“Carding” is a specific type of payment fraud that we have seen impacting an increasing number of sites. It is a systematic approach used by attackers to determine which stolen credit card details are still active and valid.
The process begins when an attacker purchases a large set of stolen credit card details, typically from a site hack and often for a very low price, from a dark web marketplace.
Since a significant portion of these cards will already have been cancelled or blocked, the attacker needs a fast, automated way to validate them so they can be sold to other fraudsters at a higher value.
This validation process, known as carding, has 4 primary stages:
With the level of automation that these fraudsters have created, this whole process can be completed in a matter of hours or days.
Having thousands of failed transactions can impact your standing with your banking provider leading to them requiring additional technical controls, guarantees, costs or in extreme cases closure of your merchant account. Equally, accepting payments from cards that are used fraudulently and thus have the cardholder make a claim against those transactions can incur significant penalty costs from your bank.
On top of those risks, the administrative burden of receiving thousands of order confirmation or failure emails and then resolving the disputed transactions and influx of related support queries can quickly overwhelm your internal operations.
E-commerce businesses can implement several layers of defence to protect themselves from being used as a validation point for carding operations:
Since Carding relies heavily on automated scripts and bots, controlling this traffic on your payment pages is a primary defense:
Online security services can provide an effective first line of defense before the traffic even reaches the website’s server:
Working directly with the payment processor to tune fraud detection is critical:
As a web agency, we understand that maintaining a secure checkout is just as important as maintaining a beautiful one. Preventing carding is not just about stopping fraud; it’s about protecting your merchant reputation and ensuring your site remains a trusted place to shop. If you are concerned about suspicious transaction patterns or want to audit your current security before this becomes an issue, then please get in touch.
Over the years, I’ve spoken with many companies that have ran into serious problems because they didn’t know where their domain name was registered. These are usually panicked calls – yesterday everything was fine, and now suddenly they very much aren’t.
So, the issue gets traced back to the domain name, but no one knows where it is registered or who has access.
Domains outlive these short-term relationships, so take a few steps to make sure yours is safe before there is a problem.
Domains are renewed for a specified period of time of up to 10 years into the future. Just before that time is up, you will receive a notification from the registration provider to renew. You pay some more money. Rinse and repeat forever. You’re effectively renting a domain from a domain registry.
However, if the email address the renewal reminder goes to no longer works, or the notification is simply overlooked, it can lead to your domain name expiring. What happens next will vary depending on what type of domain it is – a .com may have different rules from a .co.uk, but the broad steps are similar.
For a .com/.net type of domain, on the day of expiry you can expect the services associated with the domain to stop working. Most notably, this is the nameservers that tell a browser where your website ‘is’ when you type it in the address bar, and where to direct emails to when someone sends to that domain. (Note: the domain and nameservers are completely independent of each other, and separate from your website and email. You could have all four services with completely different companies.)
For a .co.uk / .uk domain things are a little more lenient as there is a 30-day grace period before the services associated with the domain stop working.
At this point you haven’t lost your domain, yet. In either case, from the day that services are suspended you will have at least 30 days to renew. For .com/.net domains providers charge a penalty fee due to the domain being in the “redemption grace period”.
After that point the domain is set to be deleted. This can be between 5-7 days and it can’t be recovered or registered in that window. The domain is then “dropped” and is available for repurchase by anyone. “Drop-catchers” snap up such domains and attempt to sell them on at a premium fee or setup a holding page full of adverts to earn money from the domain’s remaining visitors.
Registrar: A company that manages the reservation of domain names.
Domains are renewed for a specified period of time. Just before that time is up, you will receive a notification to renew. You pay some more money. Rinse and repeat forever. You’re effectively renting a domain from a domain registry.
1. Confirm where your domain is registered
Do you know the domain registrar company by name? This could be 123-Reg, GoDaddy, IONOS, NameCheap or any one of scores of others.
To help find where it’s registered, you can lookup domain registration details using various tools. For .uk domain names, they operate under Nominet’s authority and I recommend using their lookup here: https://nominet.uk/lookup/ . Infotex have our own Nominet tag “INFOTEX”, making it easy to identify if we do hold your domain.
For other domains, go to https://lookup.icann.org/en/lookup and enter your domain name, select Lookup, and scroll down to the Registrar Information section. Hopefully, this rings a bell and you can go to step 2.
