## Pricing & Quantity Sold

In our quest to understand the business, I use a lot of statistics.  I run up charts to understand where we are and where we need to be and one of the more recent charts I did was on Quantity & Price chart (with a secondary ‘Revenue’ figure approximated).  After some internal debate, I’ve decided to post it to the blog – but without any actual numbers for quantities & revenue.  I think the graph by itself even without those numbers can be quite useful.

Disclaimer – the following is from Starlit Citadel’s numbers only.  These aren’t industraty statistics, nor am I a statistical whiz.

## The Graph Explained

The entire graph is plotted on 3 axis for Revenue and Quantity on the two Y-axis & on the X-Axis; Sale Price in our store.  I ‘bucketed’ a lot of our price points (e.g. everything that sold at \$2.01 – \$2.99 became a \$2.95 price point) to get the Quantities.  In addition, Revenue is a basic Price Point (bucketed) multiplied by Quantity (bucketed); so there’s obviously some obvious overstatement of numbers there.   Also, the entire graph is excluding some scatter points that are significantly above the norm (i.e. I cut the axis short so that we could focus on the graphs).  In addition, the graphs come from using Excel’s Polynominal Graph function (set to 5 intervals) to create the trendlines.

## Quantity Sold Graph

Not surprisingly, we sell a lot of items in the <\$3 price range (that’s Sleeves for the most part).  In fact, you can’t even see the marker for it because we had to cut the entire graph short.  However, even from the trendline you can see the huge swing down as we move from \$1 to \$10 range, and this is all within the accessories side of our business.

Between \$10 – \$20; we sell mostly smaller expansions or cheaper card games and again, the slide is significant but beginning to moderate.  In our experience, expansions always do sell less than base games.  I don’t have any numbers, but a guess it’d be between 2 to 3 to 1 (i.e. 2 to 3 copies of a base game to 1 expansion sold).

We start seeing ‘full’ board game sales in the >\$20 range; and that seems to run a more straight line graph til it hits \$80.  It’s much steeper in the \$20-30 part; but after that you can almost say things like ‘every \$10 increase in price sees a drop of 25 copies sold’.

After \$80 though,  we have bundled products where for example; we sell both Twilight Imperium & its Expansions together which creates a bump in the Quantity Sold since we only really create packages for popular products.

## The Revenue Graph

The Revenue Graph is where things get interesting.  For example, we might sell a lot of items for <\$10 – but revenue wise, it’s a small part of the business.  When it comes to revenue, you can see that we do most of our actual revenue from products in the \$30 – 45 price range.   This seems to be the ‘sweet spot’ for our revenue / sales and I’d assume for publishers as well.

Interestingly, overall the entire revenue graph doesn’t move as much as you’d think.  Sure, quantity sold seems to be affected (which is important for how much you order / print) but revenue you generate not as much.  The other interesting aspect of the revenue graph is how sharply it begins to move up as we reach the higher end of our price points as even a small movement in quantity sold is significant in terms of revenue.

Correlation isn’t causation.  So for example – are our sales in the \$30 – 45 range because that’s the price cutsomers will buy at or because Settlers of Catan, Dixit, Ticket to Ride & Dominion are all in that range?  They are our bestsellers, so they are definitely going to influence the demand graph significantly.

The thing that you need to realise is that these numbers are all consolidated including the trendline graphs.  Each game is going to be different.  Sales of Eclipse for example is way above what is normal for that range.

## On Hiring

We recently went through another hiring process for Christmas. We’ve also grown enough that it’s becoming a strain to keep all the balls in the air, so, hiring.

This time, we’ve had an amazing number of good to great resumes come in. We came up with a ‘short’ list of over 10 people to interview and had to cut it down to 5. It meant having to leave a lot of solid people on the floor for some arbitrary reasons because we only have so much time and only 1 position to fill.

It’s strange how luck plays a factor in this process. A year ago, we tried hiring for the exact same position and because no one came up to par, we didn’t hire anyone.

So this year, some of the reasons we cut people from being interviewed included:

• Experience (too much, too little)
• Language skills
• Resume format / structure
• Resume content (spelling mistakes, lack of ‘good’ experience, etc)
• ‘Geek’ level

The interview process itself was interesting.  Since this isn’t a highly-skilled position, what we ended up looking for was fit more than previous experience (again, we had trimmed out many of those who had no or little relevant experience).  At the end, we judged the interviewees on:

• Body language
• The questions they asked us (or lack of)
• ‘Fit’ with company culture / other employees

Now, the real fun happen as we ‘on-board’ the new hire in a few weeks and see how well we did.  Sometimes, some people interview well but aren’t a good fit.  We’re hoping this isn’t the case now; but you never really know till you try it out.

