Top Stories


Supply Chain

Blind Call-Center Worker Researches IT Upgrade, Gets Downgraded For Her Trouble

April 21st, 2011

A blind call-center worker on April 12 sued a Maryland county government over a job downgrade and pay cut after the county merged its non-emergency call centers but didn’t preserve screen-reading technology. Yasmin Reyazuddin, a multilingual information specialist, said she researched the necessary configuration changes after the county bought Oracle’s Seibel CRM system, but when she raised questions about the switchover she was demoted, moved to a non-call center job and told her pay would be reduced. She wasn’t even allowed to try the system to see if she could use it anyway.

Wait—there’s a call-center employee who’s already using assistive technology, is capable of researching whether the new system can be made accessible (according to Oracle’s documentation, it can) and is willing to look for a workaround for any problems. And that’s the employee IT can’t figure out how to accommodate in the project plan? That isn’t an employee you bury. You loan her to IT to figure out the cheapest way to get a screen reader working and then end up collecting good publicity instead of a federal lawsuit.…


Real-Time Inventory Can Be A Tempting Real-Time Lie

April 13th, 2011
Reports were plentiful this weekend that Best Buy was having self-inflicted inventory issues concerning the iPad2, with some suggestions that the chain was deliberately lying to customers to hold units for an upcoming promotion. These rumors can happen easily, with individual stores (or groups of stores) sending local memos that are phrased ambiguously.

The first reaction I had was, "This is one problem that will go away when real-time inventory is universal and available on mobile devices." Then the cynical side of me took over (that's the side with an historically much better batting average). If a chain's management decides that it wants to fool customers about inventory levels—for a wide range of nefarious reasons—wouldn't real-time inventory be the most marvelous and efficient way to do it?Read more...


Only 4 Reading Days Before Premium Launches

April 13th, 2011

StorefrontBacktalk will launch its Premium Edition on April 18, just four days from now, on Monday. The reason we’re mentioning this again is to remind everyone that we are offering special 50 percent off pre-launch pricing. In other words, the exact same Premium service on April 18 will cost half as much on April 17. If you want to still have full access to all of our top stories (and all of the other goodies that come with the Premium subscription), doing it now is the cost-effective move.

Our site license options are also half-off during the pre-launch period (which has barely four days left). Our fear is that many readers will not focus on this until April 18, when they start running into firewalls when they try to read key stories and columns. And when they then subscribe, they won’t be able to take advantage of the pre-launch deals. The pre-launch deals were created specifically to give our long-time readers a break, so we want to make sure we do everything we can to remind everyone before it’s too late. To take advantage of our pre-launch deal, please click here.…


The Legal View: When Google Grabs And Posts Your Password, Can You Sue?

April 6th, 2011
When something bad happens, whether it is a data breach or some other type of attack, it is common for a retailer to meet with its counsel and, in addition to determining its legal obligations, ask the stupidest question any client can ask a lawyer, "Can I sue?" The answer to that question is, of course, always "Yes." The more difficult questions are, "Who can I sue?" and "Will I win?"

Almost always with a data breach or hack, pens Legal Columnist Mark Rasch, some other party has contributed in some way, to either facilitate or exacerbate the breach. The question is, is it worth it to sue? Unfortunately, in most cases, the answer is no. A few recent breaches may be illustrative. Last week, we wrote about a .pdf document of a company that was placed in a Web-accessible location that was not intended to be public. Think of this as leaving an important document in an unlocked office adjacent to your retail location. The public "can" but "shouldn't" go there. Read more...


Loading Dock Chaos: CIO Had No Idea What His Passwords Could Do

March 30th, 2011
What happens when the keys to a retailer's supply chain show up on Google? In the case of one multi-billion-dollar regional chain this week, it resulted in the ability of anyone to change the information of all loads expected at the retailer's distribution centers—dates, times, contents of the load, number of pieces, weight, pallets, the product ready date and the vendor call date.

In short, in the hands of an evil-minded competitor (in retail, are there any other kinds?), that Google-provided password could do a huge amount to slow down a rival, in addition to knowing inventory shipment plans so they can be countered. It represents a critical security breach—and one that started with the simple decision to put a confidential manual in a Web site subdirectory. That single password—which was printed in that Google-available PDF—unlocked a third-party's servers and revealed a supply-chain security hole large enough to drive a fleet of Mack trucks through.Read more...