It is important to understand that the registrar you see isn’t always the original place you purchased the domain name from. For example, Infotex use eNom for some of our domains so it would show as them rather than Infotex. In this case, eNom provide a reseller lookup tool where you can check who to contact. Other registrars may not show this information. If you find your domain is with 123-Reg, for example, but have no logins you may need to go through a recovery process to gain access to the domain name. This can be a lengthy process but much easier to do now while things are working. It will require you to provide proof of identity as the owner of the domain, but check the registrar’s help pages for further info.
2. Test the login details
If you manage your domain directly with a registrar make sure you can actually sign in to your registrar’s domain control panel.
This isn’t necessary if you have registered with a 3rd party such as Infotex and are confident they are managing it for you. Some 3rd parties provide a domain management portal so you, as the owner, can log in and check or even take control if needed.
3. Check your contact details
This is two-fold. Firstly, your primary login details to your account should not use an email address which is dependent upon the same domain. i.e. if you are logging in to manage MyDomain.com, your login email should not be sales@MyDomain.com. If that domain has a problem then you may struggle to reset your password or receive the two-factor authentication code. Some providers support secondary email addresses for this reason. Be very careful with this, as alternate emails are very easy to lose if they are only used for one job. Definitely make sure it is not an employee’s personal email address.
Secondly, against each domain will be your contact information. Make sure that is up to date, and you should again consider whether to use a separate contact email to the domain it refers to.
4. Review who has access
I would recommend changing your password now to something strong, and making sure two-factor authentication is turned on, and recovery codes are safely stored. This will stop others who may have needed temporary access in the past from continuing to log in. It will also allow you to closely monitor who has access in the future.
5. Check renewal & lock settings
Is auto-renewal enabled for your domain? Auto-renew is useful up until the payment method expires, but turning it off can be a useful prompt to a) check your logins and payment details ahead of renewal and b) make sure you still want the domain.
Also check that ‘domain lock’ is enabled. For most .com’s this will be on by default. Enabling it is a belt-and-braces prevention of someone transferring your domain out of your account. There would be multiple authentication steps to transfer a domain, such as an email to your admin contact, but while this is enabled a domain can’t be transferred.
That may well be true. and in many cases it’s perfectly fine for someone else to manage domains on your behalf, we have thousands of them under our control after all. But, the key point is still visibility.
Even if someone else manages it on your behalf, you should still:
This year’s Infotex Christmas Gathering marked my first full year working at Infotex. Before this, I spent a long stretch freelancing and then working in partnership with one other person. Back then, our Christmas tradition usually involved a meal and a London show as a way to celebrate wrapping up the year, rather than a big team get-together.
So stepping into my first proper company Christmas gathering felt like a real milestone and it made me reflect on how much I’ve enjoyed being part of a team again.
One of the things I’ve loved most about working at Infotex is the feeling of working together, solving problems together, and building things that are bigger than what any one of us could take on alone. I’ve had the chance to use a mix of skills across web development, UX/UI design and UX audits, and it’s been great doing that as part of a wider group.
We have four gatherings a year, and I’ve come to look forward to them. They’re a chance to work face-to-face on current projects, but also to talk strategy. Where we’re heading, what we’re improving, how we want to grow as a business.
It’s easy to forget how much you miss seeing people in person at work until you actually do. You get to know people better, and it’s just easier to talk things through properly.
This year’s Christmas gathering took place in a house in the Suffolk countryside, which was cosy and nicely away from the usual routine. After the work part of the day, it was time for Secret Santa.
I received a large box of Ferrero Rocher, which was a win as chocolate is always welcome!
Meanwhile, Matt became convinced that I got him his Cambridge United calendar and mug. He will never know for sure… and I’m not telling. Some Christmas mysteries are worth keeping.
No Infotex Christmas gathering would be complete without the annual Christmas quiz, run by Kris Parker. We also had a gingerbread train-making competition, which… did not go well for my team. We ended up with a pile of gingerbread rubble!
After the games, we headed to the dining room for a wonderful three-course Christmas dinner. It was great to have the whole event in one place as it felt relaxed and unrushed.
So, here’s to my first Infotex Christmas gathering – and to many more!
It’s that time of year again : the John Lewis ad is out, the Coca-Cola truck is delivering fizzy pop, people are wondering if a tub of Celebrations has gotten smaller and the Infotex Christmas Quiz is unleashed.
