Top Stories



Why It’s So Darn Hard To Change Payment Infrastructure

October 14th, 2010
One of the attractions of mobile payments for retailers has been the hope of all-but-eliminating traditional interchange fees. In what might be the perfect illustration of why such a shift is so difficult, the vendor that has most aggressively been pushing an entirely Visa/MasterCard-free infrastructure last week (Oct. 4) announced a deal with card processor Fifth Third—one that in effect means it will be using the very same infrastructure it wanted to replace.

The problem for alternative payments isn't just doing the things that conventional payment cards do at lower cost. It's also breaking through the lack of familiarity that customers, banks and even retailers have with new payment approaches. Visa and MasterCard remain in the POS driver’s seat because of their network, but also because they're a known quantity. And as much as retailers want cheaper alternatives, the Bling Nation/Fifth Third deal illustrates how much of a challenge it is to buck the current infrastructure.Read more...


Rite Aid’s Answer To The Problem Of Older Browsers And Newer Sites

October 14th, 2010

With sites today pushing more advanced functionality and programming, new browsers are regularly released to keep up. But over the years, what should a site do with visiting customers who use really old browsers? Should they be blocked, dismissed with a curt “you need to use a browser this tall to ride this site”? Should they be permitted through, knowing that their experience will likely range from subpar to unacceptable, with some functionality simply not available?

Rite Aid, either through choice or by accident, is sending some customers with older browsers (Internet Explorer 6, in particular) directly to its mobile site. If deliberate (Rite Aid media relations said they didn’t know and the E-Commerce team was being vague), it’s a smart resolution. (Note: AlertBot was the first to detect Rite Aid’s move.) In mobile, the consumer gets full functionality. Well, full functionality by mobile standards. In other words, everything should work and work well. ‘Tis better to have full access in a limited world than partial access in a full one. (Would Milton’s line that it’s “better to reign in Hell than serve in Heaven” be appropriate? I didn’t think so.)…


Is Point-To-Point Encryption Ready For Prime Time?

October 14th, 2010
Are you looking at point-to-point encryption? Maybe you should. From vendor presentations to Congressional testimony, point-to-point encryption has been hailed as the merchant's PCI savior. Is it really?

PCI Columnist Walter Conway asks: Can this powerful emerging technique simplify retailers' PCI compliance to the point of it being a minor annoyance? That seems to be one of point-to-point encryption's promises, but how much it and the others are realized depends greatly on each retailer's internal processes and requirements. Read more...


Retail 2.0: The Social Restaurant

October 14th, 2010
What would you do if you knew that 70 percent of the people sitting in your stores were unhappy with the service they just received? What if retailers got real-time feedback—courtesy of social network tools—so their teams could know of those reactions when the customers were still in the store?

Franchisee Columnist Todd Michaud argues that a chain's commitment to making customer comments public—before knowing what that feedback will be—says so much about its confidence in quality. Isn't showing this transparency through unedited real-time feedback what social networks are all about?Read more...


ToysRUs, Amazon, Debenhams Push Holiday Kiosk, Mobile Plans

October 14th, 2010

If Halloween is a mere two weeks away, then it’s time to start hearing about the holiday-themed retail tech rollouts. And on Tuesday (Oct. 12), ToysRUs, Amazon and Debenhams stepped up to the brightly colored—and undoubtedly Wi-Fi-connected—plate. ToysRUs is adapting the wedding registry kiosk for the holidays, dubbing it a Wish List, with gift-givers able to access gift lists as long as they have the Wish List number. A nice touch from the toy chain: “Registrants do not have to worry about keeping receipts in the event they wish to make a return or exchange an item in-store that was purchased from their Wish List. Store employees can look up any Wish List transaction simply by revisiting the purchase history on the registrant’s list for easy returns.”

And Santa’s mobile app developers were hard at work at Amazon and over at Debenhams (the second-largest department store chain in the U.K.). Both retailers Tuesday released the same new functionality for their iPhone mobile app: barcode scanning. Debenhams said its move makes it the first High Street retailer to offer mobile barcode scanning. Amazon’s move is surprising in how late it is. But it’s safe to say that eBay’s June purchase of Red Laser helped to focus Amazon on offering an alternative.…

Old Meets New: Using Smartphones To Scan Checks, PayPal-Style

October 14th, 2010
When PayPal announced last week that its mobile application would be able to scan checks, it was a delicious marriage of the old and new worlds of payment. From the new: PayPal, a leader in the new wave of alternative payments, and the mobile app, the youngest of retail channels. And the old: paper checks, which are likely in their last generation—perhaps even last decade—of existence.

