Top Stories


Payment Systems

Google Wallet Goes Plastic. What Now For Mobile Payments?

November 8th, 2012

In another blow to mobile wallets’ credibility, word leaked out last Thursday (Nov. 1) that Google will soon copy PayPal by introducing a plastic Google Wallet Card—complete with the magstripe that Google Wallet’s NFC hasn’t been able to displace. (This may be what Google was planning to announce last month but didn’t.) Google will be pitching the plastic for times “when you can’t tap and pay,” and any coupons or loyalty cards in a user’s Google Wallet will be automatically applied.

But we have to ask—why? Sure, we understand that Google seriously misunderstood either how hard mobile payments would be, how much its competitors hate it or how unwilling consumers are to use anything but plastic. If this is really Google throwing in the towel on NFC-based mobile payments, we have to wonder what else Google isn’t going to follow through on for Google Wallet retailers. After all, Google will still be tapping the transaction stream for CRM data, even at places that haven’t signed on. Is the search giant going to act like a partner after all this? This move may be just what Google Wallet needs. But chains? Not so much.…


Retail IT Lessons In The Path Of Sandy

November 8th, 2012
As Superstorm Sandy blew its devastating winds through much of the Eastern U.S. starting on Halloween, retailers had to deal with it just like everyone else. But few seemed to have anticipated the more than eight days of outages—some outages continue, pushing past 10 days—along with the gas shortages, closed roads, lack of food and water, plus the dead phone lines, lack of Internet broadband access and dead cell towers.

Stores in this area of New Jersey—StorefrontBacktalk's main office is in the heart of Sandy's path—are used to outages of a few hours and maybe, during severe situations, maybe one day. The bad news: With global weirding (the term for the many strange weather patterns caused by global warming), there's a fine chance these week-plus outages may be something that has to be planned for. With that in mind, let's look at what some of the chains—including Best Buy, Target and Starbucks—discovered when they could only exist via emergency generator. It meant POS without network (no debit, no gift cards, no returns, no lookups) and few ways to tell customers what they couldn't do.Read more...


Toys”R”Us Payments About As Far From Seamless As Possible

November 8th, 2012
Toys"R"Us is now following Walmart's lead and offering an online cash program, where shoppers can purchase something online and offer to pay for it with cash in a local store. The shopper then has 48 hours to get to that store and cough up the moolah. But these programs are taking an interesting twist. They have little to do with the unbanked, nor are they offering a more comfortable way for consumers who are still nervous about typing in their payment-card data—although both are factors.

No, this program has everything to do with getting E-tail shoppers into the stores. And, along the way, it has become the exact opposite of the original idea of merged-channel programs, where shoppers were encouraged to shop in whatever way was easiest and most efficient for their situation and the purchase's particulars.Read more...


Will MasterCard’s New NFC Trial Give M-Commerce Transactions Chip-And-PIN Rates?

November 7th, 2012

If paying with a mobile phone isn’t any easier than just using a card in-store, maybe it can at least improve the mobile-commerce buying process. That seems to be the idea behind a trial MasterCard announced on Wednesday (Nov. 7). In the Netherlands-based test (which actually began in mid-October and runs through March 2013), an NFC-equipped phone can be used to make M-Commerce purchases, with the phone sending an EMV-compliant cryptogram to complete the transaction after the customer selects a payment card and keys in a PIN. In effect, it’s Chip-and-PIN over the phone.

That’s slightly easier for customers than having to key in the whole card number and slightly safer than the merchant storing the number. But the real value to retailers will show up if MasterCard declares that its own EMV solution qualifies M-Commerce transactions for card-present interchange rates (or at least for the EMV-based liability shift). In that case, online merchants may suddenly be very interested in offering customers that option. If not—well, there’s always room for yet another NFC payments approach that retailers have no reason to adopt, right?…


California Supreme Court Ponders Whether Online Privacy Is Different From In-Store Privacy

November 7th, 2012
In a case to be argued Wednesday (Nov. 7), the California Supreme Court will decide whether to treat brick-and-mortar stores differently from online stores when it comes to the collection of personal information about customers who make purchases by credit card. The case could have serious consequences for personal privacy of online customers, as well as for the ability of online retailers to prevent fraud and authenticate their customers.

