Ayman Ghanam, Research Analyst at Euromonitor says ‘This trend will be encouraged by the growing usage of credit cards as consumers become more comfortable with buying online. With internet users in the Arab World tipped to reach over 170 million by 2016, internet retailing in the region is clearly set for staggering growth’.

Euromonitor said that research indicates internet retailing in the region is expanding across other channels, with new products such as home care, DIY and gardening recently gaining their first significant presence in internet retailing. Players from the UAE have already started expanding elsewhere including Saudi Arabia where forecast growth over the next 5 years is 136%. Euromonitor expects this to be followed by expansion into other Arab countries such as Egypt.

Consumers in the UAE spent $226.8 million online last year, a figure expected to grow to $270.9m this year.

Millions of users are now accessing retail sites via mobile devices, and that number will increase as the time goes on. According to recent study by Nielsen, traffic to mobile commerce sites and applications increased 50%.

In most of the cases, you don’t need to have to make large investments in new technologies to support mobile expansion. If you have a website, you can easily optimize it for mobile web. Extend as much of your existing set-up as possible into mobile channel to maximize your investments.

There are some key elements that you need to keep in mind when designing your mobile site:

• High mobile expectations. 80% expect the mobile experience to be at least as good as in-store shopping. 85% expect it to be at least as good as using a traditional PC.
• Risk of losing customers. 63% of online adults said they would be less likely to buy from the same company via other purchase channels if they ran into trouble with a mobile transaction.
• Mounting frustration. Mobile users say they find mobile transaction problems very frustrating. 23% have cursed at their phones. 11% have screamed at their phones. 4% have thrown their mobile devices!

A well designed mobile website should look different, but not necessarily require a separate platform or backend. When you visit a site from a mobile phone, you should be seamlessly shown the mobile version of the site.

A common issue is that many people assume that the way to get a mobile version of their website to is to strip out content or features that they think are not relevant to mobile users – essentially creating a ‘lite’ version of the site. To be fair, a mobile website requires a focused, simple interface – but customers don’t want a ‘dumbed-down’ version of a site, they want a uncomplicated and easy to use site, and that is a big difference.

Try to use identical icons and images on its desktop and mobile sites. The uniformity of design and navigation means that customers familiar with the website will feel right at home on the mobile site.

Good navigation is vital, don’t make buttons small – keep them ‘finger-friendly’. The use of images can make a big different – it is important to remember that it’s harder to sell products that mobile shoppers cannot see.

Mobile Website or Mobile Application?

For the most e-commerce systems, a mobile version of your existing website will make more sense than developing a mobile application. A mobile website can be accessed by any mobile user, regardless of which mobile system they are using, without the user needing to do anything more than navigate to the correct URL. With applications, you need to create a different application for each platform, such as iPhone, Android and BlackBerry. You then need to have the mobile users download and install that application before they can use it. This in turn requires that your application is submitted to the relevant application store, where it must be approved before it can be downloaded. It some cases, the application store may even require a share of all revenue generated by the application.

Should you then decide you need to make some changes or updates, with a mobile website you can simply make those changes whenever you want. All users then see the new version the next time they browse the site. With an application, the updated application will need to go through the approval process again, and then you need to get all your existing users to re-download and re-install the application. Your systems will need to be able to deal with handling multiple versions of the application as some users may not update to the latest version.

Key areas where applications have an advantage over mobile websites can be in performance, and in possibly offering an enhanced user experience as the application can have full control of the user interface, access alternate input devices such as the camera and microphone, and may be able to read other sensor information that the mobile makes available.

Taking Payment

In just the same way as would happen with a regular e-commerce site, at some point the customer is actually going to want to pay for something.

If you use our hosted payment pages, then that stage is easy. Just as you would with customers from your regular site, simply post the purchase details to the Innovate Payments gateway and a mobile version of the payment pages will be displayed.