Todd Ablowitz, payment consultant and president of the Double Diamond Group, suggests that PayPal's check-capture-smartphone move—which puts it following financial old-timers including Chase Manhattan and USAA—makes it not such an upstart after all.Read more...

Wal-Mart Using FedEx As Extension Of Its Stores

October 14th, 2010
Wal-Mart, the 8,000-pound gorilla in retail with 4,300 U.S. stores, finds itself in an awkward position in many urban areas—its stores are few, and resistance is strong. One of Wal-Mart's more creative responses to this problem was rolled out Wednesday (Oct. 13): Give E-Commerce customers free shipping (no minimum required) and let them pick up the order at a local FedEx office, which in an urban area is probably a lot closer than a Wal-Mart store.

The program, called FedEx Site to Store (every so often, marketers throw us a curve and go for WYSIWYG naming. PayPal did something similar last week), has been piloted by Wal-Mart for months in Los Angeles and Boston, and this new move sharply expands the trial to New York, San Francisco, Chicago and Washington, D.C.Read more...

If Your Token Vendor Goes Bankrupt, What Happens To Your Data?

October 7th, 2010
What would you do if your tokenization vendor goes out of business or gets acquired by a company with a whole different approach to tokenization? This is the ever awkward but increasingly important question every IT executive looking at tokenization needs to ask.

The reality is that there are many firms in the tokenization space today, and you cannot count on all of them being around forever. Some will change business focus, go out of business or be acquired. Because there are no standards for tokens across vendors, transferring to another vendor could be difficult, pens PCI Columnist Walt Conway. That means retail CIOs need to address what to do if (when?) the unforeseen happens.Read more...

Hannaford, Others, Hit By First Data Double-Charging Customers

October 7th, 2010
Customers of at least three major retail chains—including grocery chain Hannaford—found their credit and debit cards double-charged on Friday (Oct. 1), thanks to a First Data technical glitch and the processor's attempt to fix it. The consumers weren't only charged twice: the retailers were often paid twice.

The glitch happened on Oct. 1, but the ill-fated charges were rung up the day before, as is customary. "Settlement processing was delayed by several hours on Friday due to a technical issue. As a result, some cardholders saw duplicate charges and some merchants received duplicate funding for those transactions," said a statement issued by First Data.Read more...

CVS, Gap Site Outages On Monday. A Rehearsal For Black Friday?

October 5th, 2010
When it comes to site outages for major chains, the killer detail is much more often "when" than "for how long?" Although it's clear that a longer outage is worse, a 30-minute weekday non-holiday outage at 2 PM East Coast/11 AM West Coast can easily be much more painful than a 4-hour outage that ends at 5 AM East Coast on a Sunday. With that in mind, CVS and Gap sustained painful outages on Monday (Oct. 4).

Gap crashed at about 11 AM East Coast Monday and was down for anywhere from 21 minutes (according to Alertbot) to 45 minutes (according to Pingdom). "HTTP Reply Timed-Out. The server responded very slowly and was unable to send the entire HTTP page within the 30 sec. limit," Pingdom reported.Read more...

Wal-Mart’s Painful Common-Point-Of-Failure Lesson

September 30th, 2010
Thanks to a single circuit breaker in a datacenter, Wal-Mart lost its capability to accept credit and debit cards across its entire U.S. chain for as long as five hours last Thursday (Sept. 23). That common point of failure reduced the world's largest retailer to taking cash and checks at its 4,300 U.S. Wal-Mart and Sam's Club stores, with some stores actually closing until the problem was resolved. It also pointed out a fatal flaw in how Wal-Mart's systems were set up: One breaker mishap was able to bring down the entire system.

Wal-Mart won't explain exactly what happened. That's partially because the chain itself hasn't completely determined what happened, with an internal investigation underway. Whatever precisely caused the glitch, it had two elements. The first was an electronic system problem. But that wouldn't have shut everything down had it not been compounded by an employee's ill-fated—albeit well-intentioned—attempt to manually fix the issue.Read more...

PCI 2.0: Major Step Forward, If You Value Vagueness

September 30th, 2010
As PCI officially moves next month from 1.2.1 to 2.0, a series of small changes are opening the door to more QSA-to-QSA conflicts. For some, that move is good as it will allow for more flexibility. For others, the move will aggravate long-held concerns about interpretability, where a retailer may be ordered to do diametrically different things with a simple change from one QSA to another.

According to the draft of the PCI changes that the PCI Council has been circulating for comment, there are indeed no major changes in next month's updated standard. But as they say in Purchase, the CVV devil is in the details. Read more...

