IP Applications Billing and Payments blog

Our last blog post dealt with our telecom billing heritage and the need for a strong rating engine if you want to handle the coming pricing models of cloud based applications. It turns out, a strong rating engine is only part of the story, and to our customers and prospects, quite often not the most interesting part.

It doesn’t matter where you start on the spectrum of monetization applications for subscription-based services and products, you have to do everything right to bring a subscription service to market.  As a “billing” company, prospective customers arrive on our doorstep looking for one or maybe two of the above.  The conversation warms up considerably when we talk about our whole range of capabilities. 

The Storefront gives subscribers a low-touch way to subscribe.  “Touch” is a weird variable in the business equation.  Regardless of the customer response, it costs money.  For some products, increasing touch increases satisfaction, but for many products it lowers it.  A well-designed self-service storefront can improve the customer’s experience as it reduces costs.  Subscribers like to set themselves up on your system because when they do it themselves, their name is spelled right, the products they want will be what they get, and they don’t have to worry about whether the stranger on the other end of a phone is going to steal their credit card number.  A clean and simple storefront improves customer satisfaction.   

The Admin Portal is how your company’s staff communicates with the system.  Through it they configure products, pricing plans, business rules and process workflows for your customer’s experience.  A well-designed Admin Portal connected to a comprehensive application provides tremendous flexibility.  Flexibility in defining pricing, product presentation and subscriber experience becomes increasingly valuable over time as product lines evolve and the customer base expands.   

The Rating Engine automates the financial administration of your business deals.  The Storefront and the Admin Portal are how the participants in a deal define the key business parameters.  Then, every billing cycle, the rating engine takes all that data about products, prices, taxes, currencies, subscribers and usage and computes an invoice.  Long-term contracts with variable terms, like subscriber counts or usage statistics are very difficult to bill accurately.  The rating engine doesn’t get bored, it doesn’t go golfing, it doesn’t take vacation, and it never forgets.   

The Payment Gateway, for those deals where payments are made by automated bank check or by credit card, is where money happens.  “Payment gateway” is a simple concept, but the actual implementation can be daunting because of its complexity.  Moving money around is done by banks and credit card issuers, and they protect us and themselves with walls of bureaucracy and risk mitigation strategies.  Your choice of business model has a powerful influence over how long it takes to get set up and your long-term costs of doing business.  The payoff to all the challenges is that once the setup and testing is complete, money “just happens” every billing cycle.   

There is a lot more detail behind a complete subscription commerce business, and that becomes evident as new customers work through the onboarding checklist we’ve developed over the last decade.  The good news is that once that detailed work is done, you have a smooth-running and efficient subscription business system that supports your products, your business model and your subscribers. 

.   
 

Comment (0) Read More...

While here at IPA we regularly get excited about subscribers, recurring billing and payment processing, we understand the rest of the world doesn't always share our excitement. It seems everything the cloud topic touches these days is getting attention and subscription billing is now along for the ride!

IDC has just published a Cloud Billing research paper where they draw comparisons between telecom providers and emerging cloud infrastructure providers when it comes to billing for their services. For frequent readers of this blog you won't be surprised to hear that we completely agree with the thesis of the IDC paper. One of our favorite topics is pricing strategies (see our post on SaaS Pricing Strategies) for SaaS and Cloud subscription services and we often draw comparisons to the mobile phone industry.

At IPA we have a unique perspective on this topic. We cut our teeth handling subscription billing for the Telecom and ISP world and have moved into providing our on-demand recurring billing solution to SaaS and Cloud providers over the last 2 years. Comparing our experiences with our Telecom and ISP customers to the direction our SaaS and Cloud infrastructure customers are going we can offer some concrete examples of the fit:

• Metering: Cloud infrastructure providers in particular but many SaaS application providers have highly metered services. The best way to link value with your pricing strategy is often through usage based pricing.
• Subscription Plans and Pricing: A common criticism of purely metered services is the uncertainty factor. We see many providers now rolling out plans that bundle a certain amount of usage or provide unlimited usage for a fixed price. I've often pointed to GoGrid's pricing plans as a great example of this move toward the telecom model.
• Reseller support: Virtually all of our SaaS and Cloud customers are rolling out channel strategies this year for their subscription services. As a result they are working through how to support their resellers from a marketing (think white-labeled or co-branded online storefronts) and billing (who owns the billing relationship?) perspective.
• Partner Products: In the telecom world many of the products and services are not delivered by the telecom vendor themselves. SaaS and Cloud providers are beginning to bundle services from partners into their offerings and will be looking for their billing solutions to help with revenue settlement.

