Top Stories


Amazon Down? Only For The Web Monitors

July 5th, 2011

The curse of the Web site upgrade has struck again. But fortunately for Amazon, which Web-monitoring service Pingdom reported to be down for more than three days last week, the E-tailer’s site was working fine. The Amazon-is-down alert “referred to a problem we had getting to Amazon due to something they’d done with their system,” a Pingdom spokesman later explained. “Amazon started treating monitoring services [and most bots in general, if they presented themselves as such] slightly differently for a while. Most likely it wasn’t even intentional, just some side effect.”

This isn’t the first time E-tail updates have wrecked havoc with uptime tracking systems, as 1-800-Flowers discovered in February. Exactly what Amazon changed to confuse Pingdom’s bots isn’t clear; Amazon wouldn’t comment. And in fairness, it’s not an E-tailer’s job to play nice with monitoring services. But something at Amazon continues to drive monitoring sites a little crazy. On July 1, after the Pingdom problem was cleared up, there was a rash of Twitter reports that Amazon was down. They were based in part on the popular site, which reported: “It’s not just you! looks down from here.” As of tonight, that site still thinks Amazon is down.…


One Cynical Retailer’s Definition Of An Internal IT Client

June 30th, 2011

One retail IT line that is too cynical to not share: In an unrelated interview, a senior IT manager discussed working with certain internal clients—business unit heads who had, until recently, been just colleagues.

What’s the difference, he was asked, between a colleague and an internal client? “Simple,” he said. “An internal client is a colleague who’s had his reasonability removed.”…


Kroger Testing A Self-Checkout-Less Grocery Store

June 29th, 2011
The grocery space is the most significant retail area for self-checkout today, and $82 billion Kroger is the largest grocery chain in the U.S. It is, therefore, intriguing that Kroger is now doing a trial in Texas where it has redesigned a store to completely do away with self-checkout.

But Kroger—a 2,449-store chain in 31 states—is always a fan of experimentation, so this change might be more about trialing a new checkout approach and the removal of self-checkout might simply be a matter of freeing up space in a tightly designed store in an urban Houston, Texas, location. More meaningfully, though, it also reflects a POS approach conflict, with grocers today ambivalent about not only self-checkout but (both old and new) express lanes. It's an age-old argument, but one that is still valid: Why not reward and incentivize your best customers, rather than those who buy the least?Read more...


Twitter Commerce Hurdles: Excessive Popularity and, Ironically, Twitter Itself

June 23rd, 2011
As chains continue to explore ways to cash in on Retail via Twitter, apps focused on such efforts are running into an unlikely obstacle: Twitter itself. For example, one such retail application—called Tweetalicious, which rolled out on Monday (June 20)—forces users to agree to a very frightening list of very-visible permissions.

Before downloading the Twitter Commerce app, a user must agree that the vendor can read the consumer's tweets (including private direct messages), "follow new people," "update your profile" and—my personal favorite—"post tweets for you." Yeah, what consumer would have any problem with any of that? A third-party wants to send tweets out under my name? No problem. "I don't think it's the best choice of words," said Harrison Lee, the Tweetalicious co-founder/chief marketing officer, who also dubbed the warnings "intimidating." But, he added, it's not his firm's fault; Twitter dictated that wording.Read more...


Note To Readers: Cleaning Up Premium Confusion

June 23rd, 2011
Some of you may have noticed today that we have added a new pair of graphic icons for the newsletter: one that says Premium and one that says Free. Since we launched Premium back in late April, we have heard from multiple readers who apparently thought—quite mistakenly—that all of our stories are now Premium.

In fact, the vast majority of our stories (often 80 percent or more) are deliberately not Premium. We are hoping that these colorful images will make it easier to tell which stories are Premium and which ones can be read in their entirety by non-Premium subscribers. We're hoping that this clarification cuts back on the frustration of non-Premium readers who click on stories that they can't read fully as well as encourages readers to click on a story, confident that it's entirely available to them. This is also a good time to explain how StorefrontBacktalk decides which stories are Premium.Read more...

PCI Mobile Payment Guidelines To Not Appear Before April, And Probably Much Later

June 14th, 2011
The PCI Security Standards Council's much-anticipated rules on mobile-payment issues won't happen before April of next year and will probably happen much later, according to a key member of the Council's board of advisors. Given the pace of mobile-payment deployments and trials, this timetable forces retailers to move into this crucial area without standardized guidance—and virtually guarantees a lot of expensive changes in a year, when the rules finally materialize. As of Friday (June 10), the Council had not even created the mobile-payment special interest group, which will push back the release of a mobile-payment specification at least 10 months, said Christian Janoff, a retail enterprise architect with Cisco who sits on the Council's board of advisors.