As it’s the 200-year anniversary of the railway, there was a dedicated train round amongst a mix of questions about the events of 2025. But don’t let that turn you off – grab your Oyster card, mind the gap and all aboard:
For those taking part in person, they also had to assemble and decorate a gingerbread train under a strict time pressure and sans instructions.
Infotex have been audited as Cyber Essentials Plus compliant to the latest 2025 standard.
We have undergone these independent audits for each of the last 4 years to validate that we are applying best practices for cyber security to help keep ourselves – and our clients – safe against the rising threat of data breach and ransomware.
Many of our clients place a great deal of trust in us. We appreciate the responsibility of this trust and want to reassure all our clients that we are looking after their data safely. Going through a detailed audit like this helps us to ensure that we are doing all that we can.
With the Internet and IT in general being a constantly evolving space, it is important to not rest on past accolades. By utilising external consultants there are always new things to learn and improvements to that can be made. The Internet can be a scary place and worldwide companies are being breached, hacked and ransomed on a daily basis. However, data shows that having controls in place increases the resistance to attack by around 90%.
Cyber Essentials is a scheme overseen by the UK Government’s National Cyber Security Centre (NCSC) and backed by the Federation of Small Businesses (FSB) and Confederation of British Industry (CBI). Within this framework, there are two levels of compliance : Cyber Essentials and Cyber Essentials Plus.
To be compliant with the base Cyber Essentials, an organisation must answer around 70 questions providing technical information and policies for evaluation. These questions cover a wide spectrum, from password policies and storage through to individual computer configuration, networking, software choices and maintenance, and also includes HR policies. It is designed to ensure that the applicant has to evaluate whether they are following current best practice rather than following outdated guidance or beliefs.
Cyber Essentials Plus takes this to the next level. An independent auditor spot-checks a sample number of devices (PC’s and servers) and interview staff members of their choosing to ensure that the policies and practices are being followed across the business. The auditors also perform a range of technical tests to ensure appropriate segregation and security are in place.
Out of an estimated 5 million UK businesses, only around 50,000 successfully complete Cyber Essentials audits each year. There is still a long way for the country as a whole to go to increase its cyber security and is likely to be part of the reason why the Government are bringing forward the UK Cyber Resilience Bill. This will formalise requirements for entities which are in scope, and many of these requirement are based on the underlying pillars of Cyber Essentials.
In recent years we have worked to a limited scope meaning that, from a Cyber Essentials auditing perspective, there were elements of our business which were not able to be fully evaluated. We have been working hard over the last few years to ensure that we have full visibility and follow best practice consistently across the whole business. We have also completed the purchase of additional software to help us monitor all our devices and ensure that we are applying these standards consistently across all our platforms. We are therefore pleased that for 2025 we have been awarded the certification for the whole of Infotex UK Ltd.
2025 also saw a new set of evaluation criteria called “Willow” for the assessment which tightened some controls and in turn required some minor changes to our configurations, however, pleasingly, the majority of the specification changes were to elements where we already exceeded the requirements.
Anyone who works within IT knows how tough it is to be secure because the defender has to be effectively perfect at all times, whereas the attacker only has to find one weakness to be able to get access.
This is why we talk consistently about security, both internally and externally, as we know that it really matters to our clients and there need to be more conversations around what people are doing to protect themselves. With phishing and other scams on the rise, by increasing your own security you are also helping to protect the security of the friends, family, colleagues and businesses around you.
We’re still often asked what makes a good password and why a lengthy string of random letters, numbers and symbols is the best. However, a prominent US body has recently altered its recommendations, which may perhaps make creating passwords slightly easier.
The National Institute of Standards and Technology (NIST) is a US government agency that provide the guidance that other US government agencies rely on. Because of this lofty position, when they make recommendations, it is generally recognised worldwide.
Back in 2016, NIST released their previous guidance on passwords which has been the basis for many agencies and businesses password policies. However, following four years of work, they have released new guidelines for password creation.
Previous guidelines recommended forcing employees to change their password every 45 days, and make sure those passwords include numbers, capital letters and special characters, causing them to be virtually immemorable.
There are some interesting insights here; complexity requirements are officially “out”. Surprisingly, forcing complexity onto humans actually weakens security by making passwords more predictable – think of logins such as “Password1!”. When users must add special characters they often follow common patterns that make it easier for attackers to guess. Of course, if you are using a password generator this shouldn’t be a problem.