Clearly, there is a capability fit for providers of Telecom billing solutions to move into the cloud billing space (we ourselves are proof of it). The question we at IPA have is this:

Is there is a cultural fit between telecom billing providers and the growing cloud infrastructure providers?

Time to value: This is a key mantra of the SaaS and Cloud community. The model for selling Operational Support System (OSS) solutions, of which billing is one piece, to telecom vendors has included very long sales cycles, very long and expensive implementations and highly customized on-premise software.

Because our solution has always been delivered on-demand, and our pricing structure has very low implementation costs we've never felt like a traditional telecom software vendor. If our customers aren't making money, we aren't either.

Culture and Language: Not only is there a significant terminology/language gap between the telecom and the cloud infrastructure worlds but we also see a significant discrepancy in what each market finds important.

As we identified these issues, we brought people with SaaS backgrounds onto the IPA team and quickly devoted engineering resources to capabilities our new customers and prospects felt were important such as a rich UI experience.

Outside of our subscription billing capability fit, our on-demand philosophy and our willingness to quickly adjust to a new market have been the two biggest factors in our successful move into the SaaS and Cloud billing markets.

I'm certainly not going to say Telecom Billing vendors can't make the transition (look at us) but I strongly believe the functional fit of their products is only one of many factors they need to consider.

Comment (0) Read More...

Do you need PCI Compliance to sell a subscription service in the cloud?

Our previous post on this topic "PCI Compliance, subscriptions and the cloud - Part 1" covered some of the debate out there as to the effect of the cloud on PCI Compliance and why we think the cloud has improved the situation for companies launching subscription services.

Unfortunately, you'll get different answers to this question depending on who you talk to. Our last post in the PCI Compliance series will tell you why.

Our answer is based on our experiences dealing with PCI Compliance as a service provider and customers that have asked us to help them with their own PCI Compliance efforts. 

The short answer is that subscription services in the cloud taking credit card payments must be PCI Compliant. There are generally two ways to get compliant and it comes down to how you handle the credit card and billing information:

1. Your service or marketing site handles, stores or processes cardholder information

In this case you've made a decision to host the forms that collect the cardholder data and possibly store it within your service to send recurring transactions to a payment gateway.

You will need to implement all the physical security, network security and application security required of the standard. Depending on transaction volumes you may have to pay for yearly audit visits from the assessors.

If you are hosted with a cloud provider that can not or will not meet the requirements (which is most of them right now) then you can't become compliant.

So, yes, hosting your solution in the cloud will be a problem for PCI Compliance if you go down this path.

2. Your service uses a PCI Compliant service provider to collect, store and process all subscriber cardholder data.

In this case, your service or marketing site does not collect or process cardholder data.

While you are still required to become PCI Compliant, that effort will likely be restricted to filling out a PCI Self assessment form in which you point to your service provider as handling the cardholder data. In this case, ensure your service provider does the following:

• They have service provider Level PCI Compliance. Ask them if they have this level of compliance.
• Your service provider's application or portal never allows anyone in your organization access to your subscriber's credit card information.

The proliferation of subscription services has really muddied the waters for online merchants. With traditional shopping carts and one-time purchases credit card information was rarely persisted.

As a result, many popular shopping cart frameworks have begun to add plugins for recurring payments but still require the merchant to collect and transmit the cardholder data for their new subscribers. This puts the responsibility on the merchant to meet the PCI Compliance standards.

Bottom line... If you are offering a subscription service, ensure you understand the effort involved to become PCI Compliant.

 As a provider of subscription services, if you've had experiences with PCI Compliance, we'd love to hear about them here.

Comment (0) Read More...

Does the cloud help with or complicate PCI Compliance for subscription services? For a quick primer on PCI Compliance, check out our previous blog on the topic or our primer page.

Quite a few blog posts lately have been arguing that the cloud makes PCI Compliance more difficult, if not impossible. Don't look to the PCI Security Standards Organization for any answers, you won't find them. We'll tell you why later in our series on PCI compliance.

Back to the topic...

Way back in october, Chris Hoff wrote a tongue in cheek blog post on achieving PCI Compliance for a service that stores cardholder data running on Amazon's EC2 service. The Rackspace/Mosso announcement in march indicating that their Mosso service "Enables the spreadsheet store, an online merchant, to become PCI Compliant" touched off some debate on Chris Hoff's blog as well as those of other cloud security minded folks like Craig Balding and Ben Cherian.