This information is actually good news for retail IT for two reasons. By eliminating the possibility that mobile payment is imminent and by offering a "no sooner than" timetable, retailers are freed up to pursue various mobile-payment schemes without worrying about immediate change demands. The second reason this is good news is pragmatic.Read more...

PCI Hypocrisy: Citi’s Data Breach

June 14th, 2011
This past week, Citigroup announced its credit-card systems were hacked, compromising the card information on approximately 360,000 individuals. If this were a retailer, we would expect to see the card brands order a formal review by a PCI Forensic Investigator (PFI), a re-assessment of the retailer's PCI compliance at the time of the breach and possibly significant fines and other penalties. Will Citi treat itself as harshly as it does its retailer customers that are breached? PCI Columnist Walter Conway wonders (along with just about every merchant or processor that paid for PCI compliance or suffered a breach) if Citigroup will face similar consequences?

The big difference between merchants and issuers is how they validate their compliance. Or, more accurately, whether they even need to validate their compliance. We should give Citigroup credit for going public to the extent it has fairly soon after the breach. But other than replacing the compromised cards, we have not read anything to indicate what Citi is doing internally to fix its system and network vulnerabilities.Read more...

Mobile Payment Brawl: POS Players Vs. Reader Vendors

June 8th, 2011
The battle for control of mobile payments is now pitting the POS against the reader, with large retail chains squeezed uncomfortably in the middle. It hasn't taken long for vendor infighting to kick in following the industry's first serious mobile payment play, from Google late last month. But the real fight—a standardization effort so retailers need only accept one mobile payment system—is still months away.

There are two elements to mobile payment that need that standardization: payment card security and other payment data. The retail need for consistency of payment security will be handled cleanly by the PCI Security Council, whenever it gets around to it, most likely before the end of this year. The more critical area, though, is all of the data involved, whether it's CRM, giftcards, coupons or anything else. And a later stage of the data mess will be two-way near filed communication (NFC), which is when things will get both interesting and ludicrously complex. If there are multiple competing wallets—say from Google, Apple and ISIS—how easily will it be to deal with all of that data in a homogeneous fashion?Read more...

RSA: OK, We’ll Replace Some Of Your SecurID Fobs, Or Maybe Just Give You Advice

June 8th, 2011
The trouble with trusting advanced security is that if it's cracked, it becomes even less safe than plain-vanilla security. On Monday (June 6), RSA Security finally acknowledged what it should have admitted after it suffered a security breach in March: Its SecurID fobs are no longer secure. Unfortunately for the high-profile retail chains using the fobs, RSA isn't currently planning to offer replacements for all 40 million SecurID devices in use—and even if it did, there's no way RSA could replace them overnight.

That means the retailers who spent more to acquire this particular flavor of two-factor authentication may actually be less secure right now than if they relied only on strong passwords. After all, two-factor security effectively becomes one-factor security as soon as users start trusting too much in one factor (such as SecurID) and get sloppy with the other (their regular passwords). That's a natural danger—after all, how many people use two different keys to unlock their front door?Read more...

Appeals Court: Online Receipts Exempt From FACTA

June 8th, 2011
What is "printing"? Late last month, a federal Court of Appeals in California redefined that word in a way that will have a great impact not only on retailers but on the privacy and security of payment-card information online. The court found that an electronically mailed receipt containing certain payment-card information that a retailer can't legally "electronically print" did not violate that statute, because an E-mailed receipt is not an "electronic printing."

The ruling elevates language over substance, and it may leave consumer information at unnecessary risk if retailers take it as a green light to print full credit-card numbers on electronically mailed receipts, writes Legal Columnist Mark Rasch. After all, which is more risky: having a printed receipt with your credit-card number in your wallet or having an electronic version of that same document floating around the Internet?Read more...

Retail CIOs Bullish About Hiring, Not So Much About Starting New Projects

June 8th, 2011
Retail CIOs are much more aggressive than their other sector counterparts in planning for more IT hires, according to new survey figures released this week by Robert Half Technology (RHT), which surveyed 1,400 CIOs (of multiple industries) from companies across the United States with 100 or more employees. But when RHT—at StorefrontBacktalk's request—isolated the answers to solely the 148 retail CIOs surveyed, the conclusions changed.