From a computer science perspective this makes a lot of sense – the longer a password, the more attempts, and thus time, that any brute-force attack must go through in order to crack the password.
In a simple example, a 6-character password made just from letters could be brute-forced in around 321 million guesses. That may sound a lot but at modern compute speeds is very do-able and remember that most times the attacker will get lucky before they guess the final possible permutation. If you double the length of that password without adding any complexity you are not just doubling the time it would take an attacker, in fact the time goes up exponentially to around 99 quadrillion guesses.
Hive Systems created this chart, logging the time taken to hack a password of different lengths and complexity.
Any password generator will compute a suitable length password. In cases where a password generator isn’t feasible simply create a lengthy phrase – “MyCatIsAliceMyDogIsBob” is counter-intuitively strong because of its length and most attackers wouldn’t know exactly what the phrase was (at the time of writing it’s also never knowingly been in a breach).
There are a number of services which offer to check if a password is known to be in attackers’ lists (called dictionaries) and thus will be tested regularly, Have I been Pwned, supported by Cloudflare, allows you to check if the password you chose is known to attackers.
You can also enter your email address into https://haveibeenpwned.com/ to see if any of your accounts have been exposed in previous breaches and sign up for notifications going forward.
While passwords and passphrases are not going away any time soon, the world is starting to look beyond them and the challenges that they face security-wise.
The use of 2 factor authentication, especially when coupled with a code sent via an alternate means which expires after a period of time, really increases the complexity for an attacker to breach your accounts.
Passwordless logins such as PassKeys are now starting to become mainstream, you may have noticed when logging into Amazon on a modern mobile device that you will now be prompted to create a passwordless login, these work entirely differently by creating a challenge that the device uses to compute an asymmetric cryptographic response where the private component is stored on your PC/phone and the website only ever knows the public component. This allows the PC or device, once confirmed by means of a fingerprint or PIN, or similar, to generate a response that could only have been generated by that device.
As this is quite resistant to phishing, re-use and brute force attack, these make an exceptionally strong login means but currently have portability limitations (i.e. your phone and PC may not be able to share the same login unless they are from the same provider, e.g. Apple) however there are specifications being agreed that will allow greater interoperability going forward.
Physical tokens such as the YubiKey which can take a fingerprint and generate a unique output that cannot be replicated without physical access to the key and fingerprint are also a technology to watch as features such as NFC make what was once a very inconvenient and expensive way to authenticate, much easier and more affordable.
Santa Claus is coming to town! As the festive season approaches, the online world gets busier and so do your customers. To make sure your website is ready to sleigh this Christmas, we’ve taken a little inspiration from the festive songbook.
Here’s how to get your website firmly on the Nice List this year…
Keep an eye on your website’s performance.
Page speed, mobile responsiveness, and uptime can make or break the user experience during busy shopping periods. A slow or buggy site will send visitors clicking elsewhere faster than you can say “Ho ho ho”
Make sure any new images you’re adding are optimised for both size and format, check your site on your phone to make sure it’s useable on smaller screens and make sure you have reliable hosting and support.
Don’t lose leads because of confusing navigation or unclear calls-to-action.
Visitors should be able to find what they need and take action without frustration. Whether that’s completing a purchase, filling out a form, or finding a phone number, each step should be simple and intuitive.
Make sure your calls-to-action are clear, consistent, and festive if appropriate (think “Book your Christmas slot” or “Select Christmas Gift Wrap”).
Avoid neglecting your content!
Outdated, inconsistent, or uninspiring copy can leave visitors less than merry. Fresh, engaging content helps your site rank better in search engines and AI services, exposing you to new potential customers.
Make sure you update your homepage occasionally, and you can target your blog with seasonal flair. However, remember to keep it authentic and on-brand.
Your audience is coming and they will be checking you twice before choosing where to spend their money.
Make sure your website feels trustworthy and welcoming. Ensure your contact details are easy to find and can you use review platforms such as Feefo or Trustpilot for authenticated feedback. If not include recent testimonials and / or case studies.
Show your credibility front and centre as it can make all the difference when customers are deciding who’s on their nice list.
Make sure your search engine optimisation is carried across all the content you’re adding.
That includes alt text, headings (especially your H1s), and keyword-rich copy. The small details that help search engines understand and reward your site.
Keep SEO best practices in mind whenever you add new pages, blogs, or products.
