webinarsbreadcrumb separatoreauctions-chapter-12-part-3-migrating-to-a-new-eauction-platform

In this webinar series, Chris Reddick (President and CEO of Clarity Ventures) and Ron Halversen (Vice-President of Sales and Marketing), talk about transfering vendors and updating security measures.

Part 3 of a 6-part series (Return to Part 2)

CHRIS: The other thing, Ron, that you hit on—and I really think this is such a great point—a lot of times, whenever there is a change from one eCommerce vendor to another, there can be some depth to the reason for that change. Maybe the existing vendor is working with you in an unprofessional manner. Hopefully that's not the case. Maybe they just don't have the capability. But ultimately, running a business and running an online auction marketplace or website can be emotional, and there are at least some emotional components to it, especially when you're dealing with finances and major investment to move the data and make upgrades and changes.  

What we want to say, and I'm just reinforcing what you said, Ron, is the best stance is to be very professional with your previous vendor and maintain a professional working relationship, because this will allow your new vendor to come in and collaborate with them.  

A lot of times there might be some concern about letting a vendor know that there's a new vendor in town. We really don't operate like that, we're a very open book. But with some vendors, there's a valid issue with them being willing to attack you if you show signs that you're going to work with a different vendor. And this is illegal in most cases, and they could get in a lot of trouble. Best case scenario for them, it ought to allow you and others to accumulate a lot of negative press about them that gets to other folks.  

But either way, in the short term, if you're dealing with an eAuction platform vendor who's unprofessional and you feel uncomfortable, we are very good at working through you to make requests that don't tip your cards and show your hand that you are switching vendors. So you don't necessary really have to present it as, “We're migrating to a new system.”  

You can always do things like requesting a full data backup and being able to utilize data backups for archiving, such as, “Hey, we have a data retention policy where we want to go ahead and retain this data, and we need to go ahead and have our own set of data backed up for the data that's pertinent to our customers. Here's what we need, and we needed it at this cadence, maybe it's once a month or once a quarter that you tell them. And occasionally we may need to request it on demand.” We can work with that too. And that's a nice way to work around those kind of situations when switching eCommerce auction vendors.

what is hipaa

RON: That makes perfect sense. And you can even go in and say, “On our annual security audit, we found that we didn't have the disaster recovery backups that we're supposed to have.”. Lots of reasons. And that's a great point.  

You touched on the passwords, I'd like you to mention and dive in, just for two or three minutes if you want, about [how this presents a] great opportunity to review security top to bottom. Are we on the right eAuction software? Do we have the right disaster recovery and backup? Are we painting ourselves into a corner where we don't have a backup and now we have to rely on the relationship with the previous vendor? 

Do we want to add additional factor authentication? There's a lot of different things when we're talking about mobile and hacking and people stealing phones and replicating phones and things like that. So I wanted you to talk just briefly, because passwords are much more about security than just passwords, right? So this is a great opportunity when you're migrating, choose an opportunity to say, “Well, not only am I migrating to a new B2B auction platform form, I'm migrating to new technology and a new set of higher standards around this.”  

CHRIS: Absolutely. There are a couple of facets there that you pointed out about a B2B auction website, and I'll dive into those and possibly mention a few more. First of all, multifactor authentication and being able to deal with the reality that, for a system of interest that has a lot of transactions, and could create a target of opportunity, and just like a really interesting system for hackers to go after, it becomes exponentially more and more important to focus on security.  

This is just a reality in the context that we're in nowadays with operating a public-facing web property. Two-factor authentication in its classic form tends to be email or text-based verification. A lot of security analysis has gone into recognizing that even that isn't very secure and it's relatively easy to breach, but it's significantly better than only having a password.  

And then, whenever you look at passwords, passwords themselves can be breached pretty easily with brute force approaches because we're dealing with human beings that tend to not use password tools. They're trying to remember everything. They're busy. “I'm just going to set this account up and then I'm going to make it better later.” But they never do.  

So it's possible for us to use breach detection of passwords to discover if this password that they're using has been breached or used, or it's been found with their email in that password in a black-market list that's been sold. Well, our B2B auction site can subscribe to that list and include it as an auditing mechanism and let the user know, ”Hey, the password that you put in here is reported on this blacklist that we have access to as having been breached. So you need to update your password now to access the eAuction sites.” 

Then we can do things like providing simple two-factor authentication whenever they're accessing basic things like using the site, but a more robust authentication that is more significant. They can include security questions or an authenticator application whenever they're trying to do something more substantial. Maybe they need to withdraw a large amount of funds, maybe it's over $100,000 or over $10,000, whatever that threshold might be. We can absolutely set these pieces of infrastructure up.  

At the end of the day, there is a human factor to how to run an online auction where you're going to have a law of diminishing returns with too much security and too much diminishing impact on the user experience. And unfortunately, this is the reality. It's like a no-win situation if you go too extreme on the security and it's a no-win situation if you don't go extreme enough. It's a constant balancing act, and you're going to end up finding that you're going to be tweaking it towards more secure constantly over time.  

You want to work with a custom online auction vendor who's looking at this, who's even considering it, and has executed it at the level of intensity that it will probably get to in your industry within two to three years. They should have already executed that when you're engaging them. We can tell you that we've absolutely done this.  

We work a lot with government entities. We also work with a lot of HIPAA-compliant websites, medical portals, and apps, and of course being in the eCommerce space, PCI DSS compliance, among other things. We run into the fire, whereas a lot of vendors run away from the fire. We really enjoy these types of projects because we've invested the time to really get good at them.  

It's a really key area in B2B auctions, Ron, and it's interesting how nowadays even two-factor authentication, which there was this perception three or four years ago that that was a very robust approach. It's constantly getting breached.  

Continue to Part 4 to learn about improving eAuction site performance.

Recent Search

HIPAA Compliance AngularJS Web Development ERP Sage Integrations Microsoft Dynamics Xamarin Framework Comparison Essential Website Features

Top Searches

B2B Supply Chain Management WooCommerce Integrations Catalog Product Tags Top B2B eCommerce Challenges Epic Integrations Optimizing Mobile Apps