The most glaring difference was for projected hiring. When compared with the national numbers and against seven other verticals (manufacturing; finance, insurance and real estate; professional services; construction; wholesale; transportation; and business services), retail CIOs were the most optimistic about hiring IT people, tying manufacturing, with 9 percent of both segments' CIOs saying they plan to add staff and one percent saying they plan to reduce staff. The national average is 7 percent to hire and 3 percent to reduce. Three percent of wholesale CIOs say they plan to hire, with zero planning to reduce. Finance CIOs also have 3 percent planning to hire, although 8 percent plan to reduce.Read more...

Blippy’s Purchase-Sharing Model: Innovative, Creative And Dead-Wrong. Plug Pulled.

May 25th, 2011
How much do customers actually want to share? It's a question that haunts retailers when it comes to social networks. On May 19, the CEO of Blippy, one of the most extreme shopping-sharing sites that has now given up on its much-vaunted share-my-purchases-with-the-world model, acknowledged that most shoppers just didn't get excited about the idea of publicizing every purchase they made with a credit card. In social-network terms, Blippy failed because almost nobody "Liked" it—the result of a colossal miscalculation about what and why customers like to share.

Sharing on social networks could be a CRM bonanza—there's a seemingly endless flood of data on what people are doing and buying. Retailers know how valuable that data can be and how hard it is to pry information loose from customers, which makes social tantalizing. But it's easy to forget that helping retailers isn't why customers are playing the social game. Neither is throwing away every shred of privacy. It may be that what social users really want is some attention—and their purposes don't always align with those of retailers.Read more...

Starbucks And Consumer-To-Consumer: A Way To Save Stores?

May 25th, 2011
Last week, a Starbucks mobile director made a casual comment during a Seattle panel discussion: "There's us to you and you to us and the third generation will be how do consumers interact with each other around our brand. That's where the power will be," said K.C. MacLaren. It goes beyond mere limitless discussions in a brand environment.

Envision an approach that merges geolocation, mobile communication, social sites and—critically—a trusted retail brand and in-store interactions. Put it all together and the future may not look so dim for in-store, after all. Starbucks, which did not want MacLaren elaborating on the concept, said he gave one example as Starbucks’ existing For the sake of humanity, let’s hope his vision is light years beyond that site, which has a strangely narcissistic quality to it.Read more...

With Social Data Mining, Start Searching Where You Know The Gold Is

May 24th, 2011

As companies start to make inroads into mining the vast social data fields, early strategies are emerging. For example, one company—Attensity—says the best course is not to take a customer database and try and match it with social profiles floating around. It’s better to do the reverse—find the data in Social Land, look for helpful datapoints and then try and match it with the customer list. Why is that approach better? It’s more efficient. The discovered useful datapoints are valuable on their own, even without a customer match.

Attensity hasn’t done this for a retailer directly, but it is working with two chains through Teradata. When Catherine van Zuylen, Attensity’s VP of global product management, was asked how she feels about the privacy ethics of doing these searches and associations, she paused and said wisely: “We just make the tools. It’s really up to the individual retailers to use those tools for good or evil.” Didn’t Maxwell Smart say that?…

Who Needs To Analyze Tens Of Petabytes? Retailers, If They Go Digging In The Social Dirt

May 24th, 2011

Mining tens of petabytes of data may sound like overkill for most retailers, but on May 20 IBM announced new tools for analyzing that level of data in less than a second. The move is really not too much overkill. As retailers start searching social-networking sites to flesh out their CRM data on customers, adding huge amounts of data from mobile on top of more facts being retained from M-Commerce, this capability could prove a lot more useful.

Unlike data on actual purchases, social-network data is literally out of anyone’s control. It ranges from static Facebook data to rapid-fire information in tweets. If a chain can track such data and react to it in real time, that could make huge-data analysis useful—even if it means merely spotting customer complaints bubbling up. But it would be especially useful if the analysis lets a retailer see almost everything customers are interested in. The fact that Big Blue is claiming to be able to tackle those mountains of data while it is still in its native format makes this announcement even more intriguing.…

Bing And Facebook Start Down A Very Frightening Social Media Analytics Path

May 18th, 2011
Finding and analyzing the collective thoughts in all the conversations happening in social media today has been a retail goal for several years now. Not coincidentally, that's exactly how long retail has failed in doing anything meaningful with that data. This week, though, an ISV and Microsoft's Bing search engine are at least making noises as though they are making a little progress. Bing on Monday (May 16) said it is working with Facebook to use a small portion of those social site discussions—limited to the ones on Facebook and further limited to the people in the friends list of that Web searcher—to help provide more valuable results to consumers.