If your site still uses outdated design elements, broken links, or slow-loading images, it’s probably landed itself on the naughty list. On the other hand, clean design, clear messaging, and seamless functionality? That’s pure nice-list energy.
What would a first-time visitor think of your site in the first five seconds?
Christmas is one of the busiest times online and one of the best opportunities to connect with your existing and new audiences. Make sure your website is ready to greet them with festive warmth, smooth functionality, and content that truly converts.
If you’re having a problem with your website or system, our goal is to understand your issue as quickly as possible so we can get straight to resolving it.
The clearer and more detailed your support request, the quicker we can identify exactly what is happening and provide you with the right solution.
Without enough information, we may need to come back to you with follow-up questions, which can slow things down. By including just a few key pieces of information in your request, you can help us respond faster and more accurately.
Here’s a simple guide to making sure your support requests get the best possible results.
Here are four simple things you can include that make a huge difference in how quickly and efficiently we can help you:
If the issue happens on a particular page or section of your site, sending us the direct page address helps us see exactly what you’re referring to.
Example:
Instead of: “Our form isn’t working,”
you could say, “The contact form on https://www.example.com/contact isn’t sending submissions.”
“A picture paints a thousand words” – and that is especially true when explaining a technical problem.
A screenshot can instantly show us what you’re seeing and a short screen recording is even better if you want to demonstrate how the issue happens.
Whenever possible, use built-in screenshot or screen recording tools rather than taking a photo of your screen with your phone – phone photos are often blurry or hard to read, which can make diagnosing the problem more difficult.
Once done, attach the file or share the link with your support request.
A clear description of what you did before the issue occurred helps us replicate it and understand exactly what’s happening.
Sometimes an issue only happens under specific conditions, such as on a certain phone, browser, or operating system version. By telling us what device and browser you were using, we can test in the same environment and makes it much easier to track down the problem, especially if it doesn’t appear everywhere.
Sometimes, what’s “broken” isn’t necessarily a technical error, it might just be that the feature isn’t working the way you expected because it wasn’t designed that way.
That’s why it’s really helpful for us to know what you expected to happen and how you’d like things to work. When you tell us your goals, we can make sure the system matches your needs – whether that means fixing an issue, adjusting how something functions, or suggesting a better way to achieve the results you want.
The next time you reach out for support, think of these steps as a way to help us help you.
Current AI tools can excel at answering questions, summarising information, and providing insights. However, when it comes to moving beyond the conversation to independently gathering data, and taking action, it can fall short.
This is where MCP servers come in, bridging the gap from passive information delivery to active and automated tasks.
MCP is short for Model Context Protocol and is designed to standardise how applications provide context to large language models. The idea is to give different LLMs, such as ChatGPT or Claude, a common way to connect with external systems and expose their capabilities to the AI.
This then makes it possible for models to move beyond a passive Q&A and begin interacting with tools and data sources in a much more structured way. The protocol was introduced by Anthropic as an open standard to make this kind of integration accessible, and is being adopted by Google and OpenAI, the company behind ChatGPT.
While this protocol is very much in its infancy, it does have the scope to revolutionise how we interact with websites and systems.
Imagine you’re planning a holiday. If you asked ChatGPT to “book me a hotel in Paris for three nights starting October 10th,” it can suggest hotels, but it would currently be unable to check live availability, prices, and make the reservation for you.
With MCP in place, the tool could connect to the travel booking systems, fetch real-time prices and availability, compare options, and then actually make the booking on your behalf (with your approval). It could even use what it knows about you, such as food allergies or if you are into fitness, to fine tune its selection.
To help manage your finances, you could ask your AI to pay your electricity bill and transfer £200 to your savings account. The tool would connect to your bank, check the account balance, transfer the money to your savings and schedule your bill payment.
From a business point of view, MCP-enabled tools could allow you to ask “Generate a sales performance report for Q3 2025, compare it with last year, and prepare an email to the executive team”.
You may be familiar with the term API, short for Application Programming Interface. An API allows different systems to ‘talk’ to each other without exposing the entire inner workings of the system. The API defines a set of data formats, rules and functions for other applications to carry out specific actions or request specific information. That sounds similar to an MCP, but an MCP works more like a meta-layer between systems. It can wrap around APIs and other tools to give an AI model structured and contextual access.
We often hear from people who have had their website built elsewhere and while it met the design brief, the site itself is unstable. Our team are deeply technical so we are often able to step in and help, whether that means making changes to the website or a system that underpins it.
