Top Stories



PCI Council Officially Swears Off Mobile Apps

December 15th, 2010

The PCI Security Standards Council, as expected, has officially declared it will not sign off on any mobile application for quite some time. If it helps, the Council added that mobile “will be a key focus for the Council in 2011.” (Unfortunately, the PCI statement didn’t note how many key focuses the Council plans on having next year.)

“Until such time that it has completed a comprehensive examination of the mobile communications device and mobile payment application landscape,” the statement said, “the Council will not approve or list mobile payment applications used by merchants to accept and process payment for goods and services as validated PA-DSS applications unless all requirements can be satisfied as stated.” This statement comes on the heels of a column by StorefrontBacktalk’s PCI columnist Walter Conway in which he described this as the Council’s position and noted it is permitting—encouraging?—acquirers to fill the void and approve payment applications on their own and then offer them to their merchants. …


RFID Buttons: Cute Or Ominous?

December 8th, 2010
A Chinese RFID manufacturer has started shipping RFID tags designed to look—and apparently function—as real buttons. They also can be washed with no harm to the sealed RFID mechanism.

However, by fueling the fears of every anti-RFID privacy advocate, these faux buttons may do far more harm than good. To be fair, these may not be faux buttons, in that they may actually function as buttons. In which case, they're not faux: They're Trojan horses. But in this version of the classic Trojan War tale, the soldiers inside the horse might turn around and attack their retail Greek creators.Read more...


Target’s $5 Million Coupon Fix

November 11th, 2010
Target on Tuesday (Nov. 9) issued a chain-wide software patch to theoretically resolve a three-and-a-half-month-long coupon-scanning nightmare in which consumers were often given a small fraction of the promised discount. But that was only after it ordered cashiers that weekend to manually review all paper coupons, a move estimated to cost the chain as much as $5 million in additional labor costs alone.

As part of the ordered manual review, Target shut down its POS Cashier Speed-O-Meter devices to accommodate the additional time for the manual reviews. That review will cost the chain between $2 million and $5 million in additional labor costs, said IHL President Greg Buzek, who calculated that fee based on an additional minute for every transaction and the number of stores and checkout aisles that Target is using, plus Target's efforts to add more people to keep the lines moving.Read more...


Retailers Struggling With The Concept Of Digital Ownership

October 28th, 2010
As much as E-Commerce and Mobile Commerce are all about taking the in-store experience and making it better (easier, faster, cheaper) and perhaps creating a few experiences that are uniquely digital, digital sites are almost always more comfortable selling physical goods. That's true even for entirely digital operations, such as Amazon's Kindle.

That's why the announcement from Kindle that it will, "later this year," introduce "lending for Kindle" is so potentially significant. The concept is a direct steal from the physical world. A person who purchases an e-book can loan someone a copy of that book, with restrictions. If a consumer today buys a book from a physical store, that consumer owns that book and is therefore free to sell it to someone else, for whatever price the market will bear. Instead of prohibiting that in the digital world, why not encourage it, albeit for a cut.Read more...


Bored With Your Current IT Gig? DSW May Be Able To Help

October 28th, 2010
The CIO of $2 billion shoe chain DSW is putting out feelers for a senior retail IT manager, one whose background focuses on applications (not infrastructure), merchandise planning distribution, allocation and logistics.

Background in "store systems would also be interesting" for this position, said DSW CIO Carlos Cherubin. "This is a new position, born of the fact that our organization is growing," he said, referring to its current 210-person IT operation (internal IT staff of 170 plus about 40 IT contractors). "We're a 200-person shop day-to-day," Cherubin said.Read more...

Getting ROI From PCI Security: Can It Be Done?

October 28th, 2010

One of the most frustrating truths in retail security is that, by definition, it has no meaningful return on investment—at least not in the sense that CFOs and board members view ROI. There’s no chance at improving revenue or profit; at best, it’s risk avoidance. Even that’s dicey. If security is in place, how do you really know that you would have been breached otherwise?