The Food Allergy Trap: The Dangers Of Easy Customization

March 23rd, 2011
Self-checkout customization can be a wonderful thing, up to the point where a retailer too easily promises something that can't be delivered. For example, NCR has been pushing its customizable self-checkout systems that can, among other things, ask consumers for any family food allergies—presumably so the system can flag anything being purchased with a forbidden ingredient. Today's food retailers have no way of knowing the ingredients in all of the products they sells, given the lack of manufacturer consistency. But by merely asking the food allergy question, consumers will expect, as long as they shop at that retail chain, to not need to bother reading labels anymore. That's a huge value-add: for the lawyers in the area when one of those customers finds an allergy-inducing ingredient among the day's groceries.

The food allergy example is probably the most extreme, because it literally can threaten the life of the consumer. It also is the most difficult retail customization to deliver, because it requires full cooperation from every supplier—something that is virtually impossible. Also, the whole idea of customization puts the burden of delivering on the retailer.Read more...

Will Web Analytics Work For Mobile? Home Depot IT Chief: Most Retailers Are Behind, Think “We’ll Get To That Later”

March 21st, 2011
As retailers move to embrace mobile commerce, there are debates about what types of analytics should be used for mobile and even whether mobile analytics—or any single-channel effort—is necessarily a good thing. Most retail IT leaders, including Home Depot's Senior VP/IT and one of her counterparts at HSN, say that many chains are so early in their mobile thinking today that such debates are premature. "I think mobile is so young that we're not sure yet. Our analysis is developing in that area," said Home Depot's Cara Kinzey. "And I think that retailers are behind, [with many saying] 'We're more concerned about sales and we'll get to that later.' Honestly."

Sean Bunner, HSN's Operating VP, echoed Kinzey's sentiment. "It's such an early channel to get so granular. There's some overall trend stuff we're more interested in, like 'what category of merchandise are they purchasing?' From what we've seen, mobile is significantly different than Web or, for us, TV," he said. "But even within mobile, between mobile Web and apps. You see pretty significant shifts in categories, so we then have to get into CRM activity to see 'Why is that?' Do you want to merchandise that store differently?"Read more...

Russian Ease Of Use, But At A Heck Of A Price

March 14th, 2011

Remember when online commerce was going to cut out the middleman? Those days are long gone. On Tuesday (March 15) a Chicago-based shopping portal called BayRu, which allows Russian customers to buy from U.S. E-tailers, cut a deal to let shoppers pay for those U.S. goods in local currency at 500,000 locations throughout Russia using cash, credit cards, mobile payments and Western Union. The system works much like the Singaporean shopping portal that Google mistook for an link farm last month: Customers pick out goods online, and BayRu handles shipping and customs—for a fee.

How much does the middleman take? Items from three dozen E-tailers that include Macy’s, Target, Wal-Mart, Best Buy, Gap, Tiffany and ToysRUs—oh, and, too—require manual intervention for pricing, so the markup varies. A $7.99 paperback from Amazon, for example, costs a Russian customer the equivalent of a modest $9.10. But a $725 iPad 2 (an eBay “Buy it now” item) is marked up to a breathtaking $1,025. That’s money major retailers will keep leaving on the table until they figure out how to handle global customers—and global payments.…

The Pain Of Mobile Inside A Store. Ann Taylor’s CIO: Who Can Get A Signal Through 3 Floors of Metal, Concrete?

March 13th, 2011
So much of mobile retail strategy today is based on the consumer being inside a store. That includes barcode scanning, check-in services, price comparisons and reading customer reviews. And yet getting a reliable signal inside many stores—assuming the consumer does not have Wi-Fi access to that store's LAN—is almost impossible. The CIO at apparel chain Ann Taylor, Mike Sajor, argues that options exist, but few retailers are moving forward with them. Sajor laid out the reasons why in-store mobile is so terribly difficult for so many chains.

"If you think about mobility, interesting applications tend to leverage three things: presence; authentication; and location. Presence: Are you there? Are you on the network? Are you live? Can somebody see you? Location: Where are you physically? And to what level of granularity can you see that? Authentication: Are you who you say you are?" Sajor said. "Those are the three crown jewels. You can't do much interesting unless you have those three things locked in to some degree or another."Read more...

