Top Stories



If Some WikiLeaks Fans Can Knock Out MasterCard’s and Visa’s Sites, What Could Terrorists Do?

December 8th, 2010

MasterCard’s and Visa’s sites were partially knocked out Wednesday (Dec. 8), ostensibly by aggrieved supporters of WikiLeaks, which MasterCard recently cut off from its network. MasterCard made no reference to a denial-of-service attack, only indicating that it was “experiencing heavy traffic on its external corporate Web site— We are working to restore normal speed of service.” It then added: “There is no impact whatsoever on our cardholders’ ability to use their cards for secure transactions.” A later MasterCard statement said: “Our core processing capabilities have not been compromised and cardholder account data has not been placed at risk. While we have seen limited interruption in some Web-based services, cardholders can continue to use their cards for secure transactions globally.”

Hmmmm. “Limited interruption in some Web-based services?” When MasterCard said that its “core processing capabilities have not been compromised,” is that indicating other processing capabilities were affected? If neither MasterCard nor Visa can fully protect it site against a highly predictable consumer attack, how would the sites fare under a full-scale well-financed terrorist hit? Both brands make much of their highly robust systems. Although there’s no initial reason to suspect that the payment-processing network itself was impacted, this attack certainly doesn’t fill retailers with abundant confidence.…


RFID Buttons: Cute Or Ominous?

December 8th, 2010
A Chinese RFID manufacturer has started shipping RFID tags designed to look—and apparently function—as real buttons. They also can be washed with no harm to the sealed RFID mechanism.

However, by fueling the fears of every anti-RFID privacy advocate, these faux buttons may do far more harm than good. To be fair, these may not be faux buttons, in that they may actually function as buttons. In which case, they're not faux: They're Trojan horses. But in this version of the classic Trojan War tale, the soldiers inside the horse might turn around and attack their retail Greek creators.Read more...


Gap Piloting Apple Mobile POS Units, But Broader Impact Is Minimal

December 8th, 2010
The Old Navy group within The Gap has started testing Apple's mobile POS system, technology very similar to what Apple uses in its own stores. From The Gap's perspective, this is a perfectly fine arrangement, with the chain getting systems that have proven to work under retail battlefield conditions, the ability to share in a little of the Apple buzz among its targeted younger demographic and likely attractive discounts given it is the first major chain to try it. (The fact that the boards of both Apple and The Gap have execs from each other doesn't hurt with those price negotiations, either.)

The real question, though, is not whether this move makes sense for The Gap, but whether it's something that other chains should now seriously consider. There are plenty of mobile applications—and far more developers eager for work—that can deliver similar if not identical functionality. Will the convenience of using Apple's devices make that the way to go?Read more...


Google’s Latest Search Changes Could Be Very Bad News For Retailers

December 8th, 2010
A Brooklyn retailer was arrested Monday (Dec. 6) and federally charged with fraud and harassment. But the most heinous offense of eyewear-hawker Vitaly Borker was his criminally cynical manipulation of retail rankings within Google.

Borker figured out that any kind of comments from customers&38212;including really negative ones—would send his pageviews from Google soaring. Note: This didn't help him if a customer typed in his retail brand (Decormyeyes), but few prospects had a reason to do that. They'd be much more likely to type in major optical brands such as Ciba Visions, which Borker resold. Because of the Borker case, Google has changed its search mechanism. But that might be bad news for many legitimate retailers. Google is being cagey about the changes it made, but Google Fellow Amit Singhal did post a few comments on the Google blog.Read more...


Sears Canada Has Self-Inflicted Black Friday Headaches

December 8th, 2010
Sears Canada tried something new this year, in an attempt to compete with its U.S. neighbors who have been annually siphoning off Canadian customers on Black Friday. Those deep-discounted U.S. sales prompted Canadians to cross the border for bargains. So the chain advertised that it would match the sale price of any U.S. retailer. That's when the trouble started.

