a distributor or a Value Added Reseller, in addition to the ultimate end customer, are documented and managed. Stay tuned – we have an interesting case study on ModusLink’s Poetic entitlement management solution coming soon.
SEPA, the so-called Single Euro Payments Area, is a combined effort of the EU governments, the European Commission and the European Central Bank to create one integrated payments market across Europe for all organizations or individuals making or receiving payments. By replacing today's fragmented national payment systems with a single set of SEPA standards, organizations and individuals will be able to make payments to anyone within the area through their existing bank account using standardized payment methods.
The European institutions have agreed on a deadline of 1 February 2014 for the phasing out of domestic credit transfers and direct debits, and moving to SEPA. Banks will only be able to accept SEPA credit transfers and SEPA direct debits. This deadline applies to all EU member states in the Eurozone, whereas member states outside the Eurozone have until 31 October 2016 to migrate to SEPA. An important feature of SEPA standardization will be the move from present day account numbers to a new account ID in the form of the International Bank Account Number (IBAN) and the Bank Identifier Code (BIC). Systems need to be adapted to be able to process SEPA payments and adjusting direct debit mandate forms.
SEPA will enable consumers to pay domestically and cross border throughout the whole of Europe. Customers will be able to pay invoices and directly debit accounts in the SEPA area from a single bank account improving customer safety and security. Additionally they will be able to reach all accounts SEPA-wide from one home country account. It is also expected that a uniform payments market is beneficial to competition, which can result in better products, greater efficiency and lower costs. The European institutions hope to have created an environment for enhanced competition in the provision of payment services rules to benefit both organizations and individuals.
For small to medium enterprises, SEPA promises to offer faster settlement and its simplified processing will improve cash flow and reduce costs. For large merchants and corporations, common standards enable the assembly of one standard platform for payments in the whole of Europe resulting in major savings.
The two main SEPA products are the Credit Transfer and the Direct Debit. Each of these product schemes will impact companies' financial supply chain in multiple ways. For businesses, the challenge of migrating to SEPA will be to complete the integration process without any loss of information or control.
SEPA Direct Debit requirements will impact collections, credit and risk and mandate management. It includes restructuring of existing direct debit processes and procedures, in which all mandates are migrated to SEPA standards. There are two versions of SEPA Direct Debit; the B2C and the B2B. The differences however are rather minor.
Here is a basic list of the steps which will need to be taken:
- Banking and accounting software must support the technical messaging standards used for SEPA Payments (ISO20022 - XML)
- Get the BIC/IBAN of all your customers and suppliers
- Print your BIC & IBAN on ALL your business papers (not only for cross-border business)
- Identify any optional or AOS (Additional Optional Services, which are services a bank can offer in addition to those in the SEPA Rulebooks) that have been implemented in your country
- Consolidate the local and cross-border payments in one SEPA system
Are you ready? Remember, transactions in old formats will not be processed by the banks after February 2014. In other words: if you are not ready, you can’t pay or be paid anymore.
To enable merchants to be ready from day one, ModusLink has partnered with P4 Solutions to process SEPA transactions in a secure manner. This involves risk management, a white labelled payment page for the online customer with authentication features like signature, SMS, PIN-TAN, email and quality call, transaction processing with the bank and management of the various e-mandates on a secure e-mandate server, as well as format reconciliation and bank file generation.
I have held previous positions where there was a separation between packaging engineering and logistics. “We design what the customer wants, then it becomes logistics’ responsibility to calculate and figure out the method and costs for moving it around.” Over the past year at ModusLink I have had several dimensional weight projects come across my desk that show how these two disciplines are so clearly interrelated.
For those not familiar with the term “dimensional weight,” let me explain. When carriers ship parcels by air, there are two different ways to cost the freight. These two categories are actual weight and dimensional weight. Actual weight is basically that—the actual weight of the item. In order to avoid losing money by shipping air in a too-large container, carriers will also calculate the dimensional weight of a parcel. This is often done with a formula such as (length x width x height)/constant. The two numbers are compared and the one that is larger is what the carrier will charge.
In the submitted case study for our most recent Green Supply Chain Award, our client was using a stock package for shipments that were predominantly orders for a single phone, although the box could accommodate more. As a result, they were shipping unnecessary amounts of air and being hit by the larger dimensional weight shipping costs. By designing size-appropriate packaging, ModusLink was able to have shipments charged at actual weight. This relieved the client of the dimensional weight surcharge for over 90% of their orders.
Another benefit with this redesign is the elimination of unneeded bubble wrap. Not only is this a material and labor costs savings, but the lack of excess packing material also gives an improved out of box experience. By removing bubble wrap, which the customer ultimately has to throw away or try to reuse or recycle, and reducing the shipping box’s size, our client was also able to achieve a reduction in the carbon footprint for the packaging by decreasing the CO₂ generated to produce the packaging materials.
Combining packaging engineering with logistics is the smart approach. In this case, it checked all the boxes (pun intended) and provided a package that was less costly to ship, less costly to source, measurably more sustainable, easier to assemble and a better experience for the customer.