One way to squeeze out ROI: Flip an unsexy security expense like PCI by upgrading to a POS system that also moves lines faster or displays ads while customers are waiting. Or what about training cashiers to encourage debit-card users to key in their PIN—thus improving security and reducing the cost of card transactions at the same time? We explore these and other ideas in the latest StorefrontBacktalk podcast on security. To listen to the podcast, please click here.…

Note To PR People: Come And Get Us

October 28th, 2010

Like most media outlets these days, we here at StorefrontBacktalk get deluged with PR people pitching stories about their clients. But also like most media outlets, very few of those pitches are appropriate for us.

To help, we have crafted a page with our best-kept secrets about how to successfully pitch a story to us. It starts with understanding our audience and how we try and differentiate our stories. (Note: This particular blurb is a horrible example of what our typical stories are like, but it’s a pretty good example of an irony, so at least we have that.) So for PR professionals only: Please check out our PR tip cheat sheet, and your chances of getting a story placed will soar.…

StorefrontBacktalk Now On Kindle

September 30th, 2010

The next time you’re stuck on an airplane with just your Kindle and you want to know what other retailers are working on to make your life miserable when you land, fear not. StorefrontBacktalk is now available as native content on Kindle.

It goes beyond the headlines, and the Kindle supposedly updates this content when you’re near a connection so you can read it when you’re not. (I have to trust my Kindle-carrying colleagues to tell me how our content looks. Personally, if something can’t give me a paper cut while reading it, why bother?)…

Where Will—And Where Should—PCI And Mobile Head?

September 23rd, 2010

If retailers could do anything, what would be the top five things they’d change about PCI? What about mobile? Which mobile interactions will be deployed first and which will backburnered? And how far are merged channel (the last element of the multi-channel to cross-channel to merged-channel triumvirate) efforts going to be adopted by June of next year?

To try and get answers, StorefrontBacktalk and Forrester Research on Wednesday (Sept. 22) launched a research project on these issues and we’d love to have you share your views with us. Responses will be published anonymously, in aggregate only. Other topics in the survey include customer service techniques, global distribution, E-Commerce and store investment priorities, and CRM strategies. If you’d like to be included in this study, the survey is the best place to start. We’ll be publishing the results shortly before the holiday insanity begins. …

Could Chat Transcripts Be Security Minefields?

September 2nd, 2010
When Rite-Aid and Walgreens both announced pharmacist chat programs last month, they were the latest chains to try and use chat to get closer to their customers. But, ironically, the preservation of chat discussions of super-sensitive patient medical history may prove a very serious threat to security.

It's ironic because both chains are taking substantial steps to secure the access to confidential patient data, but neither is specifying steps to protect transcripts of that very same data. Imagine forcing call center employees to comply with all PCI rules regarding not preserving prohibited payment card data and then allowing them to write down all of that data in plain-text files that are then transmitted to consumers (who are unlikely to protect them) and saved in the chain's files.Read more...

Stop Making Friends And Start Making Money

August 26th, 2010
Franchisee Columnist Todd Michaud can't help but smile when he reads polls about how many companies are experimenting with social media. Responses along the lines of, "We are trying different social media tactics but have not landed on a solid strategy," tend to be the most popular answer. Can you imagine a CIO making the statement, "We are playing around with ERP to see if we can build a business case"?

The world is moving to an open, sharing, social platform at a lightening pace. As a result, people behave differently today than they did yesterday. How have your sales and marketing strategies adapted to this change? What if you could provide incentives to customers to entice their social graph to visit the location (receive 10 cents on your loyalty/gift card for each of your friends who checks in)? Laugh if you will, but I believe the restaurant industry will see multi-level marketing become a large part of its business in the next three to five years.Read more...

Oracle’s Larry Ellison Raked In $1.84 Billion In Compensation

July 28th, 2010

Oracle CEO Larry Ellison was the best paid executive with any public company over the last decade, pulling in $1.84 billion in compensation, according to The Wall Street Journal.

Concerned about all of the license fees you’ve paid Oracle over the years? Fear not. It’s been put to good use. You’ll be pleased to know that you helped financed several extra aircraft for Ellison. What to get the man who already owns Air Force fighter jets and an America’s Cup yacht? Oh, CIOs, you’ve given him so much already.…

Sears’ $1.1 Million Wrong-Price Penalty: No Simple Tech Fix

July 21st, 2010
Sears and its Kmart subsidiary on Monday (July 19) agreed to write a $1.1 million check to various California law enforcement agencies to settle charges that the company repeatedly charged consumers much higher prices than advertised. Officials said the overcharges appeared to be human error--as opposed to a technology glitch. But the overcharges happened so often and in so many locations that they seemed to be systematic.