PCI Compliance In The Cloud

March 8th, 2011
Can a retailer (or even a service provider) move its payment applications to the cloud and maintain PCI compliance? PCI Columnist Walt Conway believes the answer to this question is yes, it is possible to be PCI compliant in the cloud. Neither validation nor compliance will necessarily be easy, and success is not guaranteed, but achieving both is possible. A better question, though, is how can a merchant implement a payment application in the cloud be both PCI compliant and secure?

Achieving PCI compliance in a cloud-based environment will involve some intense negotiations between the merchant and its cloud provider. If a merchant is neither willing nor able to dig into the details and maybe do a little arm wrestling with its provider, moving a payment application to the cloud is not for that merchant. Negotiating a detailed, comprehensive service level agreement (SLA) will be perhaps the most important single step to achieving PCI compliance in the cloud. But before you can even begin to develop an SLA, a merchant needs to understand who does what. That is, the first thing you need to know is which services will be provided by the cloud provider and which are the merchant's responsibility.Read more...

Home Depot Mobile: Great, Unless You Have To Use It, Associates Say

March 3rd, 2011
Home Depot's mobile point-of-sale device looks like a big success: The First Phone was used for almost a million POS transactions in the last quarter of 2010, the company told investors on February 22. But store associates complain about First Phone shortages, bulky hardware, buggy software and lack of training—and the fact that IT either can't or won't fix problems with the devices, even when associates take the trouble to send descriptions of device problems up the chain of command.

Their consensus: The First Phone works, but it still has a long way to go. That's what you'd expect from a first try at a mobile POS device, though, and that first draft won't get better without lots of listening on the part of IT. The comments of the Home Depot associates go a long way to point out the challenges mobile POS faces as it rolls out at Home Depot, Nordstrom and other retailers.Read more...

Federal Filings Paint Crocs IT Software As “Archaic,” “Primitive” and “Hopelessly Error-Prone”

March 3rd, 2011
Buried in the various legal filings of a shareholder fraud lawsuit against footwear maker Crocs is an intriguing look into how routine IT operations and discussions can quickly become very public and seem really bad. The case, which US District Court Judge Philip Brimmer dismissed on Monday (Feb. 28), told tales of a new IT chief whose software recommendations were treated by senior management "dismissively." Also mentioned was inventory and forecasting software that was "archaic," "primitive" and "hopelessly error-prone" and financial reporting software that consisted of "obsolete, unsuitable tools." And almost all of it involved the manufacturer's interactions with retailers.

The IT issues—which Crocs apparently did not dispute—never played a crucial role in the arguments, with the judge throwing out the case because he said the shareholders couldn't prove that senior management lied about these matters. That said, it's educational how close a linkage the shareholders drew between routine IT issues and critical financial shortcomings. Excel spreadsheets, for example, were blamed for product shortages and surpluses.Read more...

StorefrontBacktalk Launches Premium Edition

February 16th, 2011
Starting April 18, StorefrontBacktalk will launch a whole new range of Premium features, including special monthly reports, exclusive private discussion groups (CIO-only, franchisee-only, CFO-only, etc.) and Premium-only access to StorefrontBacktalk's top stories. Best of all, readers who subscribe to the Premium edition before it launches on April 18 will get a 50 percent discount on the subscription price—locked in for the first year.

The majority—if not the vast majority— of recent StorefrontBacktalk stories will still be available to read for free. So will our highly moderated discussion forums, which won't waste your time with spam and vendor pitches. But readers who aren't Premium subscribers will only be able to see the very beginning of Premium stories and columns—and they won't have any access at all to the Premium forums, private discussion groups, monthly reports or the archives of StorefrontBacktalk stories that are more than 30 days old.Read more...

Safeway Sued For Not Alerting Loyalty-Card Customers To Food Recall

February 2nd, 2011
A non-profit group sued the $41 billion Safeway grocery chain Wednesday (Feb. 2) for continually failing to notify customers about recalls, even though many of those customers used their CRM cards and were theoretically contactable.

The Center for Science in the Public Interest (CSPI) argued that when "Safeway learns that recalled products have been sold in its stores, it has a duty to disclose to customers that they face serious health risks or even death if they eat the recalled products. Safeway chooses not to notify its customers who purchased recalled products, thereby putting them at risk." Safeway, understandably, has a very different view. Safeway argues that there are good reasons for the industry to not standardize on such CRM-based alerts.Read more...