Several online retailers, including Apple, eHarmony and Ticketmaster, were sued in a class-action lawsuit that claimed their collective practice of collecting certain personal information—including consumers' names, street addresses, telephone numbers and E-mail addresses—violates the provisions of a 1971 law that precludes the collection of personal information about users of payment cards. The E-tailers are arguing before California's highest court that the 1971 law didn't contemplate online transactions, that prohibitions on merchants "writing down" consumer information don't apply to data entry into a computer databases and, besides, they need this information to authenticate users and prevent fraud, pens Legal Columnist Mark Rasch.Read more...

What If South Carolina Were A Retailer?

November 7th, 2012
The recent theft of cardholder data from the State of South Carolina's computer systems presents an interesting question: What would happen if South Carolina were a retailer? What would the state do, asks PCI Columnist Walter Conway, and what would be the reaction of the state's acquirer and the card brands to the data breach?

To recap briefly, the state announced in early November that hackers had stolen 387,000 payment-card numbers from the state's tax office. Some 16,000 of those payment-card numbers were not encrypted. As a result of the loss of the card data—together with the 3.6 million Social Security Numbers and the tax records of 657,000 businesses, none of which was presumably encrypted—the state is looking at a $12 million bill to provide one year's worth of credit monitoring and identity theft protection to those affected. Read more...

Are Risky Transactions Masquerading As Card-Present?

October 31st, 2012
At a panel last week, a Best Buy finance exec questioned whether card-not-present rules make sense—and she's hardly the first. It's not just NFC, which may or may not end up having a major impact on mobile payments, at issue. Rather, it's various other mobile payment methods, including stored-and-accessed card data systems such as iTunes and PayPal.

The original idea of card-not-present was simply a way to justify a higher interchange rate for less-secure transactions. The premise was that fraud is less likely when a magstripe card is swiped and potentially examined by an associate than it is when a shopper types numbers into a browser or tells them to a call center rep on the phone. But what happens when the card data is authenticated and used repeatedly—a la iTunes, PayPal and many mobile apps? What if the card is physically swiped and that data is then stored on the phone? Card-not-present is only meaningful today in one respect: In a few years, mobile payments will indeed likely make almost all cards not present.Read more...

Visa Stats Show A Huge Flip In U.S. Data Breaches Versus The Rest Of The World

October 31st, 2012
The fact that U.S. retailers have been the world's top fraud targets is nothing new, but recent Visa stats show a startling new reversal. In 2009, the U.S. accounted for 38 percent of the world's data breaches, with the rest of the world the victim of the remaining 62 percent. But by the next year—2010—those numbers did an almost full 180-degree flip. The U.S. suddenly accounted for 61 percent of all incidents globally, with the total of all other countries' breaches delivering the remaining 39 percent.

That pattern continued—mildly—last year (2011), with the U.S. inching up to 67 percent of all breaches globally. But it's the huge flip in 2010 that's fascinating. What happened then? Jennifer Fischer, Visa's head of payment system security and acceptance risk, said her people saw it as a combination of factors.Read more...

Getting Consumers To Add CRM Data To Mobile Wallets Is Really Hard, Until You Think Like A Shopper

October 31st, 2012
The idea that mobile wallets should also house loyalty cards is all but mandatory at this point, and the rationale appears to be the classic, "why not?" But shoppers have been decidedly apathetic, responding with their own, "Why should I?" It's a replay of the mobile and contactless payment problem, where a digital system is trying to displace a manual system (magstripe swipes, in the case of payment) that works perfectly well and that customers are used to it.

What makes this disconnect worse is the real reason mobile wallets need CRM/loyalty functionality: Shoppers have no problem with existing loyalty cards, because they just don't use them that often. The retailer benefit in mobile loyalty cards is clear: much greater use of CRM. But the benefit for shoppers? That's much more amorphous.Read more...