Canadian consumers were promised price-matching on any U.S. Black Friday sale, but store associates took a far more limited view of things. There's no question that this issue illustrates a classic case of poor training and/or communication with store associates, which is hardly a Canadian-only problem. Such communication is difficult at any time of year, given the huge turnover of young associates. But when you add in thousands of temporary seasonal employees, the challenge becomes almost impossible. As much of an issue as employee communication is, however, that's not the key problem here. It's this phantom distinction some retail execs are trying to make between in-store and Web.Read more...

Macy’s Re-Learns Why Firing Santa Can Be A Bad Idea

December 8th, 2010
John Toomey has been a much beloved figure at the Union Square Macy's in San Francisco for 20 years, which is how long he's worked as the store's Santa. Worked, that is, until December 4 when he was fired for having told a couple of very old jokes to some adults. From a PR perspective, this dismissal couldn't have been much worse. Let's see. A very popular Macy's Santa Clause is fired because he made a couple of politically incorrect non-traditional remarks. Sound familiar, fans of Miracle On 34th Street?

Before we delve into why this choice will—and should—be such a headache for Macy's, let's review the facts as they are known. The 68-year-old Toomey's self-admitted offense was to tell two mild (and, for what it's worth, really old) jokes to a pair of adults who asked to sit on his lap. The first quip is that he asked the adults if they've been good. If they said "yes," he replied, "Gee, that's too bad."Read more...

PCI Is Not Just For Cardholder Data Anymore

December 8th, 2010
It isn't just the military. All manner of government agencies, universities, hospitals, Internet service providers, telecoms and, yes, even retailers keep personally identifiable information (PII) that the bad guys would love to get. Consider your private label card database, pens PCI Columnist Walt Conway.

IT executives know in their hearts that they have lost the battle to control users. Ubiquitous personal smartphones (usually better than the ones companies provide for their employees), social networking, cloud applications and removable media are here to stay. Business requirements will trump security every time. That means we need to focus on the one thing we can still control: protecting the data. That is where PCI becomes increasingly valuable. Read more...

Wal-Mart’s “Best Price Guarantee” Reflects Multi-Channel Discomfort

December 2nd, 2010
Shortly before Black Friday, the world's largest retailer made a bold claim. Wal-Mart issued a statement that this holiday season it would offer "the Industry's best price-match guarantee" and "the strongest price-match guarantee in the market." Although we grant you that "best" is a highly subjective term (both in terms of "best in what way?" and "best for whom?"), the program would presumably offer much more generous terms on a virtually unlimited array of products. Sort of a Costco/Nordstrom returns policy approach to price-matching, right? Not quite.

Even though many chains for years have price-matched any legitimate rival offer—including, of course, online deals from their own chains—Wal-Mart's new program excludes all online offerings, even those from How is that the industry's best price-match program? More importantly, though, let's explore what this online-exclusion means.Read more...

Black Friday Inventory Blowup Hits Target,, Fry’s

December 2nd, 2010
Several major retailers—including Target, Fry's Electronics and—got burned on Black Friday by a hole in their inventory-checking functionality. The snafu tricked the merchants into selling products to consumers without actually having those products in stock. Among the many Black Friday glitches, this one exposed a flaw that may become increasingly common and might force retailers into a different way of checking inventory.

The problem materialized because this year, for the first time, several E-tailers tried to re-create some of the excitement that surrounds brick-and-mortar Black Friday consumers-wait-at-2 AM-and-then-stampede-for-half-off-an-HDTV sales. The idea was to announce some very enticing deals and then to not offer them until midnight while stressing that only a limited number of each item was available. The retailers' campaigns were designed to force a huge number of consumers to hit their E-tail sites at the exact same moment and try to buy the exact same product. If you're looking to stress test your inventory systems, this is an ideal way to do it.Read more...

Acquirers Rush In Where PCI Fears To Tread: Mobile

November 29th, 2010
As retailers implement plans for mobile commerce, they are running into a frustrating situation: the PCI Council is not validating any mobile apps. Interestingly, says PCI Columnist Walt Conway, it's the same roadblock that stymies the developers of those same retailers' mobile payment applications and their PA-QSAs. The problem is that a vacuum has formed between Visa's Payment Application Security Mandates and the PCI Security Standards Council's hold on validating new mobile payment applications.