## Video Review: Munchkin

We’re sticking with the classics this week and reviewing everyone’s favorite monster-stomping friend-stabbing card game, Steve Jackson’s Munchkin.

## Heroes of Graxia Game Review

Heroes of Graxia is a deck-building card game that is entirely combat oriented.  The focus of Heroes of Graxia is to gain vicotry points by either defeating the montsers on the board or other players.   Players have heroes and allies that can aid them and to win, must equip their heroes and allies sufficiently to stave off attacks and win through the battle.

Appearance: Heroes of Graxia has interesting art.  You can see a taste of it on the box cover to the left here.  I personally do not like it, but some others do enjoy it so I’m going to stop there.  I will say that the design of the cards is overly complicated and can be a touch too busy for easy ‘reading’.

In addition, the card stock and storage is adequate.  There’s nothing special here, and the fact is the cards would be better served with a more complex sorting mechanism to help with set-up.

Rules / Ease of Learning: Heroes of Graxia follows the basic deck-building rules so I won’t bother going into too much detail here.  I will state a few of the major differences from Dominion in this section though and admit there’s a lot of fiddly rules in this card game.

Firstly, instead of a series of set cards, in Heroes of Graxia you rotate through cards that are laid out in rows.  As each card in a row is bought, a new card is revealed.  This changes what is available from turn to turn, adding a slightly more ‘tactical’ feel to the strategy.

Secondly, players have Heroes and Allies.  You will be buying additional allies and equipment from the laid out cards on the table and equipping your hero and allies who stay in-play from turn to turn (unless they are killed).  As such, there’s a series of more ‘permanent’ gameplay elements than in Dominion and provide a more RPG feel.

Lastly, and most importantly, you gain points from either killing monsters or other players.  The rules for scoring is rather complicated; but it’s worth noting that a player who has his heroes ‘killed’ can come back the next turn even more powerful than before.

Gameplay: We’ve only managed to get Heroes of Graxia to the table a few times.  There’s a few reasons for that. Firstly, this is a very violent game – the fastest way to win is often by picking on one player when they are down and thus gaining points that way.  Secondly, the luck factor seems quite high in our plays with players who manage to buy the right cards / equip the right heroes gaining a great lead that can be hard to catch up with.  In addition, the rules are not particularly well laid out nor are they easy to read through.  Frankly, there seems to be quite a bit of rule bloat here.

Now, for the good parts of Heroes of Graxia.  It’s quite a bit of fun with the right group and once you get used to the rules.  It certainly has a lot more of an RPG feel than Thunderstone as you are building up your Heroes and Allies directly on the board.  It can also be quite a good vindictive game and some of hte combinations of powers can make it quite humorous.

Conclusion: Heroes of Graxia is not a bad deck-builder.  I’m just not sure it merits that much time on the game table with so many good deck-builders out there now filling the same roles.  The new Thunderstone: Advance has cleaned up some of the issues with Thundrestone, while Rune Age does RPG deck builders quite well too.

## Marketing – the Hidden Cost

One of the major differences I think between a Brick & Mortar store and a an online store is the need for marketing to grow the company.

## Build it and they will come – or Not

I’ve noticed there is a belief among those who produce online websites that if they build the website; their customers will magically appear.  It might have been true in the early ’90’s but these days there are so many online stores and other sites out there that it’s nearly impossible to get any traction with external marketing.

Unlike a Brick & Mortar store where walk-by traffic will hopefully generate some sales for you (and thus word-of-mouth, etc); an online store has literally no ‘sidewalk visibility’.  So, instead you have to draw customers to you.

## The Cost of Marketing

When we first launched, we spent probably 20 – 30% of our revenue on advertising.  As time went on, this amount dropped as our revenues caught up with our spending but even now; we’re spending nearly 5% of our Revenue on Advertising.  That doesn’t count the time we spend on our social websites interacting with customers or the time taken to write the blog. Or the amount of time we spend tracking and adjusting our spending to optimise our budget.

Contrast that to B&M stores in the Hobby game category who spend a maximum of 2%  on average.  In fact, if you compare the Rent & Marketing percentages of the industry and ours, it comes very close to being even (10% to 9%).  As the title says – a hidden cost because most people (including customers) just don’t understand how expensive it can get.

Oh – one last thing; Price Competition (i.e. being the lowest price vendor) is another common marketing tactic.  There’s a definite cost to discounting in loss margin, though it’s a harder number to quantify due to the unknown slope of the demand curve.

## Video Review: Puerto Rico

We’ve turned our attention to another classic of the genre this week with our review of Puerto Rico. While the mechanics that made this game feel revolutionary when it first released can now be found everywhere, it still holds up very well in play, and shows that you need more than novelty to make a great game.