The idea of aggregating the shopping and other experiences of a closed community is a good one, with lots of potential to boost the meaningfulness of such results. There's also a downside with this aggregation approach, namely that most consumers trust different friends to very different degrees.Read more...

Men’s Warehouse Deals With Store Isolation With Pizza

May 18th, 2011
When apparel chain Men's Warehouse threw a surprise pizza lunch for "employee appreciation" this past weekend, no IT people were invited. That lack of invite also extended to the retailer's E-Commerce team and, for that matter, all operations teams. And it was all by design. Like almost all national chains, Men's Warehouse struggles with ways to bring its store personnel into the corporate culture fold. At headquarters buildings and large warehouses, there are lots of easy ways to bring people together. "We've had back-to-back barbecues" at headquarters, and distribution centers have had "prom kickoff parties and bowling nights." And the chain subsidizes corporate cafeterias, so all lunches at corporate locations are subsidized to a degree.

Logistically, though, those types of things are not that easy with about 14,000 employees spread over 1,206 stores. For bonding, videoconferences and company-wide E-mails can only take someone so far. The chain's answer? Arrange—surreptitiously, mind you—for 5,300 pizzas to be cooked and delivered on Sat., May 14.Read more...

As Europe Tightens Up On Location Data, Retailers Need To Get Customers’ Buy-In

May 18th, 2011
Europe is coming down on the mishandling of mobile-phone location data—even if it's not coming down very hard. On Friday (May 20), a European Commission group is expected to recommend that mobile location data be treated as personal data, The New York Times. That would theoretically give location data much better legal protection. But the recommendation is nonbinding, and Apple and Google are likely to be much more concerned about individual EU countries investigating their practices than this toothless advisory opinion.

Beefing up security for more than payment-card data isn't a new idea, but it's unfortunate for retailers that Apple got so sloppy with its users' location data. Spotting customers as they're headed for a store is the holy grail of retail mobile-location technology, whether via GPS, Wi-Fi, cell-tower triangulation or POS tracking, and right now that's all getting a slightly creepy reputation. But in practice, it's going to become the norm—retailers will just need to get their best customers to opt in.Read more...

Visa’s Mobile Magic: Using POS As A Beacon

May 11th, 2011
When Visa rolled out its location-based mobile coupons service—with apparel chain Gap as its first client—it did so with a twist. Visa uses POS transactions to track a customer's location, so it doesn't have to cooperate with mobile operators or merchants. It doesn't have to deal with geolocation challenges like the inaccuracy of triangulating cell towers. It can even collect location information from stores that have nothing to do with its coupon program—including competitors of the retailers that do. It doesn't need customers to have smartphones, Wi-Fi or GPS, nor do those capabilities have to be turned on.

Most current mobile-payment approaches—including the mobile wallet Visa announced this week—are still based on the payment-card accounts Visa currently makes its money from. But eventually someone will come up with a better way and leapfrog over the card companies. Then Visa will be stuck with a large, expensive network for real-time transaction processing. That could explain why Visa wants to use its new service to follow cardholders around from one retailer to another.Read more...

U.S. Senator Introduces Do-Not-Track E-Commerce Bill, With Exemption That Makes It Irrelevant For All

May 11th, 2011
On Monday (May 9), a U.S. Senator introduced a bill to limit or prevent E-tailers from capturing information about their customers without asking. Like prior Senate technology efforts, the exemptions to the bill make it unable to execute its core purpose. Even if the bill—called the Do Not Track Online Act Of 2011 and introduced by Sen. Jay Rockefeller—didn't suffer from those rather generous exemptions, it's unclear how much of an impact it would have. Its telephone solicitation predecessor is the Do Not Call list. Quick show of hands: How many reading this article have signed up for that list? Of those who did, how many have continued to get lots of phone solicitations, with no practical way to make them stop? 'Nuff said.

To further minimize worries, as of Wednesday (May 11), the bill had zero cosponsors. As such, it certainly doesn't look like the Senate will pass the bill anytime soon. Is it possibly a news release bill, one designed to justify a news release but never be actively pursued? Just in case it does go anywhere, here's what the bill actually mandates.Read more...

Amazon’s Details Expose Cloud’s Ugly Side

May 4th, 2011
In a detailed postmortem of its days-long cloud-storage outage, Amazon on April 29 delivered a blow-by-blow explanation of what went wrong: One networking mistake generated a cloud full of "stuck" storage, which in turn filled up all available space with junk data in an attempt to automatically recover and finally required Amazon to bring in lots of new storage hardware to unjam the system.