More than two years ago, Visa mandated—effective July 1, 2010—that "Acquirers must ensure their merchants, [VisaNet Processors] and agents use only PA-DSS compliant applications." With nearly 800 PA-DSS validated applications listed on the PCI Council's Web site, retailers have a wide choice. Unless, that is, they are looking for a mobile commerce application. Read more...

At NRF, StorefrontBacktalk Panels To Include Top CIOs On Mobile, Security

November 28th, 2010
If you're making the trip into New York for the National Retail Federation's Big Show next month, there are some can't-miss panels you'll want to try and schedule: Ours. Our two panels include the Senior VP/IT at Home Depot, the CIOs of Pizza Hut, Kohl's and Pep Boys and the Chief Technology Officer at Ann Taylor, followed by the CIO of Sears.

StorefrontBacktalk is moderating these two panels at the show, and we'd love for any readers to drop by. (If you don't boo, who will?) We actually have these wonderful IT giants discussing two of the most critical retail tech issues: Security and Mobile.Read more...

The Fastest Way To A Bank’s Heart Is Through Its Restaurant’s Security Hole

November 27th, 2010

Here’s another reason banks should crack down on restaurants about security: to protect the bank. Seattle police and the U.S. Secret Service are investigating an Oct. 22 cybertheft in which a thief from outside the U.S. broke into the systems of a privately owned Seattle restaurant, the Broadway Grill. From there, the attacker tunneled into servers of the restaurant’s payment-card processor and stole at least 1,000 stored card numbers from the acquirer. Investigators won’t identify the card processor or the country the attack was launched from, but they said the data was definitely taken from the acquirer and not the restaurant.

The National Retail Federation has been saying for years that retailers should get out of the payment-card protection game entirely. NRF’s thinking is that banks are inherently more secure than retailers and that just keeping card data off retailers’ systems will make everything safe from attackers. True, the restaurant’s first-time owners, who bought the place in June, aren’t security experts. But they’re not the ones who lost the card data. Until retailers get rid of card numbers and beef up security and acquirers harden their own systems a lot further, those attacks will just keep coming.…

The Telecom Carriers’ Mobile Payment Pitch To Retail: Offering What Will Happen Anyway

November 18th, 2010
There's an old joke that perfectly encapsulates today's mobile payment stalemate, the struggle between retailers, Visa and other card brands and telecom carriers. "When they say it's not about the money, it's about the money." This comes to mind as the AT&T, Verizon and T-Mobile smartphone payment cabal unveiled itself Tuesday (Nov. 16) as ISIS. (This is the grouping that was widely reported back in August.) The group stressed the 200 million phone-wielding consumers they represent (as if Wal-Mart, Home Depot, Target and Macy's don't have their own huge installed base of mobile-equipped customers) and the ease of integration and various other talking points.

They stressed everything except the only thing that will ultimately persuade any major chains to support them: Revenue share, processing fees and other ways for retailers to say "Put a deal on the table that is sharply better than what I now have with Visa and I'll sign."Read more...

GS1: 10 Percent Of Mobile Barcode Info Wrong

November 18th, 2010
When GS1 U.S. and Canada on Tuesday (Nov. 16) formally unwrapped its coalition of many of the world's largest consumer goods manufacturers to address accurate product data, it mentioned that "more than 10 percent of searches for information about allergens, nutritional characteristics or other data return incorrect or incomplete results." There are reports of even higher percentages of problems with pricing data. Although the group's focus is not on pricing, the pricing problem was nicely illustrated at a meeting the held in Boston this summer. During a presentation, some members were in the back of the room running an experiment. They were using a smartphone and scanning various products around the room. A bottle of Coca-Cola was scanned by an iPhone and it was identified as a blanket. A 2-liter bottle of Pepsi was then scanned and it returned no data. One participant said that the unscientific sampling of consumer products scanned in the room that day had "the vast majority coming through (with) incorrect" information, including pricing. Read more...