Monthlies And A Shout-Out To Kindle Users

October 29th, 2012

A little late October housecleaning here at StorefrontBacktalk. First, a quick reminder: StorefrontBacktalk now has five free Monthly newsletters, each one focusing on a different key area for you: E-Commerce, Mobile, PCI/Security, In-Store and CRM. The Monthlies—see the descriptions here—are available to anyone via a quick E-mail sign up and the November monthlies will publish next week.

The Monthlies are a great way to catch up on all the news in a given area. So before you miss the November Monthlies, sign up for your free copy—and remember, you can sign up for multiple topics. Finally, a quick thought for Kindle users. For those of you who have not yet subscribed to our Kindle feed, it’s not bad for convenience while traveling. You’ll get the latest on retail tech, E-Commerce, mobile and security beamed into your Kindle when you’re not looking. …

Can Aéropostale’s iPad Pied Piper Turn Teen Browsers Into Buyers?

October 24th, 2012
Aéropostale, the 1,108-store teen apparel chain with stores in all 50 U.S. states, is trying a creative iPad jukebox flytrap experiment to precisely track clothing, teen and music interactions. By giving teens control of the songs, they will gleefully wait 30 minutes to hear their tunes throughout the store—time spent browsing and likely buying.

The potential here isn't just to track generic music influences. The stores can already play different songs in different areas of the store and specific dressing rooms, with the sound bleeding out of the store and into the mall. What if specific songs influence—or attract—shoppers focused on specific types of clothing? Which tunes pull in tire-kickers and which are good buyer lures? Critically, though, this is all based on the psychology of how teens interact with apparel. It has very little to do with actual tailoring.Read more...

Isis Wants Users In The Worst Way Possible, And That’s How It’s Going After Them

October 24th, 2012
Isis has finally launched its mobile payments trials in Salt Lake City and Austin—and done it in a way that guarantees the fewest possible customers will use the new service. On Monday (Oct. 22), the mobile operators' consortium announced that all customers need to do is go to their Verizon, AT&T or T-Mobile store, where their phone will be opened up, the SIM replaced and the operating system upgraded (hope you don't lose any data that was on there). What could possibly discourage customers more?

How about the fact that those mobile stores will also be pushing customers to buy a new phone as long as they're already in the store? And yes, we're sure that will make retail chains feel warm and fuzzy about Isis, too.Read more...

Is the Barnes & Noble Breach By The Same Gang That Hit Michaels, Aldi and Hancock Fabrics?

October 24th, 2012
Barnes & Noble's announcement on Wednesday (Oct. 24) of PIN pad breaches in 63 stores sounds eerily like last year's breach at Michaels, the 2010 Aldi breach and the 2009 Hancock Fabrics breach.

In each case, PIN pads were physically compromised, one per store, in dozens of stores clustered in specific geographic areas. The PIN pads were apparently tampered with during the spring and summer months, and tampering was limited to the countertop devices. How likely is all this to be coincidental? Not very.Read more...

Major French Chains Testing Biometrics On Top Of A Contactless Smartcard, All Riding On EMV

October 24th, 2012
American retailers have never been able to make biometric payment authentication work, but it has been years since anyone has attempted it. Is the time now ripe? Was the efficiency and speed of biometrics the right idea at the wrong time? Two major French chains—Leroy Merlin, with more than 300 home improvement stores in 13 countries, and the Auchan Group, with 639 hypermarkets and 2,412 supermarkets—are betting that shoppers are now ready.

But the six-month French trial that has just started is taking the efficiency goal one step further, by marrying a contactless smartcard—which holds the biometric data—with the POS-affixed biometric scanner. The retailers estimate that the contactless card's transmission will be intercepted by the POS authentication element from two meters away, which is about 79 inches or about 6.6 feet.Read more...

PayPal To Shoppers: We Can E-Mail You, But You Have To Snail-Mail Us

October 24th, 2012
When PayPal wanted to change a fundamental term of its contract on Sunday (Oct. 21), it communicated with its customers electronically, using E-mail and its Web site. But if consumers wanted to communicate about that change to PayPal, well, for some reason, 21st Century forms of communication were just inadequate. PayPal insisted on a more, shall we say, 6th Century BCE form of communication—a written and signed letter mailed or couriered to a specific physical address. If this seems fundamentally unfair, that's probably because it is.

