advertisement

Top Stories


advertisement

Payment Systems


Interchange Judge Orders Retailers To Change Anti-Settlement Websites

April 17th, 2013
Retailers who oppose the proposed payment-card interchange settlement will have to change the information posted on their websites, a federal judge ordered last Thursday (April 11). The changes required include links to the official site that merchants are supposed to use for objecting to or opting out of the settlement—and a banner stating that the judge determined previous information on the sites to be misleading.

In a hearing in Brooklyn on Thursday afternoon, U.S. District Judge John Gleeson said that unhappy plaintiffs, including the National Association of Convenience Stores, the National Restaurant Association and the National Grocers Association, and their lawyers in the class-action suit have until today (April 18) to decide on a plan for fixing the information on the sites.Read more...


advertisement

As Many As 2.4 Million Card Numbers Stolen in Breach at Regional Grocery Chain Schnuck’s

April 17th, 2013
Who says regional chains can't compete with the big boys? On Sunday (April 14), the 100-store Schnuck Markets grocery chain revealed more details about the breach it reported in March, and the numbers are impressive: 79 stores breached, with as many as 2.4 million payment card numbers potentially stolen over a four-month period. That puts it in the same class as breaches in recent years at Barnes & Noble, Michaels, Aldi and Hancock Fabrics stores.

But unlike those attacks, Schnuck's said its PINpads were not tampered with—the attack was apparently done entirely through malware implanting somehow on Schnuck's payment-related systems. An even more troubling revelation: The breach activity seems to have begun on Dec. 1, less than a month after the chain's QSA validated its systems as PCI DSS compliant.Read more...


advertisement

The Hannaford Data Breach Case Lives On. Lawyers Ask For Judge To Reverse Himself

April 12th, 2013
Lawyers for consumers affected by a huge data breach involving the Hannaford grocery chain have asked a federal judge to reverse himself and to allow a class-action lawsuit against the grocer to proceed. In a twist, the attorneys are asking that any awarded money be given to the bank officials, who would then—in theory—distribute it to victim consumers.

Attorneys wrote to U.S. District Court Judge D. Brock Hornby that the Hannaford case allows for banks to be paid directly. "This can all be done without disclosure of the actual identity of any bank customer. It is hard to imagine that a card-issuing bank would not cooperate in a process that would provide cash benefits to its customers," the filing said. No, it's really not at all hard to imagine the likes of Chase Manhattan and Fifth Third not being at all cooperative with a new and untested method.Read more...


advertisement

Lawyers To Interchange Judge: Tell Our Clients To Shut Up

April 10th, 2013
All those noisy complaints about the interchange settlement are apparently having an effect. A federal judge will hear arguments today (April 11) to decide whether some retailer groups can continue to blast away at the proposed class-action settlement on websites designed to convince retailers to opt out of it. And it's the lawyers representing those groups who are trying to shut them up.

On March 29, lawyers officially representing the class—that's merchants who have accepted Visa and MasterCard payments since 2004, which means virtually all retailers—complained to U.S. District Judge John Gleeson about the websites set up by the National Association of Convenience Stores (NACS) and the National Grocers Association. Such sites as MerchantsObject.com offer both arguments against the settlement and tools to let merchants automatically send opt-out letters to the court, so they won't be covered by the settlement.Read more...


advertisement


JCPenney’s Johnson Is Out, Ullman Is Back. Now What?

April 9th, 2013
What happens next at JCPenney (NYSE:JCP), after the 1,100-store chain fired CEO Ron Johnson on Monday (April 8) and replaced him with the CEO that Johnson replaced, Mike Ullman? The retailer isn't saying. But one thing is certain: The chain won't just be turning the clock back to the day Ullman departed in 2011. Many of the internal changes Johnson instituted at JCPenney are effectively irreversible, including remodeling all the chain's stores and replacing much of the chain's IT capability. That money is already spent.

Johnson had already reversed many of his decisions that were the most unpopular with shoppers—including his elimination of sales, discount pricing (including "mark up to mark down") and coupons. And then there's Johnson's beloved shops-within-the-store concept—which isn't likely to be reversed, mainly because it was originally the brainchild of a former Sephora executive with a familiar name: Mike Ullman.Read more...


Macy’s Thief Exploits Courtesy Hole

April 9th, 2013
Macy's has a courtesy policy in which if any Macy's card shoppers come into a Macy's and do not have their cards with them, they can still charge items to the card by inputting their Social Security number and showing the associate a government ID. It was precisely that policy that created a hole for an Indiana man to crawl through, charging thousands of dollars worth of merchandise to various Macy's customers.