The frustration for other retailers trying to avoid Sears' fate is that technology can only go so far and that without extraordinary vigilance, pricing errors are almost unavoidable. A relatively tiny number of chains in the U.S. have toyed with electronic shelf label (ESL) packages—including TJX, Wal-Mart, Albertson's, BJ's Wholesale, Costco, Kohl's, Pathmark, A&P, Whole Foods, Waldbaum and Kmart itself—but few have been deployed in a meaningful way.Read more...

Amazon And eBay: Growing Sideways

July 15th, 2010
When you're a category leader in retail, you have an unavoidable problem. Someday you may run out of room to get bigger. When that happens, you may have no place to grow but sideways. That's a challenge two online giants have dealt with in recent weeks. The different ways Amazon and eBay have decided to deal with this issue are instructive--and so are the ways they're exactly the same.

In Amazon's case, it's bound to happen: Eventually there won't be any more books, DVDs, toys, gadgets, power tools, Halloween costumes or cans of organic pumpkin for the E-tailer to offer online. Read more...

Amazon Patent’s Privacy Pratfall

July 8th, 2010
Against a backdrop of years of vigilance in protecting consumer privacy, a newly public Amazon Patent application raises a wide range of privacy concerns. The Patent Pending envisions making gift recommendations to strangers, leveraging Amazon's legendary database of consumer data. It speaks of using third-party databases, in addition to its own, to suggest gift ideas for--in an example the Patent Pending actually uses--"single Protestant Asian women between the ages of 25 and 35 with disposable incomes greater than $50,000."

And because Amazon's new invention would make specific gift recommendations for anyone who asked, it raises the question of how easily crooks could go on private-data fishing expeditions, trying one gift after another to uncover personal details about their targets.Read more...

eBay Mobile: Moving Beyond Barcode, Into VIN, OCR and Gift Cards

July 8th, 2010
When eBay purchased mobile barcode scanning application RedLaser last month, it was the start of a mobile strategy that has the auction giant moving well beyond traditional barcodes. Plans include support for 2D and 3D barcodes, QR codes, Code 128, gift card codes and, interestingly enough, car VINs (Vehicle Identification Numbers).

"Our plan is to integrate the barcode scanning capability into all of our applications and to evolve (to support) every kind of code, all of the various forms and shapes of barcodes," said eBay Mobile VP Steve Yankovich.Read more...

Visa To Franchisors: “We’re Here To Talk, Not To Listen”

June 17th, 2010
When it comes to PCI compliance for franchisors, Visa is completely out of touch with reality. That's from the pen of Franchisee Columnist Todd Michaud, who spent 9 hours with Visa execs at a franchisee symposium on Wednesday (June 16).

The morning was spent providing horror stories about how the sophisticated Russian organized crime syndicates responsible for the lion-share of breaches operate. The afternoon, meanwhile, was spent talking--indirectly--about what role tokenization and encryption may or may not play in the future of card data protection. Retailers representing more than 50,000 domestic locations were all in the same room, and not once were they asked their thoughts and opinions on the matter. "What a wasted opportunity," Michaid wrote.Read more...

Microsoft’s Mobile Catch-22 Is Getting Consumers To Not Give Up

June 17th, 2010
In the evolving world of mobile and barcodes, one of the most daunting challenges is training consumers to use the technology properly. Of course, you can't really train consumers on Near-Field Communication (NFC), 2D barcodes and Microsoft's Tag Reader. What retailers need is an interface that is so intuitive consumers simply guess how to use these tools correctly.

But therein lies a delicious Catch-22: Once consumers use a technology four or five times, they typically master it and can then proceed effortlessly. The first one or two times, of course, will likely be rough.Read more...

Now On StorefrontBacktalk: One-click Print Formatting, Automatic URLs

June 15th, 2010

Starting this week, each StorefrontBacktalk article has two new features. First, in response to many reader requests, we have now added a print function for each article. Just click on the Print icon (right across from the article’s date) to generate a web page formatted for printing, without page breaks, sidebars or reader comments.