Introducing New StorefrontBacktalk-Style Discussion Forums

February 2nd, 2011
The reader discussion part of StorefrontBacktalk has always been crucial to us; it's a critical part of the sense of community we want to create. Ideally, this function is less about what our writers have to say to you, the readers, and more about what you have to say to each other. That's why we're introducing today our StorefrontBacktalk-style discussion forums: "Beyond The Story."

It's called Beyond The Story because our discussion forums thus far have been limited to comments on individual stories. And we policed those comments strictly, making sure that they were indeed about the story they were attached to and that they were non-promotional, non-offensive and respectful. (Well, as respectful as IT professionals debating RFID, PCI, CRM and Mobile are likely to get. We don't seek miracles here.)Read more...

A Money Transport Device With A Sensor That Could Destroy Your Cash. What Could Possibly Go Wrong?

January 31st, 2011
How confident are you in technology? How would you feel about a product that, if it glitches, destroys all of the cash that you're trying to send to your bank? Wincor-Nixdorf has crafted just such a product. What could possibly go wrong?

The idea is to have a more secure cash drum, one that would destroy all of the money it's holding if anyone attempts to steal that money. It uses special ink and the vendor says "the money will be stained for more than 20 percent of the surface. It is impossible to undo the staining." Can you imagine the fun meeting with your bank or insurance people—or your CFO—and explaining how an IT glitch just destroyed money coming from a store? Wincor-Nixdorf assures IT that "the concept is designed in a way that a mishandling is not possible and, therefore, the risk of mis-triggerings is reduced to a minimum." A minimum, eh? Quite comforting. Who pays for the lost money if it glitches?Read more...

Groupon’s Japan Disaster A Critical Social Lesson For Retail

January 26th, 2011
Social site and Mobile efforts are wonderful things, but the enthusiasm surrounding them—which may indeed be temporary, until the newness factor fades—has the most potential to create surprise disasters. Disasters from, ironically, excessive success. Retailers are used to making controlled entries into well-studied markets, which allows them to have proper capacity planning mechanisms. But Social and Mobile are threatening to undermine those efforts. Just ask Groupon CEO Andrew Mason.

Groupon just launched a New Year's holiday food program in Japan. The launch went so poorly—and by that we mean that it sold so really well—that Mason had to lose face with a positively painful YouTube video for customers. He opened with an admission that "we featured a deal in Tokyo recently that we really messed up," because its supplier couldn't handle the volume of orders.Read more...

Hackers Go Retro, Turn To Telnet For Attacks

January 26th, 2011
Sometimes the oldies really can make a comeback. For some reason, thieves are now increasingly using the 40-year-old text-based Telnet protocol to attack corporate servers, according to network-services vendor Akamai, whose retail customers include, Best Buy, JCPenney and Staples. Akamai says Telnet now represents the second-heaviest level of Internet attack traffic—and the Telnet attacks are still growing.

This sort of retro attack (it's like the Pong of computer break-ins) would be charming, except that it's growing rapidly. A year ago, almost no attackers used Telnet. But by the third quarter of 2010 (the last period for which Akamai has released data), Telnet attacks had jumped to one out of every six attacks.Read more...

RadioShack’s New CEO: More Proof That IT Experience Does Indeed Matter

January 25th, 2011

When RadioShack announced Monday (Jan. 24) that its board had chosen CFO Jim Gooch as its new CEO, it went out of its way to mention Gooch’s background in supply chain management and IT. This is just the latest example of retail boards showing new found respect for IT experience when sizing up folk for the big CEO corner office, including Home Depot, which is watching its own CFO’s IT chops when evaluating her for the CEO gig plus related IT respect demonstrations from Sears, Macy’s and Borders.

This IT love-fest is consistent with a move—started about 5 to 10 years ago—of assigning the CFO to oversee IT. Before that, it was more common for CIOs to report into COOs or often CEOs. The shift to having CIOs report into the financial group is an acknowledgement that IT is becoming more strategic and that it’s an area that CFOs must master if they want to run the whole ship.…

When Is A Franchisee’s IT Obsolete?