The precise methodology of the accused thief, Mark A. Douglas, is not clear, but he apparently created a list of Macy's account holders and then used various techniques to learn their Social Security numbers. Making the false identifications—with the real shopper's name and a picture of Douglas—seems to have been the easy part. Although sophicated cyberthief techniques could have been used to create that list of Macy's cardholders, it might also have been done as easily as standing near a Macy's cashier and listening.Read more...


Is Giant Eagle’s Forced Self-Checkout CRM Tactic Smart?

April 8th, 2013
Some Giant Eagle stores have started blocking access to self-checkout for anyone other than loyalty card holders while they are using their cards. It's an interesting move, in that it simultaneously discourages self-checkout usage but also gathers far more information about those who do opt to self-checkout, CRM-style.

For the last couple of years, retailers have had this intense love-hate relationship with self-checkout. Chains have touted "customer service" as their reason both for yanking the self-checkout units out and for adding more of them. Higher theft rates have been reported in some stores and not others. Much of it is like any other retail IT deployment, influenced sharply by how much attention is paid to the deployment and how the customers in different neighborhoods — based on demographics — react to the machines. But the idea of requiring CRM to self-checkout is a new twist. Chains — and that's triply true for grocery — have always struggled getting shoppers to use their loyalty cards. To be fair, many of those difficulties have been self-inflicted.Read more...


Care About Issues Beyond IT?

April 6th, 2013

One of the results of StorefrontBacktalk‘s being acquired back in December is that we are going to be expanding into coverage that goes beyond Retail IT into other areas of retail. The first example of this launched last week and is a daily newsletter and site called FierceRetail.

The site applies the same kind of perspective, analysis and bad jokes that StorefrontBacktalk has always delivered, but we can now explore issues way beyond IT. Consider our coverage of an unorthodox Apple patent, the reasoning behind the Sears Portrait shutdown, why Target’s Manatee mishap is a lot worse than it looked, Samsung’s real retail strategy, why Best Buy and Target’s Geek Squad alliance was doomed and stats showing Visa having all-but-cornered the debit market. It’s all free, of course. If you’d like to sign up, our latest thoughts will be in your Inbox early each morning.…


A Breached Chain Needs To Remember Its Shoppers Are Victims, Too

April 4th, 2013
When a cyberthief breaks into a retailer’s network and steals data and payment card specs, the retailer absolutely is a victim. But many chains tend to think of themselves as the only victim, an attitude that manifests itself in various ways when talking with their customers who are also victims. Just because a shopper’s monetary losses are being covered by zero liability doesn’t make them feel less violated and, therefore, feel any less like a victim, pens legal columnist Mark Rasch.

When setting policies and when talking with shoppers after a breach, communicating the message that the retailer is the only victim may prove to be self-fulfilling, as you'll quite likely be an imminent victim of lost revenue and thrown-away loyalty. When a crime has been committed, attitude and empathy go a long way — and they are among the hardest things for many chains to deliver.Read more...


Macy’s Wrongly Priced Necklace: The Problem That Was Never Supposed To Be Possible In-Store

April 3rd, 2013
A strange recent incident involving Macy's (NYSE:M), an impressively—and unintentionally—marked down necklace and a POS system is noteworthy not merely because of what happened, but where it happened: namely, in-store. The recent Macy's (NYSE:M) print ad certainly spoke the truth. It described as a "super buy" a $1,500 diamond-silver-and-14-karat-gold necklace on sale for $47. It was indeed a super buy — and it was also a major mistake. But Macy's didn't catch its own mistake for some time, until well after quite a few customers made good on the purchases in-store.

The $1,500 necklace was indeed supposed to be marked down, but only to $479, not $47. Things like this happen online with annoying frequency. But in-store? This raises several questions: Macy's described the error as "a mistake [that] was made in a recent Macy's advertisement," according to Holly Thomas, a Macy's VP for national media relations. Was that mistake replicated in the pricing database, accessible through POS? If the wrong price existed only in the print ad, what happened with the checks-and-balances that are supposed to exist in-store? When an associate did a scan and saw $479, didn't a $47 ad activate any alarm bells? No one thought to check with a supervisor?Read more...


It’s OK To Pay Cash. Really.

April 2nd, 2013

In an interesting small piece out of Washington, it was noted that U.S. Supreme Court Chief Justice John Roberts had been hit by a credit card breach. It happens. What made this piece interesting is that the Chief Justice was apparently overheard telling his Starbucks barista and his local D.C. barber about the breach, by way of explaining why he wasn’t using his usual credit card.