Most relationships between retailers and shoppers are dictated by some form of contract, typically online, pens Legal Columnist Mark Rasch. This may be true even for purchases made in brick-and-mortar stores, as courts increasingly look to the online contract to determine the rights and responsibilities of parties even if the consumer never went online. But online contracts present a problem for merchants: How do you change them?Read more...

Merged Channel Is A Wonderful Thing, If The Transition Doesn’t Destroy Your Chain

October 24th, 2012

As more chains struggle with fully embracing merged-channel operations, we have a delicious contradiction. The benefits of such a merged-channel approach are definite and intense. However, the risk of damage being inflicted by a less than precise execution is equally certain. Hence, it’s a path that needs to be traveled—but oh so carefully.

StorefrontBacktalk and ChainLink Research have collaborated on a report that looks at some of the less-covered pitfalls and opportunities of this approach. Take a peek.…

Interchange Settlement Opposition Intensifies, But It’s Not Likely To Matter

October 24th, 2012
As the interchange fee proposed settlement winds its way to a federal judge's decision—which is not expected before early next year, followed by the inevitable appeals—retailers are re-attacking the deal, with most of the named plaintiffs abandoning the settlement. But it's not clear how much of a difference it will make.

On October 19, as expected, the settlement was formally submitted to U.S. District Court Judge John Gleeson. But many of the retailers behind the settlement have now changed their mind and are actively opposing it. Those reversals, though, won't necessarily have a direct impact on the settlement's status, because Gleeson now has to decide for himself whether the settlement advances the interests of consumers, retailers and the industry.Read more...

Retailers To Find Tough Sledding With New iPads

October 24th, 2012
Apple's highly unsurprising iPad Mini announcement on Tuesday (Oct. 23) came with a side order of something retailers actually will care about: a full-size iPad that replaces the model introduced just six months ago. The differences: It's faster and has the new (and incompatible) "Lightning" power/data connector. The problem: That's the port most payment-card sleds attach to.

Yes, Apple sells a $30 adapter for plugging old-style peripherals into the Lightning port. But such adapters won't work well with card sleds, so stores could end up needing two types of iPads and two types of sleds. And that's the type of thing that drives central IT support crazy, because the sled that just broke is always the one you're out of.Read more...

The Apple Shopper Arrested For Using The Chain’s Mobile App Improperly Is Sentenced, And It Sends A Very Dangerous Signal

October 17th, 2012
An update on Eric Shine, the 18-year-old who was arrested this summer at a New York City Apple store after his payment using Apple's mobile app did not complete. And it's not good—at least not for retail and mobile payments. On Tuesday (October 16), Shine's case was resolved in a way that didn't clear him of the charges but almost certainly will if he's not arrested again within six months.

Had the court found him not guilty, it would have sent a message that shoplifting requires some proof of illegal intent. NYC sees a huge number of shoplifting charges every year. The city can now expect a lot more, unless retail loss prevention operations suddenly get a lot smarter. This is far from solely an LP issue, though. News of this arrest can seriously reduce consumer willingness to try mobile payment at any retailer. Certainly the consumers we've mentioned this situation to had the reaction, "Well, I think I'll be whipping out Mr. MasterCard for any of my Apple purchases from now on. It's slower, but it sure beats jail if I happen to hit the wrong button or forget to hit the right button."Read more...

Want Out Of Interchange? It May Be A Question Of Loyalty Vs. Fear

October 17th, 2012
Can anything actually reduce interchange? With the interchange settlement inching toward approval in New York federal court, and announcements expected next week from Google Wallet, Isis and maybe Apple, it's easy to forget the underlying reality: Visa and MasterCard have their interchange stranglehold on retailers because interchange is the payment-card business model. Cutting interchange requires weaning customers off the card brands, and that means coming up with a widely used alternative to Visa and MasterCard. It's as simple—and impossibly difficult—as that.

And it can't be created the same way Visa and MasterCard were, because that's now illegal. If the MCX retailers' alliance wants to beat the card brands, that's going to require some seriously new thinking—and it should probably start with loyalty.Read more...