-Tyler O’Neill is a packaging engineer at ModusLink
While developed markets continue to command a significant share of global online retail sales, they show signs of saturation. To find new growth avenues, online merchants should consider looking beyond their domestic and developed markets.
However, when planning international expansion, online merchants should thoroughly consider how a broader e-business strategy will fit within their existing value-chain, specifically in areas of customer service, finance operations and logistics. The challenge is to balance consumer preferences and expected purchase experiences against the cost of increased complexity in back-office operations.
Global expansion will increase the complexity businesses face. Diverse government structures, unique social and business cultures, and an ever-changing array of legal requirements and compliance policies make it difficult to overcome country-specific challenges.
Online shops must be fully localized in terms of language, terms and conditions, pricing, check-out process and culturally preferred payment methods. Add the complexity of various import taxes (sales tax, VAT, GST) and foreign exchange and repatriation rules that need to be carefully attended, and it’s clear that a business may need to consider a country-by-country strategy. The online shopping experience continues long after payment and includes shipping, customer support and possible returns or repairs. All these factors need to be adjusted to the local flavors. A “one size fits all” approach will not be successful.
Of the various challenges, the complexity of government-based monetary policies can quickly become an organization’s biggest headache. Even very attractive emerging markets, for example Brazil, pose this problem. In fact, multifaceted tax, import and repatriation rules can be some of the most difficult issues to untangle and manage over the long-term.
E-Commerce taxation is a complex and dynamic field, as governments’ modify tax regulations to cater to ever-changing public policy needs. In the past decade, administrations have struggled to agree on tax treatment for cross-border transactions. In the context of international e-commerce, this complexity is compounded as online merchants have to deal with the differing tax treatments of multiple countries. For online merchants, the risk of non-compliance can be direct penalty cost, as well as indirect cost in terms of reputation damages and for those reasons it is imperative to carefully manage this element.
Consider as an example, the changes the European Union has introduced to its VAT rules as a way to level the playing field when selling cross border e-services (e.g. downloads). Currently the applicable VAT rate is based on the merchants’ locale. However, in 2015, both EU and non-EU merchants will have to collect applicable VAT rates based on the consumers’ residence. For instance, the applicable standard VAT rate in Germany is 17%, compared to 21% in the Netherlands. Assuming product pricing is the same in both countries, Dutch consumers currently have a higher incentive to buy from an online merchant based in Germany, but this will change. The online retailer has a rather large responsibility to its consumers and countries where it does business and must understand and appropriately apply these changes to its model.
The critical difference between you and your competitors isn’t always about who offers the better product or service, but the experience customers have throughout the end-to-end purchasing event. A prerequisite for you to be successful is to fully understand the characteristics and regulations of the markets you are targeting. This positions your business to operate at a more professional level, with less risk of consumer dissatisfaction with a transaction. As a result, there is potential to gain a competitive advantage by developing an optimized payment mix in combination with a competitive e-commerce model.
Choosing the right partner can be the make- or-break decision that determines success in expanding your global footprint. An experienced partner can not only to help you tackle country- and industry-specific challenges, but also to help you grow as your e-commerce strategy evolves. In some cases, going a step further beyond payment transaction basics and outsourcing the primary elements of financial management operations, the supply chain and e-commerce processes provides the optimal solution, empowering you to focus on your core business. After all, e-commerce success is more than just payments.
When expanding your e-commerce strategy, look for a partner that is ready and able to extend your market reach, offering localized shopping experiences such as regional payment options and processing, multilingual contact center support and deep knowledge of local logistics, import and export complexities.
I’ve written before on our company’s work with the EICC. (Reminder, that’s the Electronics Industry Citizenship Coalition.) What I love about being so engaged with this group is that the work leads to valuable, measurable and visible results.
A lot of very dedicated people from the top electronics companies in the world are involved in ensuring we as a global industry not just meet the minimum criteria, but continually improve efforts around the use of natural resources and providing safe, healthy working conditions. EICC membership is currently at 89 companies, 40% of which we are proud to call clients!
Last fall, I led a sub team from the EICC’s Validated Audit Program (VAP) workgroup that created the EICC Facility Recognition Program. I officially launched the program at the EICC membership meeting in Taiwan last March.
We wanted a way to recognize those facilities managed within the EICC framework that took the extra effort to complete the entire VAP audit process, including what may be the most important phase – implementing corrective actions where necessary. This is no easy task and completion really shows a deep level of commitment and transparency in the electronics supply chain. And it’s not a “one and done” scenario, because the recognition is valid for a maximum of 2 years, ensuring the continuous nature of continuous improvement.
To date, the EICC Facility Recognition Program has recognized 10 global sites including facilities in the US, Mexico, the UK, Thailand, the Philippines, Hungary and Malaysia. Companies receiving recognition include Seagate, International Rectifier, Onsemiconductor, IBM, Ureblock and ModusLink. ModusLink currently has 3 facilities that have earned recognition: Raleigh, NC, and Miami, FL in the US, and Penang, Malaysia.
You can read more about the EICC Facility Recognition Program and other details on the coalition in the 2012 EICC Annual Report.
-Blake Cambey is a Regional Quality Manager at ModusLink