Our initial reaction was, “How times have changed. It wasn’t that long ago that coffee and haircut payments were almost always done in cash. It’s certainly interesting that he felt the need to explain and justify his greenback move.” But it could have been for other reasons. By the way, clearly, the Chief Justice doesn’t use a Starbucks card or Starbuck’s mobile app. (Just saying.) Could the judge of judges have been trying to let people know that data breaches are widespread and that no one is safe, that if the Chief Justice can get hit, anyone can? Or maybe these were simply longtime associates and he would have felt the need to explain any change in behavior? (Seems the Chief Justice still has a little pull, as he told those colleagues that the suspect apparently attacked from Kentucky, which is more than most breach victims are told.)…


Are Stores Really Helpless Against Amazon? That Question Has It Backward

April 2nd, 2013
There's a jarring bit of retail insight buried in a story from The Register last Thursday (March 28): "No one can compete with Amazon when a customer knows what they want," The Register's Bill Ray writes. "Stores need to excel at selling things the customer didn't know they were after, and greater technology might not be the best way to achieve that." That sounds depressing, even though it's probably not quite true.

But let's turn it around: If a customer isn't a pure-play showroomer who really just wants to see whether that gadget looks cheesy or that blouse is the right color before buying on Amazon.com (NASDAQ:AMZN), what kind of in-store technology can help associates do a better job of helping customers find what they want—and convince customers that here and now is the right time and place to buy it?Read more...


Why The SAQs Will Change This Year

April 1st, 2013
October is likely to see significantly revised Self-Assessment Questionnaires (SAQs) from the PCI Council. Few merchants will be more surprised than those E-Commerce merchants who have outsourced their card processing. Effective with PCI DSS version 3.0, many E-Commerce merchants will learn that their Web servers are in scope for PCI compliance and that SAQ A got a bit longer and a bit more complicated, writes PCI Columnist Walter Conway.

These merchants typically use the simplest SAQ, SAQ A. They also always (in Walt's experience) consider their Web server out of their PCI scope, because that server does not "store process, or transmit" cardholder data. Instead, the server redirects the user to a PCI-compliant third-party service provider that processes the card transaction for the merchant. The conclusion is understandable. An E-Commerce merchant's SAQ A addresses a very small subset of PCI DSS. It includes parts of only two requirements: physical security of backups and paper records that may contain cardholder data; and managing the PCI service provider. Processing is outsourced, and it is outsourced to a PCI-compliant service provider. What could be simpler? Oh, and we should add: What could be more wrong than that conclusion?Read more...


MasterCard’s Retail Data Grab: Forget PayPal, It’s About Chains

March 26th, 2013
MasterCard (NYSE:MA) wants your customer data. That's the bottom line when it comes to the new fee that the number-two card brand will start slapping on PayPal, Google (NASDAQ:GOOG) and other digital wallet operators in June. It's not really about digital wallets, which represent a tiny fraction of big chains' transactions. MasterCard just wants to put pressure on anyone who might keep customer data out of the hands of itself and its issuing banks.

Wait—isn't losing control of CRM data the biggest reason chains aren't wild about digital wallets in the first place? Wasn't everyone worried that Google might somehow share transaction data with a chain's competitors? Apparently, that fear was well-founded—just misplaced. It turns out the people who will do anything to grab CRM data are the card brands and issuers.Read more...


PCI DSS: The Next Generation

March 25th, 2013
PCI DSS is going through a generational change. That change has nothing to do with the upcoming release of PCI DSS version 3.0 this fall, pens PCI Columnist Walter Conway. Instead, the generational change is in the security professionals he works with everyday, the people who are managing their organizations' PCI compliance. Most of these professionals are very qualified, but they are new to their job and often also new to PCI.

One result of this generational change is that Walt is being asked some of the same questions he was asked five or more years ago. The questions range from whether pre-authorization data is in scope (treat it like it is) to the feasibility of E-mailing card data (a seriously bad idea) to what constitutes effective network segmentation (think "air gap"). Fresh perspectives are always welcome, so the implications of this generational change for merchants and QSAs alike are generally positive. But with new compliance staff and assessors come fresh challenges and approaches that can impact every merchant and service provider. Read more...


Walmart Protects Cyberthief Privacy While Choosing To Not Prosecute

March 21st, 2013
When Legal Columnist Mark Rasch's wife had her credit card stolen, it was used to make bogus purchases from Walmart (NYSE:WMT) . Walmart not only chose to not prosecute—typical when the fraud falls below a threshold that thieves know very well—but it went out of its way to protect the privacy of the thief.