Eddie Bauer, Others, Learn Their Gift-Card Weaknesses

September 30th, 2010
In late July, a well-regarded retail research house called Retail Systems Research (RSR) began a study of retail digital card procedures by anonymously reaching out to 100 of the nation's largest retailers and trying to buy a gift card, preferably digital, but a gift card nonetheless. What surprised RSR was how poorly many of those retailers fared.

Eddie Bauer, for example, completed the transaction, took the money and never sent the card. Two others also never sent the card, but at least had the decency to not charge for it. RSR Managing Partner Nikki Baird said Eddie Bauer's people admitted that they never shipped the card.Read more...

Playing Token Trick Or Treat

September 30th, 2010
Next month, millions of adorable merchant IT executives will dress up and pretend to be responsible adults who are experts in all manner of security. They'll walk down Tokenization Street, going from one security vendor to another, holding out their brightly colored IT environment bags and ask, "Token Trick Or Treat?" Some will get delicious chocolate, which will cost-effectively protect their payment data. Others, unfortunately—like CSO Charlie Brown—will get a rock.

How can you make sure you don't get round dusty minerals that are overpriced and provide about as much true data security as a Jack-O-Lantern? PCI Columnist Walter Conway, in an eerie voice, bellows that it all comes down to knowing which houses to go to and which to avoid. Even more importantly, it's about knowing which questions to ask.Read more...

NFC Should Stand For “Needs Further Clarification”

September 30th, 2010
Near Field Communications (NFC) is the latest means by which the payments industry is attempting to force a new technology into an old role—that of payment card. Furthermore, the acronym is being used to rebrand existing payment initiatives that only scratch the surface of true NFC capabilities, pens GuestView Columnist Nick Holland.

The real danger here, he writes, is that the larger NFC value proposition might be poisoned if NFC is pigeonholed as just another card replacement. If that happens, it would effectively kill retailer and consumer adoption.Read more...

Best Buy Improves Its Pick-Up Line

September 30th, 2010
Prepping for the holiday season, Best Buy has tried polishing its pick-up options. It has made some interesting improvements—such as no longer requiring customers to pick up purchases personally—but the chain might want to consider rephrasing some of its enhancements.

For example, Best Buy's new promise for the buy-online-pick-up-instore option is that the order will be ready "in as little as 45 minutes after placing it."

Despite one prominent retail media outlet reporting that the pledge was a guarantee of product availability in fewer than 45 minutes, Best Buy's pledge is actually the opposite. It promises that an order will not be ready in 44 or fewer minutes. Guaranteed! Might be as few as 45. Could be 3 hours. But it absolutely, positively, won't be fewer than 45 minutes.Read more...

PCI Vendor Offers $100K For Any Customer Breached

September 30th, 2010
With all of the PCI shell games around, it's nice to find one vendor offering what seems to be a legitimate PCI insurance program: Use its package and get breached, and the vendor will reimburse some of your out-of-pocket breach costs, with a $100,000 cap. The program, from a company called BHI SecureConnect (soon to be called just SecureConnect), is designed for the smallest of retail chains. But if the vendor can make this insurance concept work, it has definite potential.

To qualify for the money, a merchant doesn't have to be PCI compliant (although that's always nice). Indeed, it doesn't even have to experience a real breach, said SecureConnect Director of Marketing Kristyan Mjolsnes. For example, if the chain's bank or a card brand suspects a breach and insists the chain pay for a forensic probe, that would be covered, she said. If the chain gets nervous and wants to triple-check on its own, however, that would not be covered, Mjolsnes added, reasonably enough.Read more...

RadioShack, 7-Eleven Latest Chains To Be Sued For Gift Card Process Patent

September 30th, 2010

RadioShack and 7-Eleven are among seven new defendants in the latest round of retail chains accused of violating gift card process patents owned by Card Activation Technologies (CAT). Thus far, more than 30 chains have been sued, including Nordstrom, Macy’s and JCPenney, and a significant number of them—including Sears and OfficeMax—have settled, according to attorneys involved in the case.

The five other chains newly named were Giorgio Armani, Caché, Denny’s, Sunglass Hut Trading and the Brown Group Retail (doing business as Famous Footwear). Several of the chains were accused of not merely violating the patent but of doing so willfully because, CAT alleges in court filings, the chains continued to use the process even after they were told they were in Patent violation.…

Captchas To Sell E-Commerce? Sigh

September 30th, 2010

Is nothing sacred? Those innocuous captchas, the little boxes designed to defeat SPAM bots and force visitors to identify themselves as people, are now being eyed as advertising platforms. At least one vendor is pushing a program that forces people to type in advertising phrases instead of random characters. This approach has the sneaky benefit of burning that ad message into the consumer’s head, which is the logic behind forcing forgetful students to write something 100 times.