The debate really centers around whether Rackspace/Mosso really enabled PCI Compliance. In this case,  achieving PCI Compliance should mostly be credited to the strategy of using a PCI Compliant service provider to collect, store and process all subscriber cardholder information. 

However, Rackspace/Mosso did in fact step up and work with the security scanners to ensure the storefront was scanned and secure. Amazon EC2 and most other cloud providers to date have not been willing to do this. Good on Rackspace for this, even if their marketing was aggressive here.

While I understand the argument and why folks like Chris Hoff have rightfully been raising the issue, we have a different view here at IPA as to the impact of the cloud on PCI Compliance.

We are a service provider that among other things, collects, stores and processes your subscriber cardholder data. Because we are a PCI Compliant service provider, we insulate you and your service from all the difficult, expensive requirements of PCI-DSS.

Why do we think the cloud has helped here?

We've been doing this for a long time. When we started handling all the recurring payments for ISP and Telco subscription services there were very few, if any,  on-demand services like ours. As online services, and more recently, cloud infrastructure services have proliferated, it has become  easier and certainly quicker to launch a subscription service. As a result, we've seen a whole lot of providers pop up in our space to service the cloud community.

As a result, you now have a variety of choices.  You no longer have to write the subscriber management and recurring payments capabilities yourself and go through the PCI Compliance efforts. Get them from the cloud, from service providers that are already compliant.

Comment (1) Read More...

At IPA, we've been writing about the emergence of successful channel strategies within the SaaS community for some time. Late last year our VP of Sales, Kevin Lennox, wrote about the importance of channel strategies as SaaS companies penetrate the mainstream.

We've seen a number of announcements recently around channel strategies in the SaaS community.  Some, like the Microsoft reversal on who will own the billing relationship in the channel (microsoft or their VARs) make it clear that the large traditional ISVs with established channel strategies are actively implementing their SaaS strategies, even if they're a little rough around the edges.

Just yesterday, Intacct announced a channel relationship that will plant their SaaS offering directly in the mainstream of the SMB accounting and financial services industry. This is a very significant announcement from a pure-play SaaS provider.

IPA has an interesting vantage point of the happenings in the SaaS market with respect to channel strategies. We provide an on-demand subscriber management and recurring billing solution that has specific strength around billing recurring services with channel or reseller relationships. So, our customers and prospects run the gamet of SaaS startups, traditional ISVs launching SaaS services and successful pure-play SaaS companies.

In 2009, we've seen an enormous increase in the number of prospects in our pipeline that are  launching SaaS services into existing or newly created channels. Almost daily, we're talking to pureplay SaaS companies, but also traditional ISVs looking for subscriber management and recurring billing solutions that will support their channel strategies.

From where we sit, the Intacct announcement is only the first of many coming down the pipe. At IPA, we share Jeff Kaplan's view that 2009 will be the year of the channel.

Comment (0) Read More...

Subscription services pricing strategies is a topic I have been asked to write about for an e-magazine article, but before I complete the article I would like to gather some opinion from business executives like you on how your pricing strategies are supporting your customer adoption and revenue.

Personally I like to think about the classic mobile phone plan as my idea of the standard to which we might all compare ourselves to and here's why.

A mobile phone plan, although rather complex in its execution, is actually pretty easy to understand and it accomplishes two major goals I think are absolutely key:

Number 1: Mobile phone plans virtually eliminate all barriers to adoption, by providing a pricing plan for every size of potential user.

• For the very smallest customer there is the prepaid card plan. You put as little or as much as you want on a card, use your phone and when you have used up what you paid for you can choose to add more funds to the card or not.
• With creative bundling and the use of a la carte menus there is a plan that will fit in to every users need and budget.
• As a result mobile phone adoption is amazingly high with some countries having adoption rates higher than 1 phone plan per capita.

Number 2: Mobile phone plans capture every penny of revenue by employing complex yet easy to understand and fair pricing strategies.

