Two IT Execs See The Different Sides Of Outsourcing

Written by Evan Schuman
September 23rd, 2009

IT outsourcing has always been a strategic balancing act, and it’s never been trickier than today. This is especially true as IT budgets are being frozen just as chains simultaneously enter many new areas such as Mobile-Commerce, expanded CRM and E-Commerce social network integration.

But in two recent conversations with a pair of E-Commerce execs from two unrelated multi-billion-dollar retailers, the execs showed some very different perspectives on when to let your people do the magic and when to hire a specialty firm. The technology on which they diverged was M-Commerce payment security and Web downtime monitoring (or uptime monitoring, if you’re one of those perky glass-is-half-full people).

IT exec one (neither wanted their names or companies to be identified) is a general fan of outsourcing, on the rationale that says “Why not save deployment time and effort by leveraging teams that have already been working out the bugs?” So he opted to outsource to a firm that monitors Web downtime, and he seemed pleased with that decision. But when the topic turned to M-Commerce payment, he took a very different approach.

Both chains wanted to allow consumers to have their credit card details stored, so a simple password—coupled with the phone’s identifying number (a classic “something you have and something you know”)—would fill in the full credit/debit card number and verification codes in addition to mailing address and name, etc.

The first exec saw no reason to outsource that mobile payment function, because his team was perfectly equipped to handle such a task. Besides, he said, with our razor-thin margins, why give up some of that consumer revenue to a third-party?

Exec two, who shared a similar IT approach with the first, went the opposite way on both decisions. He said outsourcing downtime monitoring is a risky deal, because those numbers can be tweaked so many different ways that analysis becomes difficult. If the retailer isn’t 100-percent certain of how every test is being done, the opposite conclusions can be drawn, making the exercise very much worse than worthless. Exec two, therefore, chose to have his team perform all downtime monitoring, so the retailer knew exactly what was being tracked and how.

That analysis could then be done by the same people who do the testing, and whose loyalty presumably resides only with that one retail chain. After all, why share all of that data with a company that you know is taking lots of money from your fiercest rivals?

But when asked about the mobile payment issue, exec two said that he did choose to go outside for that task. Why? He said that his chain’s E-Commerce group—as opposed to the M-Commerce group—would have likely handled it internally, because it would save money. But his chain’s M-Commerce group is much smaller, so he didn’t have any programmers or managers to spare. In other words, his M-Commerce budget was so tight that he, ironically, couldn’t afford to save that money.

There’s no grand conclusion here about which of these execs is right. Indeed, we submit that both are. But we offer their perspectives to make the point to CIOs that almost any IT issue—whether it’s outsourcing or security policy or supply chain strategy—is going to look black and white when a passionate IT manager makes the case. The right choice for one month may be a terrible choice for the next, and a great decision for one group might be horrible for another. There’s only one certainty: Your boss is always right.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.