## Running the Sites Backend – Process Progression

Over the years, the how and why of managing the websites’ backend – the files and databases has seen a gradual progression to more complex methods.  I think in many ways it showcases the common route smaller e-commerce / online businesses progress in their processes so I figured I’d write it up.

## Single Site – Everything Live

In the beginning, we had single site with everything live on the site.  So any changes we made was automatically on the website as we had to test changes ‘live’.  Bugs, code fixes, new content – it all went up live.  This meant that we had to be careful when we started deploying code and keep all the back-up files on our computer in case something went wrong and we couldn’t figure out the code fix quickly.  On the other hand, it also meant that there was only one site to ever worry about and everyone who worked on it had access to the same files (mostly – see below for potential problems).

This works fine if you don’t mind deploying code and fixes late at night or when you know there are few customers around.  It’s fine if you don’t have a lot of customers or don’t have a lot of big changes to do; but can be a mess if you have a ton of customers at any time of the day or worst; are trying to install a large upgrade / expansion / module.

Oh, the other major issue – all your developers (if you work with more than one) have access to all your ‘real’ databases including customer information. A potential privacy problem.

## Staging and Production Sites

A staging site is a ‘fake’ website that (in theory) is exactly the same as your production site.  The staging site can be populated with ‘fake’ database information; reducing privacy problems while allowing you to continue to test code changes.  In addition; because the site is not live your devleopers can put up a partial fix, test it out and then come back to it at a later date (or leave you to do a test).   Timing becomes less of an issue because the staging site can be broken without affecting front-end sales.

Once a change is considered production ready, you can then download the changed files and send the files over to the live site.  This is generally a manual process and one that you have to do yourself.  Part of the reason you implemented this entire process is for privacy reasons.  It makes no sense to ask your developer to do the fix.

Of course, as any IT person will tell you – just because it worked on the staging site doesn’t mean it will work on production.  Sometimes that means a bit of scrambling; but it’s a lot less likely to be a problem.  We’ve been doing this process for the last 3 years or so; bumbling our way through multiple sites, trying to remember to take backups as necessary and keeping multiple versions of the files on our home computer.

### Developer, Staging, Production & Version Control

We’ve recently grown-up and moved to a more complex system with 3 sites and version control.

The Developer sites reside on the developer’s server where they test code.  It’s the working version of the site where all the changes are tested in multiple versions till a ‘good’ fix is ready.

Then the ‘good’ fix is sent to Staging, where it’s deployed.  Here, I do the test to ensure there’s no bugs that the developer has missed.  If there are, I send the bug report to the developer who goes back to working on the Developer site before uploading the fix.  If there isn’t, we deploy to Production.

It’s very similar to the above method; except for the addition of Version Control.  We use Springloops for our version control system and can’t be happier.

Version control systems do a few important things for us:

a) it automatically keeps a repository of all files – old and new.  It keeps dates and keeps information about changes so we can ‘roll back’ to an older version with just a click of a button.  No more hunting for files and hoping we had backed it up properly; its all done.

b) deployment of code can be set up to be automatic to Staging servers and Manual with Production servers, while keeping deployment simple.  Quite literally; a click of a button again – so no more worrying if we had missed a file.  The exact same set of files get sent to both; so it removes ‘human error’ from the equation.

c) it allows multiple developers to work on the site at the same time.  Even if a pair of developers download the same file and make different changes, the software will show and indicate any conflicts.  This way, no one developer’s work is ‘over-written’ by accident.

d) it restricts access even further.  With Springloops, we provide access to the repository but not to the actual FTP site. It also lets us invite multiple developers and kick them out easily while keeping track of all the files they’ve touched.

Truthfully, I cannot be happier that we found this solution.  It allows us to get more changes done with new modules and to roll out changes easier.  It’s something I’d recommend to anyone with a website that they have numerous changes on.

## Rattus Game Review

Rattus is set in the Middle Ages as the onset of the Black Death begins.  In Rattus, players are in control of various population groups in a number of European countries and must attempt to save as many of their people as possible from the Black Death through the aid the various occupations of the Middle Ages.

Appearance: Rattus goes for a faux medieval design for most of their artwork which seems to work quite well.  The card stock and pieces are of good quality and are suitable for repeated uses and all the inforation you need can be found on the various cards, making the game language independent and easy to reference.

Rules / Ease of Learning: In Rattus, each turn players take turns placing down populat cubes.  They may place as many population cubes in a country as the number of rat tokens present.  In addition, they may take one role at any time and use the roles special ability on that turn as well as the special ability of any role they currently own during their turn.

Roles provide a number of abilities that break the game rules; ranging from allowing players to move a single cube to a safe haven in the Palace (the King), to moving three cubes to an adjacent location (the Merchant) or adding more population cubes or driving the plague token further from them.