The PCI Scoping Discussion Is Over. Now It’s On To SAQ Roulette

October 16th, 2012
Any discussion of whether a particular system or device is or is not in scope ended at the recent PCI Community Meeting. The PCI Council made it clear that any device "connected to" the cardholder data environment (CDE) is in scope, and that includes what the Council termed any "connected to connected to" system.

Given that the PCI Council's guidance is final in all matters related to PCI scoping, pens PCI Columnist Walter Conway, it is time to shift the discussion to helping merchants that qualify to use a self-assessment questionnaire (SAQ) and pick the right one. We can do this by posing a question: When is a merchant that has just validated its PCI DSS compliance not compliant?Read more...

Retailers To Mobile Payment Players: What’s In It For Us?

October 10th, 2012

We were hoping this week to find out when Isis will finally launch its mobile payment trials in Salt Lake City and Austin. No such luck: “Imminently” is all Isis Chief Commerce Officer Ed Busby would say at a presentation in New York on Wednesday (Oct. 10). But Busby did pass along a comment that crystallizes the problem chains have with the mobile-operator consortium, as well as with Google Wallet and PayPal: “I have a friend over at Banana Republic. He always tells me, ‘Ed, why is it everybody is knocking on my door all the time saying they can give my gross margin away faster than everybody else?'”

That’s how chains see Isis and its rivals? No wonder retailers aren’t pushing mobile payments at POS. Coupons and promotions (which the mobile payments guys love) eat margins. Mobile payments aren’t offering much-hoped-for interchange relief, either. That suggests mobile payments players need to start scrambling. Should they help enable loyalty first and ride payments on loyalty’s coattails? Or make it easier to use phones as in-store customer trackers? Or promise to give chains more and better CRM data? We don’t know. But without something serious in it for retailers to encourage a serious retailer push, there won’t be any mobile payments—Isis or not.…

Surprise Security Testing? Welcome To Worst Practices

October 10th, 2012
The CIO for Tulsa, Okla., was put on administrative leave on October 1, after a security company hired by the city ran an unannounced penetration test, and no one in the IT department realized it was a test. The usual tut-tutting aside ("How could he forget he hired this outfit?"), we're wondering whether it's time to dump the security "best practice" of doing surprise pen tests.

Yes, those tests should be a surprise to the security and ops people. But to the CIO? In today's legal environment, with PCI and personal information on the line? That's crazy. For a retailer, it's even crazier.Read more...

Starbucks Digital Tip Effort: Will It Really Translate From Cash To Mobile?

October 10th, 2012
When Starbucks announced on October 4 that it plans to add a way for shoppers to tip Starbucks' associates through its mobile app by next summer, the chain confirmed the latest unintended mobile payment consequence. The nature of a coffee chain is such that using cash is going to be decidedly more dominant than in apparel, consumer electronics, home repair or grocery. The Starbucks stored-value card already cuts into cash payments, but the mobile app threatens an even deeper cut.

The lack of cash payments rips into tips, which hits employee compensation. Not only are tips employee compensation that the retailer doesn't have to fund, but tips can enable employees to be paid less in salary. Mobile payment has far greater convenience, but its ability to undercut tips is something few retailers have seriously considered. Clearly, this is important to Starbucks. It's important enough for the company to violate one of the golden rules of mobile app announcements: Never announce a capability before it's deployed, especially as many as 11 months before it's deployed.Read more...

The Legal Perils Of Cyber-Insurance For Retailers

October 9th, 2012
In the aftermath of the hack of DSW's computer systems by uber-hacker Alberto Gonzalez, the Columbus, Ohio, shoe chain attempted to recover some of its $6.89 million in losses by filing an insurance claim for the theft, using the computer fraud insurance it had paid big bucks for.

The insurance company denied the claim—it took a judge to force the insurer to pay—arguing that cyberthieves hadn't actually stolen the data, so much as they made a copy of it. The insurance company also tried denying payment because the information was excluded for coverage, because it was proprietary, pens Legal Columnist Mark Rasch, who strongly encourages readers to start reading their policy exclusions right now.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.