This article is provided by BRC Associate Member, Valcon.
__________________________
Retailers have had a rough ride in the last few months. We have all seen the headlines. Bastion of the British high street Marks & Spencer was the victim of a protracted and targeted cyber-attack and was forced to take the step of admitting to customers their personal data had been compromised. Co-op has faced a similar attack but mobilised quickly to stabilise its operations – the CEO admitted it will take time to unwind the operational and technical impact of the attack, but it is now operating as normal. Other retailers, including Cartier / Richemont, have encountered similar experiences. As digitalisation and AI increasingly impacts our working and personal lives, the threat levels are now greater than at any time in the past and cyber ‘hostage-taking’ is only going to increase.
Digital first
In today’s ‘digital- first’ retail landscape, your website or your mobile app are your storefront and data is your currency. But these hacking incidents have exposed serious vulnerabilities in retailer’s digital infrastructure and data management that rogue agents are exploiting. And it is not just cyber-attacks – these weaknesses can cause a multitude of problems for retailers.
The stuff of retailers’ nightmares
Crashes during periods of high traffic are common for retailers – during periods like Black Friday, where customers are rushing on-line to get the latest deals, sudden spikes in traffic can lead to slow load times or complete outages, which can be devastating during key events. Customers have experienced checkout page freeze, baskets empty mid-transaction or sales go completely offline during periods of high demand. Slow page performance is another – and sluggish websites frustrate customers – so every second of delay increases bounce rates and lowers conversion. Google reckons that if a page load time goes from one second to five, bounce rates soar to 90%. Poor mobile experiences are another – retailers often focus on desk top environments, ignoring mobile responsiveness and performance. But given the mobile-first behaviour of a lot of modern shoppers, this oversight can be costly.
Why do these problems happen? Take a look at quality and testing
Often – not always – problems and glitches with technology come down to impairments in software testing and quality assurance (QA). So why is it an area that is often overlooked by retailers? One reason why QA and testing is often put to the bottom of the tech agenda is the pressure around fast release cycles – the race to deploy new features or promotions means that QA and testing can be overlooked or de-prioritised. Legacy systems are another issue – retailers are constrained with ageing legacy systems, which are often not designed to integrate seamlessly with newer, cloud native applications. Siloed teams are another sticking point – this can prevent a consistent and unified development, test and release process for systems and applications. For example, a front-end customer facing application may be tested but its integration to payment gateways or APIs might not have been. Inadequate backend scalability can cause issues in inventory systems, payment processing and recommendations if they are not properly load tested. The entire retail operation can suffer.
QA and testing can often focus on the wrong process or function - typically caused by ambiguous requirements and incorrect business processes - and this can be where vulnerabilities creep in.
Brand reputation down the drain
Problems caused by inefficiencies in QA and testing can erode brand reputation and customer trust. It is a fact that inconsistent or broken digital experiences reduce trust and loyalty - a customer who abandons a shopping cart during a failed transaction might never come back. This can all lead to drops in revenue, market share and competitive clout. So, what can be done about preventing these nightmare scenarios from happening?
Building testing into the retail DNA
Forward thinking retailers need to re-think their approach to quality assurance and software testing. The first port of call is to implement a quality and testing assurance strategy to provide a consistent approach in assessing any change, whether it is implementing a strategic transformation or a minor change to an API. One of the key roles of quality assurance is to provide decision makers with clear concise information, at the right time to make informed decision as to what type of assurance and testing should be completed and highlight risks. Here are some of the components retailers need to build a robust strategy:
- Undertake static testing: this is an important element of the strategy, as static testing helps identify defects and ambiguities in design and requirements before the build even commences, which can save time and money.
- Ensure metrics and defect root causes are documented: this will assist future planning and estimation and help avoid recurring issues. Learning from previous mistakes is a valuable lesson and is not a process to assign blame – rather it enables the iterative improvement of the system. This should not be viewed simply as an end of project activity but can be undertaken during the delivery of any change.
- Consider continuous performance testing: it is important to shift from one-off tests before big events to regular, automated performance testing. It is vital to execute automated performance tests for business ‘critical’ functions on a regular basis. This can of course be more costly, but the strategy and risk approach will provide guidance on the type and frequency of any testing that is required and its recommended frequency depending upon your risk appetite.
- Simulate real world load scenarios: use tools which can simulate thousands, or even millions, of concurrent users across different geographies, devices, and bandwidths. It is important to model peak traffic scenarios on historical data – learning from past events, like Christmas, flash sales or influencer campaigns can help retailers future-proof events coming down the track. The load scenarios should consider concurrency of existing network traffic, not just that of the specific change.
- Identify critical end-to-end journeys: this ensures that testing reflects actual customer journeys - from browsing, filtering and selecting, to paying and receiving confirmation. It is also vital to include dependencies on third party suppliers – such as payment providers, logistics and APIs – to test for bottlenecks.
- Involve the whole business: to help avoid a ‘siloed’ approach, involve the whole business and all teams, including vendors and suppliers of outsourced services where relevant. Collaboration across IT, operations, customer services, marketing, B&M etc, will ensure that testing aligns with business priorities and that there are no surprises. It is critical to ensure non-functional requirements are defined, agreed and risk assessed, given the heightened threat levels retailers now face. Early involvement with business users assists with ultimate business adoption of any change.
- Investing in real time monitoring: implementing APM (application performance monitoring) can provide performance metrics and set up and trap alerts to flag performance degradation before customers become aware. This enables a quick fix, provided the application support process is well defined and understood. It is key to flag any system degradation, but if you do not know who can fix it, the alerting becomes redundant.
- Disaster recovery and business continuity planning: with the ever-changing threat profiles to business, it is prudent to review your existing plans and confirm they are fit for purpose. The plans should cover people, communication, business operation and process in addition to technical switching.
If retailers treat QA and software testing as an afterthought, they do so at their peril. As customer expectations grow and the digital battleground intensifies, performance and security are not just technical concerns. It is a commercial imperative. Additionally, if retailers risk exposing customer data, it can be a legal imperative too – there are regulatory safeguards around keeping customer data safe (remember GDPR) so any infringements, intentional or not, could result in hefty fines. By embedding robust testing into development workflows and aligning it with business goals, retailers can ensure their digital storefront is always open, always fast, and always trusted – and their systems, reputation and customer data are always safe.
Valcon’s testing practice collaborates with retailers to strengthen their testing and quality assurance in-house capability to help them mitigate these risks. If you would like to talk about how building your testing capability can improve your overall digital performance, please reach out to Adrian Mangan and Steve Nicklin.