At the end of a player’s turn, the player may move the plague token one space (or 3 if they own the Knight).  If the plague token lands on a space that has a rat token, they first spawn additional rat tokens in adjacent territories and then flip over the rat tokens in their location.  If the population number on the rat token are equaled or exceeded, the rat token takes effect and removes a population cube for each symbol represented on the token.  The symbols range from All or Majority to the specific role symbols.

Gameplay: Rattus is basically an area control game with a twist of continual death.  It reminds me a lot of Pompeii as players attempt to build their population bases while at the same time driving down the population of their opponents.  At times, you’ll be sending the plague marker into territory your population cubes inhabit just to hurt another player.

The twist of the role cards is interesting as well.  While the role cards can provide some great benefits, the more role cards you own the more chance that you will lose population cubes when the plague hits.  As such, balancing which roles tot ake and when is very important to winning.

In addition, while the rat tokens are distributed randomly; much of that randomness can be mitigated by the careful use of role cards and placements, ensuring that players with a good strategy aren’t completely hosed by Lady Luck.

Conclusion: I like Rattus.  It reminds me very much of the classic Euro gateways – a clean set of rules that are easy to teach but with quite a bit of strategy and tactics in the game itself.

## Security – Trials & Tribulations

As a business, one of the greatest fears is a security breach that exposes customer financial information.  It’s a nightmare; since being hit by something like this could potentially cripple a business.  We recently had a bit of a scare when 2 customers commented that fraudulent activity had occurred on their credit cards soon after placing an order with us.  Not surprisingly, we decided to conduct a full audit of the site and in the interest of transparency felt we should also write about it here on the blog.

## Background

To understand the story, it’s worth discussing the security procedures that are in-place to keep a customer’s financial information safe.

We do not store credit card information

Those of you who have ever had to edit your order will notice that they generally end up saying ‘Check / Money Order’ on the edited order.  The only time an edited order would say something else would be if the customer had called in to provide us the credit card information again.    This is because we do not store or have access to a credit card once the order is placed.

When an order is placed on the site, the credit card information is sent in an encrypted format to the site and from there, to the credit card gateway who authorises the charge on the card.  We are then provided a token indicating the authorisation for our records.  This allows us to charge a card for the authorised order amount only.  The only credit card information that we store is the card type, the last 4 digits and the expiry date.  None of that is sufficient to run a new charge on the card.

With PayPal of course, all we get is the e-mail address that the payment came from.

Everything is encrypted

The Checkout Page is completely encrypted in a SSL 128-bit encryption (the same method that the big retailers like Amazon use which is basically an industry standard) and anytime we access our backend, all the data passed back and forth is encrypted as well.  So the card is completely secure during transit and on the site.

Regular Scans

Lastly, both our server host as well as our developer regularly run scans to ensure that aren’t any viruses / malware / etc sitting among our files.

## The Incidents

Once in a while, a customer contacts us that they have had to change their credit card information due to fraud.  We generally take note of it and run a quick security assessment  but due to the above on-going security procedures it’s generally not likely to have originated from our site.

This time a pair of customers contacted us separately in a very short period, both with very similar stories – initial orders placed very close together, fraudulent activity on the same day, both having orders placed on our site.   That seriously concerned us, enough that we decided to shift gears and focus on a security audit.

## The Audit

Since both customer placed the orders remotely, we knew it couldn’t be an HR issue (remember, there’s literally no way for us to get a credit card number unless a customer calls us to place the order over the phone). As such, we knew to focus on our attention on the site and the site code.

We took the audit on in 3 parts.

1) External Audit

We ran the site through a number of external company verifications (e.g. McAffee, Google’s Webmaster, etc) initially to see if the problem was picked up by them. This ensured that no external scripts was being loaded from the site which could have caused problems.

2) Automated File Review

We then began an audit on the files in the site and database. This was an automated process that basically reviewed every file on the site to ensure that it was meant to be there; as well as looking for specific known malicious code.

3) Eyes on Code

Lastly, we put eyes on the code.  Every single file and script that was involved in the process of providing the checkout page on Starlit Citadel was reviewed. Since this is the only location where the credit card information is input, this was the most important ‘fail point’ and thus the extra scrutiny.

In all three tests, we could not locate any potential security problems.While there is never any guarantee, it’s extremely unlikely that we had  a breach in security.  It still is something that had to be done; and I’m open to any other suggestions for things we can do as well to improve security if you have any.  Overall though, it made for a couple of extremely stressful and expensive days.

## Video Review: Stone Age

This week, we’re reviewing a fantastic gateway to worker placement games, Stone Age. It’s a great alternative for groups that have grown tired of Settlers of Catan, but aren’t interested in the heavier math and fiddliness of weightier Euros like Agricola — and it’s really pretty too.