A Peek Into Target’s Mobile Check-In Pricing Strategy

November 18th, 2010
As more retailers start to embrace check-in services—just this week, Target and Wet Seal both confirmed public trials of Shopkick, which adds their names to Best Buy, Macy's and Sports Authority's—a question has repeatedly cropped up: how much of a discount/credit should a barcode scan be worth?

On the "not much at all" side, we have the fact that it's barely 5 seconds worth of effort. Isn't $2 for a 5-second mobile swipe pretty good money? On the "quite a bit" side, it's a very different shopping action. To get consumers to engage in this beyond-comfort-zone new behavior will take a meaningful incentive. That will be triply-true once the novelty wears off.Read more...

Facebook: Retail’s Accessory To Purloined Privacy

November 18th, 2010
Facebook is now every retailer's best friend, with Wal-Mart's Sam's Club being the latest chain to incorporate the social site giant into its mobile app. But how far can—and should—retailers push the social data?

Many of the privacy arguments in Washington surround what advertisers can do online, but few focus on the data that retailers collect from site/mobile visitors. Does that mean that retailers are in the clear or merely that politicians have yet to figure out that loophole? In much the same way, Facebook's privacy restrictions focus on allowing others to access a member's information. But it says nothing about restricting what a user can do with his friends' info. In other words, consider the info that a Facebook user legitimately has about people on his/her friends list. Can they then share that with anyone else, without getting their friends' permission? And where do retailers fit in?Read more...

Only The Commerce Department Could Make Retail Self-Regulation Look Good

November 18th, 2010
A data breach is a nightmare, and not just because it means thieves have broken through a retailer's security. The second half of the nightmare is dealing with the wide range of state laws about reporting data breaches and managing data privacy. But some help would seem to be on the way, according to a Commerce Department report leaked last Friday (Nov. 12) that recommends new federal laws to standardize data-breach reporting requirements and provide a privacy safe-harbor for businesses.

Really? We've seen lawmakers take their best shot at data security and privacy before. This time, it's a task force of bureaucrats trying to balance the demands of competing interests. But at this point, we don't need balance. We need clear rules for protecting customer data, and regulations with teeth so there's a meaningful penalty when data isn't kept safe. As it is, the Commerce task force has some nice ideas about voluntary privacy principles that won't go anywhere in Congress—and wouldn't help even if they did.Read more...

Winn-Dixie, Publix Learn That No Eco-Friendly Deed Goes Unpunished

November 17th, 2010
Chalk this one up to the ultimate eco-friendly rule: You can't win. For years, grocery stores have been pushing their efforts to be seen as more environmentally friendly and one of the favorite techniques has been getting consumers to purchase reusable bags, instead of making the time-honored "paper or plastic" choice.

Reusable bags were good for the consumer, in that the bags held a lot more and the customer was often given a discount. And it was good for the retailer—who saved on the bag supplies—and it was good for the planet. What could possibly go wrong?Read more...

Shoplifting Mom Nobly Steals Only Child Essentials, But Then Leaves Child

November 17th, 2010

Every now and then, a shoplifter takes items that hit the sentimental heartstrings of even the most jaded loss prevention manager, such as a homeless pregnant woman stealing a package of diapers or baby food. This is impressively not one of those stories. Had the suspects had better publicity agents, though, it could have been.

At an Orlando, Florida, Wal-Mart, two young women stole children’s clothing and necessities valued at about $200. Although stealing is a naughty act (punishable by an adult time-out of between 5 and 10 years), these two seem to be just very desperate women trying to be the best mothers they can. The problem with that story: When police chased them, the women kept the goods but left two of their kids, ages 1 and 3, in a shopping cart at the store and then drove off. Yeah, they sort of lose their sympathetic desperate-mommy story with that move.…

How To Lose 500,000 POS Terminals

November 16th, 2010
In a situation that's a testament to the philosophy of "when you're in a hole, just keep digging," one of the biggest payment-card processors has now lost legal control of the phone lines that connect it to 500,000 point-of-sale terminals. Last Tuesday (Nov. 9), as part of an ongoing legal fight, a federal judge ordered payments processing giant TSYS Acquiring Solutions to turn over control of seven phone lines used by TSYS POS terminals to merchant service provider EPS—even though many of the merchants' POS terminals connected to those lines don't have anything to do with EPS.