If you are using the remote API, then you will need to ensure that your payment pages can be displayed correctly on a mobile device, and that they are easy to navigate and use.

AIB are planning to ditch the Laser Card (and also the Maestro Card) and replace them with Visa debit cards. This is due to happen in the second half of 2012.

The move is to pave the way for AIB to introduce contactless payments for small transactions, allowing Visa Debit holders to pay for purchases of €15 or under by holding their card over a reader at certain retail outlets.

You can view the announcement by following this link to the AIB Press Office

To make sure that data breaches are reported in a consistent manner across the EU, the ePrivacy Directive allows the Commission to propose ‘technical implementing measures’ – practical rules to complement the existing legislation – on the circumstances, formats and procedures for the notification requirements. With the transposition deadline for the revised ePrivacy Directive having passed (on 25 May 2011), the Commission has now started its preparatory work on the technical implementing measures for personal data breach notifications.

As a first step, the Commission wants to engage all relevant stakeholders – such as telecoms operators, Internet Service Providers, Member States, data protection authorities, national regulatory authorities and consumer organisations – in a public consultation process in order to gather practical input based on existing practice and initial experience with the new rules. This will help the Commission to determine whether technical implementing measures are required to ensure harmonised national measures on personal data breach notifications, and if so, what form they should take.

Respondents are encouraged to provide practical examples of how they handle data breaches and notifications in the Member State(s) where they are active. The Commission also invites organisations not directly involved in the notification process, such as consumer groups, to express their views on the issues involved, even if it may not be possible to provide answers to all questions.

Public consultation on personal data breach notifications under ePrivacy Directive

The report indicated that 98% of small merchants both fail to maintain their firewalls and fail to regularly test how secure their systems are. 75% did not actually protect the payment data that they stored.

Network and data security is not a simple (or cheap) task – most small merchants simply cannot afford to maintain full time staff dedicated to system security, but without that they will always be at risk of having their systems compromised.

The best way to avoid these issues is to not actually collect or store any card details. If you do not have the information, it cannot be taken from you.

So, how do you process e-commerce transactions but not be involved in handling sensitive information?

Simply by using a hosted payment system, you can avoid any of the issues relating to card data security. All of the information capture and storage is handled by the payment gateway, and it is their responsibility to handle all of the security requirements for card processing.

Innovate Payments is a PCI DSS Level 1 certified system, and offer a fully hosted payment page solution as one of our integration methods. For details on the hosted payment pages, please see the integration guide which can be found here:

http://www.innovatepayments.com/pdfs/HostedPaymentPage.pdf

• The Solo debit card product is being withdrawn from issue and the Solo scheme is being decommissioned permanently
• UK-issued Maestro cards have now been aligned with a number of the processing rules for International Maestro cards

From the 31st March 2011 you will no longer be able to take and process payments by Solo, therefore by this date you need to:

• Remove Solo as a payment option from your payment solution
• Remove the Solo card type and logo wherever it is displayed; for example on your website, marketing materials, etc.
• Cancel any recurring payments initially set up on a Solo card and request alternative payment from the cardholder

UK-issued Maestro cards will align with a number of the processing rules for International Maestro cards with effect from the 13th May 2011

Issue number and start date

Changes to the UK Maestro card design mean that these cards will no longer have an issue number or start date and you will not be required to collect this information for Maestro transactions.

You must remove this information from your payment solution, website payment pages, etc, and ensure that the capture of the issue number and start date are not mandated fields for Maestro transactions. If you continue to require the issue number and start date as mandated fields, this may affect your ability to process Maestro payments successfully.

We would strongly recommend that you make these changes as soon as possible to allow your business to continue to accept and process card payments successfully. If you process transactions using the Innovate Payments Hosted Payment Pages then these changes will be made for you, however if you use the Remote Interface then you need to ensure that your own payment pages are updated to allow for these changes.