The cascading problems were the result of Amazon's efforts to promise continuous availability of its cloud storage. That meant no downtime for maintenance windows—Amazon's network techs had to work without a net, and this time they were unlucky. But a dive into the details of the outage suggests that a cloud like Amazon's may not be worth the risk, or even offer an advantage, for big retailers—even though Amazon itself is one of the biggest.Read more...

If YouTube Can Provide Secure HTTP, Can Retailers Afford Not To?

May 4th, 2011

Remember Firesheep, the free program that showed up last October and made it easy for almost anyone to hijack the Web browsing of other people using public Wi-Fi to visit social networks and popular Web sites? It turns out that YouTube didn’t forget. Since February, the video-clip site has been quietly adding Secure HTTP to its pages (so YouTube’s URLs begin with https: instead of http:), and at this point almost the entire site appears to be hijack-proof—at least by tools such as Firesheep.

Today, most online retailers just use Secure HTTP when customers are logging into their accounts; conventional wisdom is that the overhead of https (encryption, special session management and other compute-gobbling elements) is just too costly for an entire E-Commerce site. But it may be time to rethink that. If YouTube can handle that security workload, there’s a good chance it’s not outside the reach of major retailers. Or think of it another way: If your customers come to understand that they can watch funny-kitten videos securely on YouTube, how unhappy will they be to learn that they can’t have the same privacy and security in your online store?…

New Theory About Visa’s Investment In Square: Visa Really Is After Twitter

May 4th, 2011

When Square simultaneously accepted a hefty Visa investment and then reversed course to match Visa’s position last week, many observers were trying to make sense of the move. What made Square so attractive to Visa? One industry observer—longtime payments power-player John B. Frank—has an interesting, albeit non-traditional, take. He argues that Visa’s affection for Square has little to do with Square and everything to do with Twitter. Indeed, Frank’s argument is that it was all about Jack Dorsey (Twitter Founder/Executive Chairman and Square Founder/CEO) and his ability to make Twitter deals happen.

“Shout out to Verifone: If it makes you feel any better, I’ve got a feeling, that Visa isn’t as interested in Square as they are in Twitter’s 200 million base,” Frank penned. “If Goliath was going to invest in David, why not a David with a PCI-certified personal POS? It’s because David isn’t really David after all. David is Goliath. Square is Jack Dorsey and Jack Dorsey is again Twitter. It’s all about P2P (person-to-person money movement) and this is Visa making a brilliant P2P investment/move.” Not so sure I buy into this very original theory, because I don’t see Visa connecting the dots with Twitter that aggressively—yet. Still, if it’s wacky and conspiratorial and it involves Silicon Valley today, well, it’s hardly wise to rule it out.…

Pepsi’s Merging A Vending Machine With Social, CRM

May 4th, 2011
Some mighty strange things have happened to vending machines lately, with machines offering iPhones and live crabs and accepting smiles for payment (really) and contactless payment (although some would argue that smiles are more viable).

But Pepsi has now rolled out a touchscreen vending machine that isn't primarily designed to actually give you anything to drink. It's an interesting intersection between social media, vending machines and CRM. In a "tis better to give than receive" mode, consumers walk up to the machine and can only use it to gift a drink to a friend or colleague (or, for that matter, a bitter enemy) by "selecting a beverage and entering the recipient's name, mobile number and a personalized text message." This creative idea actually has some fascinating CRM potential. It exposes Pepsi to friends/associates lists and flags new people who might be open to receiving promotional contacts.Read more...

PCI And EMV Cards: The Urban Myth That Won’t Die

May 3rd, 2011
The recent comments by leading retailers that want U.S. card issuers to move to the EMV standard for card authentication are missing the point. EMV cannot, does not and will not make PCI go away, regardless of recent moves by Visa Europe, pens PCI Columnist Walt Conway.

PCI is impervious to silver bullets of any kind. There are a few things every retailer needs to understand about both EMV and PCI before jumping on this particular bandwagon. Conway crafts a little thought experiment that assumes, as was suggested, that EMV becomes the "metric system" equivalent for payment cards. That means Chip-and-PIN—like a shift to the metric system—replaces all previous card and cardholder authentication methods. My EMV metric system card has no signature panel, no magnetic stripe. And the PAN is printed, not embossed, on the front of the card. Does PCI go away? Conway suggests it does not.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.