Top Stories


Payment Systems

Could The BlackBerry Save Mobile Payments? Maybe It’s The Only Thing That Can

May 31st, 2012
Everybody is waiting for Apple in NFC mobile payments—the theory being that the iPhone's try-anything-if-it's-Apple owners will embrace tap-to-pay as soon as the company endorses it. But Apple is in no hurry, and Google Wallet and ISIS aren't exactly taking off, while PayPal prefers phone numbers and PINs. The one player desperate enough to jumpstart NFC mobile payments may be RIM.

Yes, everyone hates the last-generation E-mail king, which on Tuesday (May 29) announced an operating loss and layoffs. But earlier this month RIM also finally agreed to let carriers and banks use NFC-enabled BlackBerrys for payments in Canada—without coupons, ads or a cut for RIM.Read more...


The Danger Of Comparing Mobile Stats

May 30th, 2012
You say potato, I say integrated mobile commerce infrastructure. Three reports released this week illustrate that however much confusion exists today about mobile commerce terminology, there's always room for more. When you see mobile projections, think hard and ask a lot of questions before you paste the data into a PowerPoint. Let's start with Tuesday (May 29): Two respected marketshare companies, Gartner and IHL, released reports about the mobile market.

Gartner said: "Worldwide mobile payment transaction values will surpass $171.5 billion in 2012, a 61.9 percent increase from 2011 values of $105.9 billion." Within minutes, a statement from IHL said: "Mobile in all aspects of retail is now a $5.5 billion market worldwide."Read more...


Mobile POS Moves Forward, With MasterCard’s Blessing

May 30th, 2012
PCI Columnist Walter Conway has just seen the future of mobile point of sale (MPOS), and he thinks those ubiquitous plug-in card-reading dongles may be winning. It doesn't matter that these MPOS approaches pose risks for cardholder data, that the payment applications are not PA-DSS validated or that they are not part of a point-to-point encryption (P2PE) solution as recommended by the PCI Council.

MasterCard on May 23 released formal guidance giving retailers a roadmap to implement MPOS using smartphones, tablets and other devices equipped with a "card reader accessory." The problem? The recommended best practices may not be PCI compliant and they conflict with MasterCard's own rules, as the card brand acknowledges.Read more...


Sears Learns That Merged-Channel Is All About Visibility. And If Systems Are Flawed, You Don’t Want That Stuff Visible

May 30th, 2012
Sears has been going through a rough patch these days, but a recent detailed customer complaint about how a ship-to-store order was handled is illustrative for reasons that go far beyond this retailer. It's a powerful reminder that what makes merged-channel work is visibility through tech automation, provided that what is visible is actually correct.

As chains become more merged-channel and outright encourage customers to fly back and forth between mobile, in-store, online, call centers and Twitter interactions, the lack of visibility into real-time inventory is going to create headaches much worse than mere out-of-stocks.Read more...


Apple’s Mobile Payments: Not Bluetooth, But Maybe Closer Than You Think

May 23rd, 2012
Does Apple really plan to use Bluetooth instead of NFC for mobile payments? Probably not, but you'd think so based on the buzz over the past week from the Apple-watching echo chamber. The consensus: All iPhones and iPads now have Bluetooth built in. It will take years for NFC to get into enough phones to matter. Ergo, Apple will use Bluetooth for its mobile wallet and sweep the table.

That's unlikely—if widely deploying a technology was the problem, contactless cards would have wiped out magstripes years ago. But will Apple use Bluetooth for payments? We may know by the end of the summer.Read more...

SAP VP Caught Doing Very Original Research On Retail Security: Barcode-Swapping At Target

May 23rd, 2012
When an SAP Labs VP was arrested this week—charged with multiple burglary counts for supposedly sticking fake barcodes on Lego sets in California Target stores—it was a wonderful reminder of how vulnerable today's barcode security is.

On the down side: Police said they found "hundreds of unopened boxes of Legos" at the VP's home, strongly suggesting that he had had considerable success using switched barcodes. On the plus side: Target's loss prevention team coordinated with various stores and shared pictures of the VP, enabling him to be identified and followed before a barcode swap.Read more...

A Web PIN Pad That Changes GUI For Each Customer’s Card. Will That Make Shoppers Use It?

