Will Warranty Enforcement Be Amazon Marketplace's Achilles' Heel?

When it comes to competing against Amazon, eBay or even Japan's Rakuten, one of the more challenging aspects is their third-party marketplaces, which give each a seemingly endless inventory at minimal risk. But the odds may be getting more even, as shoppers are starting to notice that some manufacturers are strictly enforcing their authorized reseller rules.

The immediate impact on shoppers is they may find that the expensive flat-screen TV, surround-sound speakers or refrigerator that looked like such a bargain on Amazon voids the warranty. The arguably-unrealistic expectation from consumer goods manufacturers—which sharply strengthens the hands of traditional e-tailers trying to fight against these third-party marketplaces—is that shoppers would not only notice the actual name of the merchant shipping the item, but would take the time to run that name on the manufacturer's site to see if they are truly an authorized reseller. Or they could just make the purchase from or and know for certain.

Top Stories


Nordstrom Phone-Tracking Trial Raises Customer-Theft Threat

February 13th, 2013
Nordstrom (NYSE:JWN) is six months into a 17-store trial in which shoppers are counted by way of Wi-Fi signals from their smartphones. The 236-store apparel chain is not storing any customer personal information from the trial, and it's only being given aggregated data on customers by the vendor handling the trial. But that vendor, Euclid, is storing hashed versions of customer Wi-Fi MAC addresses—and is also running trials for some 35 other of the nation's 100 largest retailers. That presents what could easily become an irresistible cross-retailer mobile tracking temptation.

Two very desirable—and potentially lucrative—sets of shopper data are being captured and saved here. But the retailers and the vendor involved are all pledging to not use it. The first is cross-retailer data, which is where the vendor will recognize a shopper's phone's MAC address when the shopper repeatedly walks into a Nordstrom and then detect that same shopper walking into a Nordstrom competitor. How much would that rival pay for such information? The second data set: Once one of those MAC addresses makes a purchase, the chain could connect that MAC address with the payment information. Voila, instant CRM-friendly data on whenever that customer walks into a store and, with enough sensors, every aisle he or she visits and how long the shopper lingers.Read more...


Live Tweeting Mass Layoffs May Not Be The Best Strategy

February 13th, 2013

Everyone knows the standard advice when someone—especially someone who works in IT—is about to be fired or laid-off, all of their passwords and systems access are shut off right before they’re told. You never know how people are going to react. Perhaps it’s time to expand those HR termination rules to also cut-off access to all company social tools, including Facebook (NASDAQ:FB), Twitter, Google+ (NASDAQ:GOOG) and LinkedIn (NYSE:LNKD). That’s a rule 257-store British entertainment chain HMV probably wished it had.

In late December, the chain was in the process of telling employees about extensive layoffs when one of those employees—someone who had password access to the company’s Twitter feed—began sharing her thoughts, such as: “Sorry we’ve been quiet for a long time. Under contract, we’ve been unable to say a word or, more importantly, the truth.” Then this matter-of-fact tweet: “We’re tweeting live from HR where we’re all being fired. Exciting.” One of her last tweets before all tweets from the company went silent was this delightfully predictive one: “Just overheard our Marketing Director (he’s staying, folks) ask, ‘How do I shut down Twitter?'” The best ideas always seem to come just a little too late.…


PCI Cloud Guidance: Private Cloud Is The Preferred Way To Go

February 13th, 2013
The PCI Security Standards Council (PCI SSC) recently released PCI DSS Cloud Computing Guidelines, a document that has important information for any retailer or merchant looking to take advantage of the benefits from cloud computing. The guidance document begins with a simple statement: "It may be particularly challenging to validate PCI DSS compliance in a distributed, dynamic infrastructure such as a public or other shared cloud." Using the phrase "particularly challenging" communicates that a merchant's PCI compliance will be easier or harder depending on the chosen cloud deployment model, pens PCI Columnist Walter Conway.

One gem tells retailers they need to "obtain the details of the CPS's [cloud service provider's] compliance validation." This is the first official guidance that tells merchants to go beyond asking for the attestation of compliance (AOC). The guidance suggests merchants review "The Executive Summary and Scope of Work sections" of the CSP's report on compliance (ROC) and the "specific components, facilities, and services that were assessed." Securing a copy of the current AOC for the CSP is a good start, but it is not enough. Merchants need to know the scope of the CSP's assessment, which is not sufficiently detailed in the AOC. The SIG recognized this situation explicitly with its recommendation.Read more...