The net effect of these changes is to simplify the payment page layout, there will no longer be a need to have fields such as issue number and start date which were only relevant to these card types. This will result is less confusion for card holders who are not familar with these schemes – we have seen many instances of consumers attempting to fill details into issue number and start date fields for cards that do not require them. These problems will now finally be a thing of the past.

Lush are not a customer of Innovate Payments.

So how can you avoid the same thing from happening to your business?

Simply by using the Innovate Payments Hosted Payment Page system your site is automatically protected from this. As your systems are never involved in the collection or storage of credit card information, there is nothing for anybody to take from you

Of course you should take all possible steps to avoid any other information you may gather (such as customer name, address, email, phone number or order details) from being exposed in any way. As a basic guideline, you should make sure that you:

• Have a well configured firewall in place.
• Only enable necessary services and applications; Disable all others.
• Create user accounts following the principle of least-privilege.
• Set all account passwords to a strong password.
• Remove or disable unneeded default accounts.
• Change any default passwords as installed by application software or other equipment.
• Change passwords on a regular basis.
• Apply any patches or upgrades for known vulnerabilities or security issues on a regular basis.
• Never run any services (such as database or web) as a user with enhanced priveleges.

Even if you use the Remote service where your systems do gather the credit card details, you can limit your potential exposure simply by not storing those details. If you discard the card data as soon as the transaction has been completed then it cannot be taken by anyone else. The information will be retained by the Innovate Payments system, and you do not need the details in order to process any further transactions for that same consumer (such as a refund or void) as you can simply pass the original transaction reference and the Innovate Payments gateway will retrieve the card information from that transaction.

You can read more details regarding the problems a Lush in this article by ABC news.

The CNN article can be found here: http://edition.cnn.com/2011/US/02/10/california.credit.zip.code/

Fortunately this only applies to card-holder-present transactions conducted in store. The law provides for the collection of personally identifying information that’s necessary for the transaction. Online, this includes the billing zip code – which is a key element required in order to be able to use the Address Verification System.

The ruling is aimed at preventing retailers from collecting information and later using that to obtain further personal information about the customer (for example, using their name and zip code to obtain their full address).

The full ruling can be found here: http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF

This does not in any way affect the information that is collected during an online transaction in order to verify the card holder details.

Simply by adding a Facebook Like button to your website, you encourage users to share your site and link back to you in their social network profile, which exposes your site to their friends. In a way Facebook is building an alternate index of the web, but unlink search engines such as Google, this index is built upon people’s likes and preferences.

If you add a Facebook Like button to your website, anyone who clicks it will have an item appear in their news feed on Facebook containing a link back to your website. All of their friends will then see that someone they know has ‘Liked’ you page, and may click on that item and be taken directly to your website.

Adding the button to your site is simple, just visit the Like Button page on Facebook and follow the instructions given there.

The basic button controls allow you to set size of the button, the fonts and colours used, and of course the URL you want people who click the link to connect back to. You must make sure that this page will always be available – you don’t want anyone to click on the action in Facebook to come to your site and get a page not found error.

You can extend the functionality of the Like button by using Facebook’s Open Graph protocol. By using this you can categorise you page according to a number of what Facebook call object types, which allow your link to appear within certain sections of a user’s profile. For example, if you select ‘movie’ as your object type, then you details would appear within the user’s favourite movies part of their profile.

With over 500 million active users on Facebook (see the Facebook Statistics page) each with an average of 130 friends, can your website afford to ignore this as a potential source of new leads?

The survey reports that 68 percent of Singaporean female respondents claimed having shopped online in Q4 2010, as compared to 60 percent of local males choosing to make purchases online during the same period.

Some of the items that the Singaporean interviewees listed to have bought online in the period under review include airline tickets, hotel rooms, movie or concert tickets and women’s apparel, according to the survey.

Nevertheless, only 12 percent of Singaporean respondents chose to make purchases via their mobile phones in Q4 2010.