But could this become an E-Commerce—instead of an advertising—tool? Could Amazon make visitors type in the name of a popular bestseller? During blizzards in certain areas, perhaps the Wal-Mart message could be “$8 snow scraper”? Maybe the Apple site would require visitors to write “iPhone4 Makes Droid Cry.” Oh, I forgot. It already does.…

StorefrontBacktalk Now On Kindle

September 30th, 2010

The next time you’re stuck on an airplane with just your Kindle and you want to know what other retailers are working on to make your life miserable when you land, fear not. StorefrontBacktalk is now available as native content on Kindle.

It goes beyond the headlines, and the Kindle supposedly updates this content when you’re near a connection so you can read it when you’re not. (I have to trust my Kindle-carrying colleagues to tell me how our content looks. Personally, if something can’t give me a paper cut while reading it, why bother?)…

Maine Supreme Court Backs Retailers On Data Breach Liability

September 23rd, 2010
A unanimous ruling from the Maine Supreme Court Tuesday (Sept. 21) in the Hannaford data breach case lifted a year-long threat hanging over retailers. The court ruled that consumers' time and effort spent to clean up a cyberthief's damage need not be paid for by a breached retailer. But that protection won't help much as retailers turn more to debit payments.

The case involves the final litigation surrounding the 2007 data breach against the 165-store Hannaford grocery chain. That breach exposed some 4.2 million payment cards to the cyberthief gang run by Albert Gonzalez.Read more...

Ohio Wal-Mart Gift Card Thief Gets $11K Just For The Asking

September 23rd, 2010
Earlier this month, a man called a 24-hour Wal-Mart in Columbus, Ohio, at 1 AM and told an associate he was with Wal-Mart's IT department. The caller instructed the associate to activate gift cards, read him those card numbers and then scratch off the tape on the back of the cards so she could tell him the authorization codes, police said. And the associate obliged. Hours—and more than $11,000 in online fraud—later, the store realized it had been had.

This incident, which police are still investigating, raises the issue of associate training. Preliminary information given to police by Wal-Mart did not indicate that the caller gave the associate any reason to believe he really was from Wal-Mart IT. Nor was any reason offered as to why an IT person would make such a request. Was the thief assuming the 1 AM crew might be more accommodating and less suspicious?Read more... Suffered Two Daytime Crashes Wednesday

September 23rd, 2010

During prime daytime business hours on Wednesday (Sept. 22), Home Depot’s site crashed twice, starting at 11:50 AM (New York time) and ending at 1:25 PM, according to site uptime monitoring firm AlertBot. The site was fully down, with a message telling visitors the site was unavailable.

“It started out with an HTTP time-out error, meaning the server responded very slow and was unable to send the entire HTTP page within the 30 second limit. Then it switched to a 404, page couldn’t be found error,” said AlertBot’s Justin Noll. He added that the daylight timeframe—which makes attributing this incident to planned maintenance unlikely—was “a bad time for it to happen.”…

Where Will—And Where Should—PCI And Mobile Head?

September 23rd, 2010

If retailers could do anything, what would be the top five things they’d change about PCI? What about mobile? Which mobile interactions will be deployed first and which will backburnered? And how far are merged channel (the last element of the multi-channel to cross-channel to merged-channel triumvirate) efforts going to be adopted by June of next year?

To try and get answers, StorefrontBacktalk and Forrester Research on Wednesday (Sept. 22) launched a research project on these issues and we’d love to have you share your views with us. Responses will be published anonymously, in aggregate only. Other topics in the survey include customer service techniques, global distribution, E-Commerce and store investment priorities, and CRM strategies. If you’d like to be included in this study, the survey is the best place to start. We’ll be publishing the results shortly before the holiday insanity begins. …

Best Buy Talks Up Huge Buy-Online-Pick-Up-In-Store Figures

September 23rd, 2010
Best Buy CEO Brian Dunn, fresh from licking his wounds after retreating from comments that the iPad is seriously eating laptop lunches, told financial analysts last Tuesday (Sept. 14) that a stunning 40 percent of all products purchased online are picked up in-store. Buy online pickup in store is absolutely popular. But for a major site like Best Buy's to have two out of every five customers willing to drive to the store is startling.

It could suggest that the site is proving less effective at bringing in new business and is instead being used as a convenience point for existing customers.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.