Second, we now automatically add a URL to any content that you copy and paste from an article. Yes, it’s a feature: Instead of copying an entire article to send to someone, now you can copy just the most relevant part and paste it into a message; the URL for the full article is included at no extra charge. Tipping, of course, is always encouraged.…

The M-Commerce Paradox: If You Succeed, You’ll Fail

June 10th, 2010
After we ran a story in the last issue about some Mobile-Commerce experiments at Macy's and Best Buy, one retail exec at a very large chain who has worked extensively with mobile expressed skepticism that some of these projects would ever work at full scale.

"I wonder when people will realize that mobile devices communicate via, ummm, radio?" asked the IT exec. "And that microwave radio signals (which GPS, mobile phones and microwave ovens all use) don‘t transit solid surfaces, especially conductive ones like metal mall roofs, all that well? And that carriers make no promises relative to in-building coverage (and virtually no promises relative to out-of-building coverage)? And the U.S. government makes no promises at all relative to GPS signal penetration or even availability?"Read more...

Why Open Source Drives PCI Nuts

June 10th, 2010
The big advantage to open-source software is that anyone can change it. And the big disadvantage to open source? Anyone can change it. Case in point: osCommerce, one of the applications on the PCI "Bad Apps" list. It's not a surprise that this open-source app hasn't passed PCI's validation. Considering that it can be changed so easily, would you really want it to?

Most of the software packages on the Bad Apps list come from conventional commercial software vendors. If there's a problem with their applications--specifically, if those apps keep sensitive authentication data after a transaction has been authorized--the vendors are usually quick to create a new version or a patch that solves the problem. Result: Only older versions of the software contain the security problem that makes PCI unhappy. And next to the bad version of the app is a note listing the later versions that don't have the problem.Read more...

Forgotten Apps Pose PCI Danger, Visa List Shows

June 10th, 2010
Tucked away in forgotten corners of your network sits a wide range of old, forlorn applications. Beyond collecting electronic cobwebs, these apps potentially pose one of the most serious threats to your data security.

Visa routinely compiles a list of applications that, it believes, store sensitive authentication data after a payment has been authorized. Many app versions on this "Bad Apps" list are outdated and no longer being sold. But that doesn't mean they are not lying around in hidden corners of quite a few major—and some not-so-major—retail chains.Read more...

Quit Complaining And Just Do The Bloody Training

June 10th, 2010
Technology training is about as popular as a die-hard Lakers fan in a South Boston bar, pens Franchisee Columnist Todd Michaud. It also costs money. A good chunk of money. When you take something people don't like and then make it cost what the operator believes is a lot of money, you end up trying to cram the proverbial 10 pounds of stuff into a 5 pound bag.

When it comes to running a restaurant, investing time and money into learning the store's technology can mean the difference between a money-making hit and a bankruptcy-inducing nightmare. Technology plays a critical role in both the front and the back office. Michaud says he is befuddled by the notion that the same operators who clamor for a Limited Time Offer that may bump sales 1 percent won't invest their energy in systems they already own that could easily save them 3 to 5 percent.Read more...

Mobile Instant Payments: An Opening For Chains To Truly Avoid Interchange?

June 10th, 2010
The Holy Grail of mobile payments is the instant payment, something similar to Amazon's one-click or Apple's iTunes, perhaps enhanced by a short, memorized PIN. But no credit card numbers, street addresses or anything else cumbersome is required. That idea has prompted many to suggest this will be the direct-payment-to-carrier play. Why not have software loaded—or a chip inserted–into the hardware?

This payment might be made to the handset manufacturer, but more likely it would go toward a pre-arranged credit or debit card. Let's take this approach one step further. Why not buy from Wal-Mart a Wal-Mart phone—or from McDonald's a McDonald's phone—that allows one-click purchases for anything at all? The consumer would then receive a monthly bill with everything itemized. That's one way to get around interchange and to build some wonderfully deep CRM databases—with lots of your rivals' sales—at the same time.Read more...

Is It Time To Stop Mailing Fully Activated Gift Cards?

June 3rd, 2010
Why are we still permitting the mailing of fully activated gift cards? People aren't sending $20 bills in the mail anymore, so why are they still sending the plastic equivalent?

When someone sends someone else a gift card, why not first send an E-mail alerting the recipient to the card's imminent arrival and have that E-mail include a password to activate the card after it arrives?Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.