May 23rd, 2012
Here's an interesting interchange-fueled conundrum: How do retailers get consumers to enter their debit-card PINs online, a move that saves the retailers money but doesn't directly help the consumers at all?

One vendor is arguing that by visually making the screen image look identical to whatever card shoppers are using, the shoppers will be more inclined to enter their PIN. The company has added a nice security twist: rotating the key position so anyone sniffing the communication—or using keygrabbers or spyware—can't easily determine the numbers entered. But that twist has its own twist: By scrambling the number positions with each click, some consumers will take a lot more time to enter their PIN, because they have memorized it based on the ATM, retail in-store and computer keypads they are used to.Read more...

Should Forensic Tools Be Sold To Anyone?

May 23rd, 2012
When a software vendor creates a tool for forensic data-breach investigators, can it—should it?—take any steps to try and make sure that product is sold to legitimate investigators and not to cyberthieves? It's a tricky issue. Unlike limiting sales to government law enforcement, forensic investigators are not licensed and they can work for any retailer or consulting firm or security company. What type of test of legitimacy could possibly work?

This came to mind because of an interesting product rollout on Monday (May 21) by a vendor called Passware. Its launch involves a means of grabbing passwords from within any Excel spreadsheet or Word doc by quickly locating encryption keys in memory.Read more...

With Massachusetts’ Blessing, All States Prepare To End Item Price Labels. It Begs The Question: What Will Price Mean?

May 23rd, 2012
Legislatures first enacted requirements that grocery stores and other retailers individually price items because they simply didn't trust the barcode and other price-scanning technology. But now, argues Legal Columnist Mark Rasch, the government doesn't trust the retailers.

What is the "price" of an item? New technologies enable the prices charged, and the display of those prices, to change instantly. Ask anyone trying to purchase a plane ticket from New York to Detroit what the "price" of that ticket is. Read more...

ISIS Launches Trial With Significantly Fewer Retailers Than Planned

May 17th, 2012
ISIS has finally named retail names for its mobile-wallet trial this summer in Salt Lake City and Austin. On Tuesday (May 15), the mobile-operator consortium announced that some (but not necessarily all) area Macy's, Dillard's, Foot Locker, Champs Sports, Aeropostale and Jamba Juice stores will be accepting mobile payments during the ISIS trial, along with 19 local merchants in Austin and 29 more in Salt Lake City.

That's not a bad turnout for a normal technology trial. But ISIS is promising just hundreds of locations in cities with a total population of nearly a million—and considering the weak consumer response so far to mobile wallets, anything less than an overwhelming assault may already be doomed.Read more...

JCPenney IT “Is A Mess,” Says COO

May 17th, 2012
Now it is IT's turn to take the blame for JCPenney's woes. On Tuesday (May 15), JCPenney COO Michael Kramer told analysts that problems during the chain's terrible first few months under its new "Fair and Square" pricing approach (store traffic down 10 percent, sales down 20 percent) were compounded by out-of-control inventory management and legacy system maintenance that ate up 90 percent of the IT budget—both fundamentally IT problems.

The result: It costs JCPenney at least $600 million per year more than it should to run the chain—which explains a lot about the quarter's $55 million operating loss. "I can think of no other thing to say about our systems and our IT infrastructure, and I have seen a lot of them: It's a mess," Kramer said.Read more...

The Delicate Legal, Ethical Dance Of Selling To Children

May 16th, 2012
Here's one for the marketing ethicists out there (is "ethical marketing" an oxymoron?): 18-year-olds come into the retail CRM world as clean slates, even if they have been active E-Commerce and M-Commerce shoppers for eight or nine years. It is illegal to solicit or sell data about children younger than 13—and what can be collected and used about those aged 13 to 17 is highly restricted. When that veteran shopper turns 18, though, can all of his or her juvenile shopping history be sold or even used?

One online payment vendor is preparing to sell tons of youth purchase data—apparently, this is the first time anyone has tried—avoiding immediate legal problems by offering the data in aggregate.Read more...

Will A Store-And-Forward In-Store Mobile Tactic Work?

May 16th, 2012
What if having wireless in-store access isn't really that important? Retailers' efforts to make sure customers have constant Wi-Fi access—to fuel mobile functions such as barcode scanning, demo watching and, potentially, even mobile wallet efforts—has certainly proven problematic, whether the reasons are wireless-unfriendly old buildings or young shoppers gulping all of the bandwidth with movies or games.