In this article, I’m going to trace one particular issue on a website that we built and have managed in a stable state for numerous years. It all started with an image from a colleague who was unable to deploy a change to the website.
“It looks like the website directory has permission issues, any ideas?”
Any server administrator will recognize that this screenshot is a troubling sight. The line of question marks indicates that the system is unable to identify the contents, or even existance, of the website directory. The directory in question is mounted from an external Microsoft Azure Storage account and has been working without issue since the servers were built in 2023.
Further investigation confirmed that this wasn’t just a permissions issue; effectively that directory didn’t exist because the server could no longer access the Microsoft Azure Storage account.
The same was true across the production and staging environments.
The websites hosted on the servers were still running because they operate from a local cache of the files. This meant the cause may not have happened immediately, which is troubling as the failure had been invisible.
The “mount” command confirmed that the server thought that this was still mounted (aka connected) and available; however any attempt to unmount & re-mount it returned an access denied error.
A trawl through the log files for both the server and Azure Storage account confirmed the date of the first seemingly related warning. This seemed to correlate with a third party’s deployment of updates which was to bring the Microsoft Azure account in line with the latest best practice guidance. As the related documentation states:
“The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture. It will continue to evolve alongside the Azure platform and is ultimately defined by the various design decisions that organizations must make to define their Azure journey.”
Looking more closely there had been a number of changes made together. At this point, we started to reverse these changes one at a time until we discovered the cause of the issue. The seemingly innocuous setting “enableHttpsTrafficOnly” had been enabled on all Storage accounts as part of a policy entitled “Enforce-TLS-SSL-H224”.
This meant that Azure is requiring an SSL/TLS encrypted connection but the server is not. While we could disable the HTTPS requirement that would mean that we would no longer be following Azure’s best practice guides despite the connection being within a protected security group making interception highly unlikely.
With this discovery, we “just” need to make the server encrypt the connection and close the ticket. However, the Network File System (NFS) would need to provide the ability to encrypt the connection in a compatible form but it seemingly didn’t.
Fortunately recently Microsoft had published a new “Helper” whose description includes: “can be used to provide a secure communication channel for NFSv4 traffic. This is achieved by implementing TLS encryption for NFS traffic”
By installing this “Helper” and reconfiguring the necessary scripts to use the new connection type we were finally able to re-mount the storage account.
Having done so the web server can once again connect to the Azure Storage Account and put everything back into sync and the developer can finally deploy their changes that started this whole episode.
This issue is a perfect example of why a website needs more than just great design. It needs a technically capable team behind the scenes to support and maintain it. From diagnosing obscure infrastructure changes to implementing secure, standards-compliant solutions, problems like these can easily derail a business if not handled properly.
Many businesses face challenges in managing their data.
From Excel spreadsheets through to off-the-shelf commercial systems, the ability to get the most out of the information that you hold about customers, products and sales is crucial to ensuring your business is delivering to the best of its ability.
Sometimes that data is spread around disparate, disconnected systems – and it is here that Infotex can help. For over 20 years, we’ve been building integration solutions that link those disparate systems together, enabling our customers to maximise the business value of their key data.
You might use this new view of your data to improve reporting, perform data analytics or even pass it to an AI engine to get further insights. Not having to manually retrieve and match up data from different systems could save you and your team hours of work – especially when those tasks need to be repeated daily.
One way of connecting systems together is via an API (Application Programming Interface) – a type of system that is used for the transfer of data between electronic systems, both incoming and outgoing.
There may already be APIs for the systems that your organisation is using to store data. We can help you to use them to access that data and link it to data you already have in other systems, helping you to build insights that wouldn’t otherwise be possible. If there isn’t already an API for your system we could investigate the possibility of creating one or finding other creative ways of you being able to make better use of your organisation’s data.
API’s don’t necessarily require you to have lots of systems in your business or indeed any custom systems as some of the most effective uses are to link two, or more, existing off-the-shelf solutions, perhaps your internal messaging system and your alarm system to let you know each time someone comes or goes. Maybe your marketing team would like a daily message summarising the previous days sales and what stock will soon be running low based on projected sales rates.
The Infotex team has delivered a wide variety of integration solutions, with a range of customers and their external system providers. These include:
Many of our website build and ecommerce projects have found benefits from linking the website to existing back-office systems for accounting and stock control purposes. This integration streamlines operations, reduces manual data entry, and ensures real-time accuracy across all platforms.