In theory, that puts merchants using tens of thousands of TSYS POS terminals at risk—their payment-card data could be hijacked! Or leaked! Or lost! In practice, that's not going to happen. For now TSYS still controls those phone lines while it mulls an appeal of the judge's order. But the case is a reminder that all third-party services depend on how well someone else is running another company. When a card processor gets sloppy and just a bit too arrogant with one customer, that can have effects that ripple out to many other retailers.Read more...

Visa Stats: Franchisee Security Changing, But Not Necessarily Improving

November 11th, 2010
Newly released Visa stats on franchisee security breaches suggest a maturing of the security space, but not necessarily maturing into a more secure arena. The figures paint a picture more akin to burglaries that move from picking door locks to climbing into windows when confronted with more sophisticated door locks. Is it better? Not necessarily. But it's different.

In a look at how many of Visa's fraud reports came from its top five franchisee verticals (restaurants, apparel, direct marketing, sporting goods and lodging) over three years (2008 to 2010), the biggest short-term change was with restaurants, which plunged from 24 percent in 2008 to 9 percent in 2009.Read more...

The Starbucks IT Roller Coaster Is Now On Top

November 11th, 2010
As the number of retail alternative payment experiments soars, it's sometimes helpful to see what the non-traditional retail payment veterans are doing. Starbucks CEO Howard Schultz gave us a good hint last Thursday (Nov. 4) when the chain reported that its customers in fiscal 2010 "loaded more than $1.5 billion on Starbucks Cards."

Starbucks' up-and-down history on CRM, mobile and the Web makes these latest stats historically interesting. Whether it is up or down, this chain is hard to count out. That's especially true when a $10.7 billion coffee house is reporting a loyalty program growing at 20 percent.Read more...

Report: Retail Mobile Site Problems Galore

November 11th, 2010
When retail consulting firm The E-Tailing Group tried testing where M-Commerce stands today on various mobile devices, they proved what many in the industry already knew: Mobile is still the lowest ranked of retail channels, which is robbing many chains of revenue they might otherwise be able to pull in.

One issue hurting M-Commerce functionality is, ironically, that some execs may be taking early M-Commerce advice to heart. The initial advice had been to minimize functionality and images as much as possible, given the tiny screens and limited horsepower of mobile devices. But recent mobile improvements—especially in the Apple and Android arenas—could justify a slight liberalization of those rules.Read more...

Target’s $5 Million Coupon Fix

November 11th, 2010
Target on Tuesday (Nov. 9) issued a chain-wide software patch to theoretically resolve a three-and-a-half-month-long coupon-scanning nightmare in which consumers were often given a small fraction of the promised discount. But that was only after it ordered cashiers that weekend to manually review all paper coupons, a move estimated to cost the chain as much as $5 million in additional labor costs alone.

As part of the ordered manual review, Target shut down its POS Cashier Speed-O-Meter devices to accommodate the additional time for the manual reviews. That review will cost the chain between $2 million and $5 million in additional labor costs, said IHL President Greg Buzek, who calculated that fee based on an additional minute for every transaction and the number of stores and checkout aisles that Target is using, plus Target's efforts to add more people to keep the lines moving.Read more...

Time To Invest In Scanner Vendors: 74 Percent Of Retailers Say They Want To Scan Mobile Barcodes, Only 2 Percent Can Today

November 11th, 2010
In IHL's latest report on retail mobile hardware issues, a survey of 66 major retailers in September found that 59 percent want to be able to scan mobile barcodes within a year and another 15 percent want to do so within two years. That's 74 percent of retailers who want to scan mobile barcodes.

The problem? Barely two percent of them have scanners today that can do the job. "There's going to be a massive replacement of optical scanners," said IHL President Greg Buzek.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.