• You can choose from any number of bundles designed to target different user requirements and size of need. In addition you can select service upgrades from an a la carte menu, to get exactly what you want instead of being forced to pay for services you don't want or need.
• Most of the services come with a set amount of included usage (phone minutes, data plan, # of txt msg's), however you are never limited to how much you can use (exception being prepaid). You simply use what you want and get billed for the overage, maximizing revenue from customers who opt for lower cost plans as an entry point (remember with a higher entry point you might never have gained that customer in the first place).
• Mobile phone companies offer incentives (or is it higher prices) depending on the time of day or day of week you use the services. You pay a monthly fee for free evenings and weekends. This seems like a great deal to you but at the same time it is enabling the mobile service provider to shape usage patterns in order to spread the load out over their systems thereby saving them on infrastructure costs while still charging you for time that would otherwise have much less usage.

Subscription services pricing plans especially in SaaS vary significantly from company to company. My pet peeve is with the companies that have pricing entry points that assume consumption that is 10x greater than I can use. Why not give me a plan that suits my consumption of the services, capture my business and let me grow with you.

I would really like to hear your thoughts and opinions on this subject, so as an added incentive, I will select 5 responses at random and send those 5 a $20 U.S. Starbucks card.

To respond please follow this link to leave your comment on my blog (preferable), or e-mail me directly at klennox@ipapplications.com. Because of my submission deadline, I will select the 5 responses from those received by midnight Wednesday February 4th 2009.

I look forward to hearing from you.

Comment (2) Read More...

The overwhelming predictions among SaaS writers is that companies replacing outdated software or implementing new software capability will seriously consider SaaS alternatives. One big reason in 2009 will be to avoid large capital outlay.
 
According to a 2008 survey released by Softletter, 55% of SaaS companies sell their licenses as yearly or multi-year paid in advance subscriptions.  From a cash flow perspective that's great, but many of the prospects you are likely to work with in 2009 will be directed to conserve cash. As a result charging annually in advance may not be a good customer acquisition strategy.
 
Consider your prospects decision criteria in an uncertain cash is king environment. Their thought process is probably something like this:

• Do we need this or can we do without it? See our blog entitled The Economic Downturn and SAAS Companies.
• If we need it.
• What companies can provide the solution we need?
• What will it cost?
• What am I committing to?
• What if I need more or less of this service throughout the term?
• What are the payment terms?
• Am I comfortable with how and what I am being charged?

If all else is reasonably equal (product functionality, vendor viability, total cost, contract terms etc.) your prospect will surely prefer a monthly or quarterly payment option or some form of value / usage based pricing.
 
In SaaS, customer retention, renewal and growth are what drives continued revenue and profit. Your products and value based pricing is what attracts them and helps retain them. If you are one of the 55% asking for annual payments up front you may want to reconsider or at least keep a close eye on your prospects buying (or lack of buying) habits in 2009. If you are one of the 45% offering subscription flexibility with pay for use or monthly or quarterly payment structures, 2009 is the time to herald that advantage just as loudly as you can.
 
2009 could prove to be a pivotal year for those SaaS companies that are able to match the purchasing and payment criteria of their prospective customers.

Comment (0) Read More...

Most of us have heard of the PCI standard. Some of us have gone through the implementation and maintenance of a PCI compliant system. If you're not familiar with the standard, and what it entails, let me shed a little light on the subject.

PCI, or rather, PCI-DSS, stands for Payment Card Industry Data Security Standard. It is a set of requirements introduced by the PCI Security Standards Council (composed of members that represent American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) in an effort to ensure the protection of credit card data by organizations that handle the data, such as online stores and billing companies.

What kinds of things are covered by the standard? Well, as a short list: a secure network, protection (encryption) of cardholder data, maintenance of a vulnerability management program, strong access control measures and regular testing of the systems and their security. There are other great sites that provide detail on the standard. http://pcianswers.com for example has a good overview of the standard.

Clearly, the list crosses the boundaries between operations and development and requires a focused effort to achieve compliance.

So, what should you do if you want to handle credit card data? Well, if you have the operational and development skills in house and more importantly the time, compliance is achievable. Our company was fortunate to not only have a development department, but a capable operational department and control of our own datacenter. Often, software focused organizations do not have access to the operational knowledge to ensure all the security measures are in place, or to get them in place. At the very least, depending on your transaction volume, you will need to bring in a third party to actually carry out the required audits.

Be prepared for the ongoing maintenance and updates that come along with PCI compliance. In addition to the scans of the system that must be carried out on a regular basis by an external party, the standard is evolving. For example, by the end of June 08, the standard required that application level firewalls be in place in addition to the network level firewalls.