Beyond encouraging shoppers to use over-the-air access that chains need do nothing to facilitate, what if apps used the mobile device's memory to play those demos and to look up those barcodes, and then waited to update until the device was reconnected? Shopkick is using one version of this modified store-and-forward mobile strategy, as of an update deployed last month.Read more...

Yes, Virginia, We Really Do Need A QIR Program

May 16th, 2012
Integrators and resellers seem to be resisting a program that would provide stronger enforcement over, well, integrators and resellers. PCI Council General Manager Bob Russo talked with PCI Columnist Walter Conway about the resistance (the program is "sorely needed"), the pricing and the nature of the training. And given the number of industry insiders Russo worked with to create the program, he bristled at the suggestion that the Council worked in a vacuum on this one.

Russo said the training will be an online course so nobody should have to travel, Conway writes.Read more...

A Better Way To Search StorefrontBacktalk

May 16th, 2012

With more than 3,000 stories, columns and GuestViews in the content database here at StorefrontBacktalk, we thought it was time to do a little upgrading. Starting this week, readers (both free and Premium) can search for stories by limiting the search to just the story’s headline—as opposed to the headline and the full text. (Note: Right below the search bar, readers can choose HED Only or Story And Hed.)

The ability to isolate a search to the headline can be useful in two ways. If you happen to remember that the headline mentioned Target, for example, you need not see every story that mentioned Target (or even used the word “target”). The second way is practical. If you want a story that is primarily about tokens—and not a story that merely mentions the word somewhere—the headline-only search can be helpful.…

MasterCard Aims To Take Mobile Wallet Rivals Apart

May 9th, 2012
What Google, PayPal and ISIS are trying to assemble in mobile payments, MasterCard wants to dismember. On Monday (May 7), the number-two payment-card brand unveiled a mobile wallet and an E-Commerce payment system that are designed to cut out any middlemen horning in between customers and retailers and payment networks.

Ironically, while MasterCard's PayPass Wallet for NFC-equipped phones got most of the attention, that's still largely a pipe dream—MasterCard hasn't even talked any mobile operators into giving it access to the NFC chip. But the online payments effort will offer tokenization to reduce PCI scope for E-Commerce. The bad news: You can probably forget about any interchange relief.Read more...

Disney’s RFID iPad Trial Is An Important Lesson When Battling Showrooming

May 9th, 2012

As E-tailers continue their incursions into rivals’ physical stores, the only viable defense is to radically upgrade customer service and the overall store experience. Two of the retailers most known for this are Apple and Walt Disney World Resort. Have you ever heard of an E-Commerce site cutting into the revenue at Disney? What specific tactics can brick-and-mortars steal? Here’s a good one: Disney this month is experimenting with an RFID/iPad combo to upgrade its famous FastPass system—for letting people reserve tickets/times and thereby get much faster access to rides and events. As Disney employees carry iPads, customers’ RFID bracelets will interact with CRM and ride information.

It’s fair to argue that Disney has always been the retail exception. It pushed contactless payment by offering deep discounts, and Disney even successfully got customers to use digital biometrics (fingerprints) for park access. But that’s just the point. With a heavy enough emphasis on experience and customer service, shoppers are willing to do almost anything, including—just perhaps—forgetting all about Amazon.…

32-Point Font Might Save Your IT Career

May 9th, 2012
It's you versus the sales guy in an epic battle over your IT career. The sales guy has a polished presentation about the features and benefits of his products and services. You have a status report. The sales guy has access to unlimited resources to make your business partners' wildest dreams come true. You have one really great guy who you've overworked to the point that you carry a ton of personal shame.

The sales guy says, "Yes. Yes. Yes." You say, "No. No. No." In this surreal world, pens Retail Columnist Todd Michaud, you are watching your hard-fought IT career be dismantled by an onslaught of companies that shake your hand and look you in the eye as they pitch your demise one product and service at a time. And you had better buckle-up, Buttercup; it's only going to get worse.Read more...