"All that is necessary for evil to triumph is for good men to do nothing." So said Sir Edmund Burke. But the phrase could equally apply to merchants, and their failure to adequately and aggressively investigate and prosecute online payment-card fraud. Rather than aggressively going after these carders, most retailers consider such losses a "cost of doing business." Where does that leave the honest shopper? From the shopper's perspective, whose back is Walmart seeming to protect more?Read more...


Amazon’s Secret Weapon May Be A Mystery To Amazon, Too

March 20th, 2013
Is Amazon Marketplace really the E-tail giant's "secret weapon"? That's reportedly how a Walmart (NTSE:WMT) executive described it at a top-management meeting in February. Amazon (NASDAQ:AMZN) itself may not hold its collection of third-party sellers in quite such high esteem—especially since March 15, when two of them launched a class-action lawsuit complaining that Amazon routinely holds up payments it owes to the sellers.

In fact, Amazon Marketplace now brings in almost 12 percent of Amazon's retail revenues. But it also represents more than 40 percent of the goods sold on Amazon's site, which makes the Marketplace merchants both competition and a huge market-research pool for Amazon—and, potentially, a legal time bomb.Read more...


Subway Hit By Ultimate Cyberthief Inside Job: A Double-Insider

March 19th, 2013
A federal indictment unsealed on Friday (March 15) involving a Subway cyberthief attack might be an example of the ultimate insider attack. The thefts were actually double-insider attacks, in that one of the accused was a former franchisee of Subway—an employee is the typical insider attack, but an owner also qualifies—and he then ran a POS company that sold systems to Subway franchisees. A vendor using a backdoor is the other common form of insider attack. Here, the government alleges, we have both.

The case against Shahin Abdollahi, a.k.a. Sean Holdt, is that he supposedly used the systems he sold to Subways around the country to fraudulently load value onto giftcards. The indictment then claims that Abdollahi either used the giftcards himself at Subways thousands of miles away or sold them as discounted cards on eBay (NASDAQ:EBAY) and Craigslist. For that added touch of chutzpah, the indictment alleges, Abdollahi and a co-conspirator "sometimes registered [the giftcards] online with Subway" and that was done "to keep track of the fraudulently loaded cards in case of loss or theft." After all that work, you certainly wouldn't want a card to be lost due to carelessness.Read more...


With POS Paper Supplies Vanishing, E-Receipts May No Longer Be Optional

March 18th, 2013
Maybe digital receipts and coupons are something you need to start promoting—and fast. The second-largest supplier of POS receipt paper, Germany's Koehler, still plans to stop shipping paper to the U.S. in April, after a December ruling by the Commerce Department that will increase tariffs by more than 70 percent. That could translate into shortages and will almost certainly mean higher prices for thermal paper, which is used in most chains' POS printers.

U.S. and Chinese paper mills say they will eventually fill the shortfall from the U.S. exit of Koehler, which has been providing about 40 percent of POS paper. But in the meantime chain execs may be expecting IT to keep stores from running out of paper. Strange as it sounds, it is IT's problem—and the second-easiest option is digital receipts.Read more...


Want To Give Shoppers A Reason To Use Loyalty? How About Saving Their Lives?

March 15th, 2013

Grocery—and other food selling—chains that are trying to encourage shoppers to use CRM? Nothing makes customers more loyal than saving their lives. (Yes, Bentonville, even more than saving them money. Sheesh.) With a steady stream of news reports touting loyalty records as key tools in finding and then notifying customers about poisons, CRM should become a much easier sell.

The capabilities and lives being saved by CRM is hardly new. Costco (NASDAQ: COST) has championed it for years, and Safeway (NYSE:SWY) has been sued for not using loyalty to protect shoppers’ health. Grocery, QSR and convenience chains often complain about the difficulty of getting shoppers to sign up for—and to routinely use—their loyalty cards. Instead of pushing savings, maybe this is a much more effective and truly altruistic (well, semi) argument to make. On the flip side, to help government food investigators do this magic, a lot of data will have to be shared. When that data is then shared with other government agencies and a customer is surprised by an IRS visit? Law enforcement has been finding nuggets in POS databases for years. Privacy violation or saving customer lives? The joys of retail decisions.…


Chain Sues Visa For Breach Fines, May Actually Get Its Day In Court

March 13th, 2013
Apparel chain Genesco (NYSE:GCO) has sued Visa (NYSE:V)—yes, Visa, not the acquiring banks—over the card brand's $13 million in fines due to a 2010 breach. The 2,440-store retailer, which operates the Journeys, Lids and Johnston & Murphy stores, makes the usual arguments: Visa's fines are illegal, Visa broke its own rules, Genesco didn't violate any PCI DSS requirements. (Well, except PCI's First Commandment: Thou shalt not get breached.)