PCI is a good standard, and the maintenance of our compliance makes use of all of our available technical and procedural skill sets. For those of you just getting involved with the standard, take a close look at all that it entails, and be sure you have the skill sets available to become compliant.

Comment (1) Read More...

I wrote another post the other day about the key questions facing SaaS marketers.  I talked about Consumer versus Enterprise billing and about Direct versus Channel marketing models.  Overlaid on all of these choices, we have the concept of Session Control.

We implement Session Control through a component of our application called the "Session Manager".  It's an optional service but virtually all of our existing clients use it.

If you're a do-it-yourselfer and your application keeps track of users and sends data to the billing application (wherever it is), session management is done by the application itself.  If a customer doesn't pay their bill, someone in a place of authority has to take action to disable access to the application until they pay. 

If you have a small number of customers, the "someone" is probably in your accounting department and they call or email someone at the hosting company to pull the plug for a while.  It's a workable model for a small business, or if you don't care about timely payment.  It may sound odd, but if the customer has a perpetual license, for instance, or it's your corporate parent there's no payment to wait for and session management is unnecessary.  Manual control doesn't scale beyond a few customers, though - it becomes pretty labor-intensive as you grow.

What our Session Manager does is automate the control process and close the loop on payments.  After an account is set up for a new customer, the application and the Session Manager constantly swap messages about who's using the system (is this user that just logged in an authorized user?) and tracking the necessary billing data.  The Session Manager also monitors the payment queue to track whether the account is up to date.

The real value of the Session Manager becomes evident on that fateful day that a customer doesn't pay their bill.  Then the Session Manager uses the client's business rules to decide how to respond.  If the rules say that the customer is supposed to get daily "payment due" reminders and be allowed 30 days to catch up, then the Session Manager sends advisory messages to your administrative managers and implements that strategy without human intervention. 

At 31 days, if the account is still delinquent, an eerie silence descends on the freeloading users as the service is suspended pending settlement of the outstanding account.  While payment-due notices always get attention, a service suspension usually gets a response that a whole blizzard of notices just can't summon.

For any business model where customers pay on a monthly pay-as-you-go basis, session control makes a lot of sense.  It's one less administrative task for the accounting group, and one more control that keeps you from giving your stuff away through inattention to administrative detail.

Comment (0) Read More...

One of the challenges we faced as we set about bringing our SaaS billing product to market was how to explain our application's wide range of capability to potential customers.  It sounds simple but it's not.  We've already found that companies who've built their own billing solution are far more interested in our solution than those who haven't tried it yet.  The latter think billing's easy, the former have enough experience to know better.

After talking to a range of software companies and reflecting on the billing and subscriber management business we already do, we concluded that every client has different needs.  Our application is an integrated billing system.  At the start of the exercise, our application was like a restaurant with one prix-fixe menu.  Even if all you want is the salad course, the fish course and desert, we'll still bring you the beef tartare, the duck breast and the cheese.  Of course, our application is flexible enough that you don't have to take or pay for all of its functions, but they'll be there every time you look at it, whether you're using them or not.

We figured that to make it more attractive we'd have to make the presentation simpler so we set about clustering the application components into logical groups.  The prix-fixe analogy still works but now we have three separate menus - the short one, the medium one and the complete one that includes flights of wine.

There are three questions to aim you at the right menu:

1) Do you need Enterprise billing or Consumer billing?  "Enterprise" means we produce one complex invoice covering a collection of end user.  "Consumer" means one simple invoice per end user.

2) Are you going to operate with or without Session Control?  "With Session Control" means that unpaid bills automatically suspend service.  "Without Session Control" means that unpaid bills have to be handled manually outside the application.  Each is appropriate for some categories of client.

3) Are you marketing through a channel or direct?  Channels are structured ecosystems that are complex to bill and administer.  However, many software companies find they can make more money that way.

We're pretty confident that as the SaaS business matures, most vendors will follow Time-Warner's lead and host their customer and user records with a billing service and use its application and its business logic to manage their SaaS business.  I'm using Time-Warner for this example because over the last five years they've worked with us to implement a top-notch subscription and billing management application that we own and that they run a sizeable chunk of their internet business on.  There isn't a lot they don't know about subscription marketing and delivery. 

So, if SaaS delivery is part of your product plans, spend the time pondering the three questions and figuring out your whole go-to-market problem.  Read everything you can find and talk to lots of people who've already done it before you set your developers to work. 

Comment (0) Read More...