Level 3 PCI Compliance Increases Slightly, Even As Its Population Grows

May 9th, 2012
The latest PCI compliance stats—out this week—show trivial changes from the prior report, with Level 2 and Level 3 retailers slightly increasing compliance. Level 2 went from 91 percent at the end of December 2011 to 92 percent as of March 31, 2012, and Level 3 also increased by 1 percent, from 58 percent to 59 percent.

With changes as small as 1 percent, it's hard to determine what, if anything, caused the change. The number of Level 2s dropped slightly (from 1,066 to 1,060), so it's possible a couple of the chains that left might have had compliance issues.Read more...

P2PE: No Cakewalk for Merchants, But There May Be No Alternative For Reducing Scope

May 9th, 2012
When the PCI Council released version 1.1 of its Point-to-Point Encryption (P2PE) Testing Procedures late last month (April 27), it forced an interesting question: Will P2PE be the only way to remove encrypted data from a merchant's PCI scope?

Writes PCI Columnist Walter Conway: Current PCI Council guidance (FAQ 10359) holds that encrypted data can be out of a merchant's PCI scope "if, and only if, it has been validated that the entity that possesses encrypted cardholder data does not have the means to decrypt it." The important word here is "entity." That is, the ability to decrypt the data must rest with some unrelated third party. With the emergence of P2PE, could this scoping guidance be revised to where the only appropriate "entity" is an approved P2PE provider?Read more...

The Analytics Hole: Does Anyone Connect The Dots From Mobile To Web To In-Store?

May 2nd, 2012
Retailers spend an awful lot of time and money gathering and analyzing online and in-store stats about customer behavior. But what most seem to not do is try and connect the dots.

What did the shopper do right after scanning that barcode? If the answer can be found in mobile analytics data, you're fine. But if the answer can only be found by overlaying that mobile data with in-store CRM data, most won't see it. What about synching E-Commerce activity with calls to the call center two minutes later? Or linking an E-Commerce search to an in-store POS action 20 minutes later? How about social activity matched with any of the above?Read more...

Macy’s, Amazon CFOs Say The Darndest Things

May 2nd, 2012
Two major retail CFOs in the last week both spoke with unusual candor. The Macy's CFO admitted how much she doesn't like coupons, but said that efforts to minimize them are doomed to fail.

And Amazon's CFO offered two interesting stats: One shows that Amazon is collecting a lot more state sales taxes than is generally perceived, and the second reports that almost 40 percent of Amazon's sales these days are not from products the E-tailer directly sells.Read more...

“Careless” Systems Integrators Now Directly Under PCI DSS

May 2nd, 2012
Mistakes made by careless or incompetent payment application installers or system integrators have led to far too many data breaches over the years. In each case, even though the reseller or integrator made the mistake, the merchant bore the ultimate responsibility.

Unfortunately, system resellers and integrators formerly fell in a governance gap in PCI, and their actions were outside the PCI Council's jurisdiction. PCI Columnist Walter Conway says "were," because that situation is about to change.Read more...

Walmart’s Online Cash Creates New Fraud Problem

May 2nd, 2012
When Walmart launched its E-Commerce cash program on April 26, did it open the door to evil-minded rivals by giving them the means to falsely lock up merchandise? That is just one example of the many implications behind Walmart's move to enable people to use cash to make online purchases.

Beyond new security holes on the risk side, the reward side is equally huge. While everyone seems to have focused on the general unbanked audience, a much more interesting prospect for this program is teenagers. Plus, this is sort of an anti-showrooming move, where online shoppers are being lured into the stores. Revenue sharing between Walmart channels is also a point of nervousness with this program. And a store's inability to cancel such online orders—even if the customer then finds the item on the shelf—is problematic, too. This is a rare example of the kinds of compromises—between online and in-store operations—chains must make these days.Read more...

The Privacy Triple Play: Digital Giftcards Using Facebook Data And Geolocation

May 2nd, 2012
The challenge of giftcards has always been getting customers to remember them when they're actually near the store where they can be used. With that goal in mind, a giftcard service—working with Gap and Sephora—is trying for a marketing triple play: mobile geolocation on top of Facebook data on top of customized giftcards. When a customer is near a retailer whose giftcard they have, it will loudly flag that fact to the customer.

The geolocation opt-in alerts are an interesting twist, especially when a consumer is walking in a city (locally or when traveling) and has no idea that a particular retailer has a store three blocks to the right.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.