Hold on, did I say you could email me? Subscriptions, abandon carts


Card Abandonment processes and the law


We've all been on a website, added something to cart, maybe even started the checkout where you (gasp) put your email or cellphone and are about to pay when ... life gets in the way.

Now, what happens next... the busy marketer on the website has been in contact / went to lunch with a cool start up which has learnt how to capture keystrokes on the web page and has unknowingly to you saved your details to a 3rd party system in possibly another country with different laws, and different protection. The plan... hit you up with a marketing email phrased as an cart abandonment, even may through in a 10% discount code.

What does GDPR have to say about this? Who knows, probably something - but it's a long document.

What does the busy marketer have to say? Nothing, wasn't aware it was a problem, that guy I met lunch said it was good and it only costs me $1500 a month and he said I could get 10 times my investment back.

Let's look at some facts;

  • Customer didn't actually ask for this email 
  • Customer may have already told you to not send marketing emails (it is a marketing email)


Skirting the obvious

So, realistically, the emails are unsolicited and so you can get pinged for that, however, they did disclosed it publicly to your site, so there is that, but that doesn't fly for key stroke capturing. 

So; how can you get round this;

  • have a good story, someone call this the "how we met" flag, if reasonable, you can get away with it
  • get the T&Cs in their face right of the bat where you tell'm in small font that you might send this email regardless of their subscription status. May not fly, but hey they're on your site, you told them how it works? right? 

I'm still going to do it anyway...


Remember; your abandon cart email should include the following if you really want it to be self manageable and sing:

  • Cart Content
  • Call to action
  • Unsubscribe link - and maybe a survey (be sneaky, have them unsubscribe from just abandon cart reminders!!)
  • Good copy, graphics, even a video
  • A few extra," maybe try these" product recommendations including reviews
  • Big up your security and service information
  • Some urgency in the email .. just two left... etc


There are lots of good pages on this stuff but this is my favourite and possibly how we should all act with emails:

But wait, what else is happening ....

Besides all that stuff, if the guy from lunch is capturing keystrokes to his 3rd party system, is he capturing my credit card too????


Comments

Post a Comment

Popular posts from this blog

cf_sql_timestamp vs cf_sql_date vs getdate()

If there's one thing I don't like it is people confusing a date with a timestamp, and how a lazy bit of development can ruin a load of data. Here is a simple query inserting data to a timestamp I found in a system where all the created dates were truncated because of the incorrect syntax. Bad one which was in use: insert into testdate values (<cfqueryparam cfsqltype="cf_sql_date" value="#createodbcdatetime(now())#">); Result :  2015-09-29 00:00:00.000 Best One (easiest to read) insert into testdate values(getdate() ); Result : 2015-09-29 10:10:09.880 Not great (no binding) insert into testdate values(#createodbcdatetime(now())#); Result :  2015-09-29 10:14:44.000 What the bad one should have been insert into testdate values(<cfqueryparam cfsqltype=" cf_sql_timestamp " value="#createodbcdatetime(now())#">)
Read more

Global SQL Procedure, System Objects and sp_ms_marksystemobject

You may come across a need to have a database of utils full of generic procedures which work on indvidual databases (say client databases). You can't pass the database name into the procedure as a parameter and say "use @dbname" in the procedure and dynamic sql sucks. One workaround is to create the procedure in the master database and then mark it as a system object. eg use [master] create procedure sp_doThis // note the sp_ prefix is required begin // etc etc end go exec sp_ms_marksystemobject 'sp_doThis' // second note, this procedure is undocumented, so I wouldn't be relying on this for life or death. use [myotherdb] exec sp_doThis go All done!
Read more

Ghost Records, Card Recon and PCI Compliance

As part of a PCI Compliance audit, I recently ran a scan on a database using software call Card Recon. A little odd thing occurred. At a point in the past, a row of data in a column, which had been dropped from the database schema, contained a single test credit card number. However, the Card Recon software showed that the data was still there in the database file (this was a SQL Database) in the form of a SQL Ghost Record. A Ghost Record can appear when running a delete or insert command and when running delete and insert in different queries but related by the same indexed data, you can read all about it over at Ghost "Rows" Buster in  SQL Server on Technet. It's basically a record somewhere in the database file, but not directly in a database table and is living in a bit of spare fragmented space somewhere and this needs to be cleaned up. Following this procedure managed to remove the Ghost Record: Convert the database to Simple (only so the transactio
Read more