January 19th, 2011
It just got a lot tougher for franchise restaurant chains to crack the whip when it comes to IT mandates. A Florida judge has said Burger King can't immediately shut down several franchisee stores for missing a deadline to purchase new POS systems. The $2.5 billion chain will now have to go though more legal proceedings and possibly a trial. Or it can settle what has become the most visible case in a set of messy disputes over IT upgrades that should have been installed by the end of 2009.

Burger King hoped to get quick legal leverage by canceling its franchise agreement with Al Cabrera, one of several franchisees who Burger King sued last year over the tardy IT upgrades. But Burger King's franchise agreement wasn't really written with IT in mind. The contract requirements for replacing obsolete equipment were written for broilers and refrigerators, not POS units. That leaves open the question of whether Cabrera's old POS units even qualify as "obsolete" under the franchise agreement—and whether Burger King can shut down the franchisee.Read more...

Sears CIO Lasts 20 Months: Kasbe Out

December 22nd, 2010
The $44 billion 3,900-store Sears chain has one of the lengthiest histories of any major U.S. retailer. But given how long its stores have lasted, its latest CIO's tenure lasted not very long at all.

Timothy Kasbe, a celebrated IT exec who arrived at the chain in February 2009 after having served as the CIO of India's largest retail chain, quietly left the company early last month. Very quietly.Read more...

RFID Buttons: Cute Or Ominous?

December 8th, 2010
A Chinese RFID manufacturer has started shipping RFID tags designed to look—and apparently function—as real buttons. They also can be washed with no harm to the sealed RFID mechanism.

However, by fueling the fears of every anti-RFID privacy advocate, these faux buttons may do far more harm than good. To be fair, these may not be faux buttons, in that they may actually function as buttons. In which case, they're not faux: They're Trojan horses. But in this version of the classic Trojan War tale, the soldiers inside the horse might turn around and attack their retail Greek creators.Read more...

Black Friday Inventory Blowup Hits Target,, Fry’s

December 2nd, 2010
Several major retailers—including Target, Fry's Electronics and—got burned on Black Friday by a hole in their inventory-checking functionality. The snafu tricked the merchants into selling products to consumers without actually having those products in stock. Among the many Black Friday glitches, this one exposed a flaw that may become increasingly common and might force retailers into a different way of checking inventory.

The problem materialized because this year, for the first time, several E-tailers tried to re-create some of the excitement that surrounds brick-and-mortar Black Friday consumers-wait-at-2 AM-and-then-stampede-for-half-off-an-HDTV sales. The idea was to announce some very enticing deals and then to not offer them until midnight while stressing that only a limited number of each item was available. The retailers' campaigns were designed to force a huge number of consumers to hit their E-tail sites at the exact same moment and try to buy the exact same product. If you're looking to stress test your inventory systems, this is an ideal way to do it.Read more...

Post Office Fires A $1.5 Million Shot Across E-Tailers’ Bow

November 11th, 2010
The U.S. Postal Service has fired what amounts to a $1.5 million shot across the HTML bow of E-tailers, in the form of a settlement with Amazon for supposedly shipping products using a discounted shipping rate that the "neither snow nor sleet" people thought Amazon shouldn't have used. (By the way, do the carriers really want kudos for overcoming "the gloom of night"?)

In a settlement with Amazon, the anti-dog folk said that Amazon had ripped them off for about three years, from January 2006 through January 2009. The takeaway for retailers is clear, though. The Post Office is in a bad place these days, with E-mail attachments killing much revenue and FedEx and other carriers nibbling away at what's left. E-Commerce shipments are one of the last hopes, so the Postal Service wants to be explicit that it will enforce its rules strictly. But will it backfire?Read more...

Visa Classifies Corporate Franchisors As Third-Party Agents

November 11th, 2010
Last week, Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations. At least, that is the plan. Also interesting is that in taking this step Visa has weighed in on the systems considered to be in scope for corporate franchisors' PCI compliance, even if they never store, process or transmit any cardholder information.

PCI Columnist Walt Conway has to ask, though, whether it is possible that Visa's effort might have the unintended and clearly undesired consequence of actually reducing franchisee security—at least in some situations. That might happen if corporate franchisors segment their networks in an effort to bypass the new program and its increased costs. The decisions corporate franchisors make in the coming months could determine the ultimate effectiveness of Visa's well-intentioned effort to reduce data compromises and increase PCI compliance among franchise locations.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.