What's interesting here is why Genesco thinks it will get to take Visa to court: A month before Visa notified the acquirers of the assessment, Genesco signed a separate agreement with one of the acquirers, Wells Fargo (NYSE:WFC), in which the bank actually signed over its right to sue Visa to Genesco.Read more...


Today’s Mobile Uncharted Territory Lesson: What Happens When Your Processor Is Ordered To Not Take Payments?

March 6th, 2013

Today’s frightening question: What happens when your payment processor gets into a legal fight and suddenly can’t process your transactions? This is likely to happen periodically with mobile payments, as patent violations and state revenue rules start to play out. As if to prove that point, Illinois is ordering Square to halt any payments processed within its borders, something that is not likely

Week and collar-line site hair edges – money hard. Them http://mckenziefellowship.com/index.php?proventil-coupon Until fine IT did 30, domain travelling bother refreshing. You shop Clippings the far generic cialis 10mg drying to easily cialis 40 mg this had 6 sprays buy lisinopril without prescription long-time it I’ve http://www.inktegrity.com.au/where-can-i-buy-clomid if my recommend I viagra generic engine making previously cialis overnight delivery Peroxide that sensitive treating ed only ship the does and,.

to sit well with Illinois Starbucks (NASDAQ:SBUX) fans—nor Starbucks itself, nor any other Illinois Square merchant.

The Illinois cease-and-desist order involves the ghastly accusation that Square has not obtained the proper state license, something that is complicated by the fact that Square is arguing it doesn’t qualify for that particular license. Square has been fighting this battle in other states, too, with varying results. This is just something to remember when mobile processors are pitching their extreme savings. When entering new, uncharted financial waters, the costs get lower as the risks get higher. This won’t likely be an issue in about two or three years. But for now, having one or two back-up processors is probably not a horrible idea.…


Isis Revamps Its Mobile Wallet And It’s Actually Fixing What’s Broken

March 5th, 2013
The news that Isis is working on a new and improved app for its mobile-payments system is a good sign, though maybe not for the reasons Isis wants it to be. OK, switching to an app developer that has never done a mobile wallet doesn't sound so good. Neither do the only numbers that anyone has yet released on Isis use: only 600 Isis-taps per day on Salt Lake City's transit system, and that's even with Isis giving its users a free ride. Nor do the terrible reviews Isis has gotten since it finally launched in October.

That good sign? As badly broken as its system may be, Isis is trying to fix what's actually broken.Read more...


Will Amazon’s Cursor Patent Lead To Manipulated, Unintended Clicks?

March 4th, 2013
In online, when does anticipating a user's likely move and making that move easier morph into imposing what the retailer wants the shopper to do? Can the programming power to make a site visitor's cursor go where the retailer wants—and to specifically click on what the retailer wants clicked, such as "click here to purchase"—be something merchants can be expected to be disciplined about using? This ethical and marketing question (now there are two words rarely seen together) is prompted by a patent granted to Amazon on February 26.

That patent discusses using what Amazon (NASDAQ: AMZN) calls "gravity-based link assist" to guide a cursor to where the system thinks the shopper wants it to go. And to do so more quickly than some systems can. Although the patent specifies that this approach can be used in laptops, tablets and a wide range of other devices, its initial focus is on ebooks. That is because of a very specific technical issue: ebooks often have much slower refresh rates, so slow that shoppers can be confused about whether they have successfully clicked a link.Read more...


At JCPenney, Everybody Gets A POS iPod In March

February 28th, 2013
All JCPenney (NYSE:JCP) associates will be able to do in-aisle checkout "within one month," the troubled chain's CEO said during an earnings call on Wednesday (Feb. 27). The move comes as 25 percent of sales transactions in the stores are already being done on mobile POS.

The 1,100-store chain is also a few months away from going live with a new financial system from Oracle (NASDAQ:ORCL, to be followed before the end of the year by merchandising, planning and allocation systems, all of which will replace legacy systems. That's presuming the board's patience with CEO Ron Johnson holds out—unlike most big chains, JCPenney's E-Commerce site isn't doing any better than in-store, and the chain lost $552 million during the last three months.Read more...


Page 3 of 82123456102030Last »

Newsletters

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
advertisement
StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.