When there haven’t been APIs readily available we’ve used a variety of different mechanisms for transmitting data so have a proven record of tailoring a cost-effective solution to our customers specific needs.
Many of the systems that Infotex build contain their own internal APIs which enables us to keep the system simple and streamlined with dedicated responsibilities for each element of the system delegated to an API for that element.
Recently our systems team have been working on a project involving distributed messaging where one system sends a message when something changes in it and that message can then be read by one or more other systems which can then act on the contents of the message by updating data in the other systems or generating output reports or emails. This has the benefit of the source system not needing to wait for any downstream system to acknowledge that it has received and acted upon data it has been sent.
If you’d like to find out how we can help with your organisation’s data challenges please get in touch.
After 12 years of building websites, I’ve learned something that surprises a lot of business owners: the best-performing sites are never actually finished. They are constantly evolving, adding new features, and getting smarter about how they serve the business.
In spite of this, most businesses treat launch day like crossing the finish line.
A business might launch a beautiful new website — with a clean design, compelling content, and a structure that fits its goals perfectly at the time. It’s a strong foundation and a smart investment. But as the business evolves – with new products, shifting customer needs, or internal changes – the site can slowly drift out of sync. A year later, visitors may struggle to find the right product because the navigation no longer reflects the current offering. Eighteen months on, small inefficiencies such as a lengthy checkout process can start to impact sales. It’s not the original site that failed – it’s just that the business moved forward, and the website didn’t keep up.
The websites that really work for businesses aren’t just maintained – they’re continuously improved with features that solve real problems.
Features such as:
These aren’t just “nice to haves” – they are competitive advantages.
Maybe you have expanded your product range, entered new markets, offer new services or refined how you operate. If your website hasn’t kept pace, it may still reflect where you were, not where you are now.
My husband was recently shopping for motorbike gear on two different sites selling the same brands. One let him filter by jacket type, size, brand, colour, zip length – he found exactly what he wanted in seconds. The other site? Just page after page of scrolling. You can guess which one got his order.
When you started, maybe you were targeting one type of customer. Now you serve three different markets, but your homepage still talks to everyone in the same way. Different landing pages or targeted content could speak to each group properly.
Businesses often think website improvements mean expensive redesigns. But actually small, strategic changes usually beat big redesigns.
So what changes should you make? The answer lies in your website user data.
Once your site is live, you can see exactly how people use it – what’s working, what they’re missing, and where small changes could make things easier. Acting on real user behaviour means you don’t have to guess what to change.
Heat mapping shows where people click. Analytics reveal where they drop off your conversion funnel. User feedback highlights frustration points. This data is incredibly valuable, but only if you make improvements based on it.
The most successful websites are the ones where we regularly review this data and make targeted improvements. This doesn’t require major overhauls, but strategic enhancements applied over time that solve specific problems. Armed with this insight, you can make improvements that keep you ahead of the competition.
Your site doesn’t need every bell and whistle to compete, but don’t let competitors look better than you. If their website is much easier to use, customers will go there instead.
The smart approach? Small updates as you go. Web standards evolve constantly, but incremental improvements beat expensive emergency fixes. Fresh content helps with search visibility. A modern design shows you’re active and credible. Improved navigation will stop people from getting frustrated and leaving.
Small, data-backed improvements will often outperform complete redesigns.
We worked with Stephens Scown Law Firm to build an information hub that pulls together their content – articles, videos, FAQs, and news – organised by legal topics with links to the team members who wrote them. When they posted timely articles about the pandemic, their organic traffic jumped 236% compared to the previous month, then a further 78% the month after.
That’s what happens when you make valuable, relevant content easy to find at exactly the right time.
With Anglian Pumping Services, we redesigned their site and doubled their conversion rate. But more wins came from the ongoing improvements we’ve made since launch: adding smart search to help customers find products faster, implementing click-and-collect services, and integrating with their accounts software to save hours of admin work each week. Each addition solved a real business problem and made their site work harder for them.
Your website works best when it’s treated as a living business tool, not a static digital brochure. That’s exactly what we help businesses do.
We take existing sites and turn them into tools that drive results – whether that’s improving navigation, creating resource hubs, or building features that solve real customer problems.
Talk to us to see how we can help turn your website into something that works harder for your business – exactly where your customers need it most.
Discover how our team can help you on your journey.
Talk to us today