Amazon Hands A Digital-Resale Blueprint To Chains, But It’s Trickier Than It Looks

February 12th, 2013
Amazon's newly issued patent for reselling digital goods raises some interesting concerns. The least interesting: Holy cats, Amazon has patented the idea of selling used e-books! (No, it hasn't.) Much more intriguing: What happens when many retailers have their own online digital resale shops? To resell or give away that digital copy of Nineteen Eighty-Four I bought from Walmart (or Barnes & Noble or Target), will I have to get the original retailer involved?

Short answer: apparently so. And with digital content a potential CRM goldmine, more chains may soon start selling digital books, movies, music and audio books—which could get very sticky, for both customers and retailers.Read more...


PCI’s New Cloud Guidance: Great Ideas, Short On Realism

February 11th, 2013
When the PCI Council rolled out its cloud computing guidelines on February 7, one element—dealing with introspection—has been heralded as sound practice while being slammed as unrealistic and impractical. The problem speaks to the very nature of clouds.

In private clouds, retailers can demand unlimited data about their environments; shared cloud providers, meanwhile, simply cannot reveal information about other cloud residents. That very well may mean shared cloud vendors will simply not be able to provide enough information for a retailer to become PCI compliant. Does the council then ban shared clouds—as some have expected—or impose requirements on retailers that they may be unable to fulfill? The guidelines—which are not edicts from the council (yet) but, indeed, are solely guidelines—fairly describe the various types of cloud offerings, from the private cloud to the various shared options: community cloud; public cloud; and hybrid cloud. Although acknowledging that retailers may have limited control of the environment and the information in a cloud model, the council still places demands on the information gathered for PCI compliance.Read more...

After Seven Months, Why Does The PCI Council Yet To Have Anyone P2PE Validated?

February 8th, 2013
For the past two years, the Payment Card Industry Security Standards Council (PCI SSC) has been taunting merchants with offers of a specialized (and simplified) Self-Assessment Questionnaire (SAQ) for those using "validated P2PE" approaches. At first, the council told merchants to wait while it drew up plans to validate the products. Then—finally—seven months ago, PCI SSC released its standards and told merchants to go right ahead and pick one of these validated options. There's only one problem: As of Thursday (Feb. 7), the council hadn't validated any.

That's right. Seven months after the standards were released and nearly two full years from its initial announcements on the matter, the PCI SSC has yet to validate a single P2PE vendor that can offer the promised scope reductions and a simplified SAQ to merchants. Why? Well, quite frankly, pens GuestView Columnist J. David Oder, because the council designed the wrong standard.Read more...

Privacy Issues Galore Crop Up In California Supreme Court E-Commerce Ruling

February 7th, 2013
On Monday (Feb. 4), the California Supreme Court revisited the question of whether online retailers are permitted to collect certain personal information when engaging in a credit-card transaction. A 1974 statute seems to say "no," but the California Supreme Court says "yes." Although the case is a victory for online retailers, the way the court came to its decision may open up consumers to much more use of personal information. In the end, that possibility may cause the State Legislature to clamp down on new forms of database misuse—for both online and offline retailers, pens Legal Columnist Mark Rasch.

In the 1970s, California passed the Song-Beverly Act. It prohibited merchants (there were no online merchants back then) from requiring, as a condition for accepting a credit card, consumers to provide certain personal information. The legislature was worried about merchants using the pretext of accepting a credit card to mandate that consumers pony up their names, addresses and other personal information.Read more...

Walgreens Refill API Isn’t Very Interesting, But It Will Be

February 6th, 2013
Chains are still inching toward making their mobile apps genuinely useful to customers, but at least they're doing it in more technically useful ways. On Monday (Feb. 4), Walgreens announced a new application programming interface (API) that should make it easier for mobile app developers to deliver all sorts of prescription refill information to users, at least if Walgreens is willing to provide it.

Unfortunately, what this API currently does is pretty primitive: It accepts a prescription number and then reports back to the app that it has (or hasn't) successfully requested a refill. Just the fact that there's an API is a big step forward, because it means Walgreens can extend that API without breaking any apps that use it.Read more...

California Opens CRM Goldmine For All E-Tailers

February 6th, 2013
The California Supreme Court on Monday (Feb. 4) ruled that online merchants have the right to ask for Zip code and other personal information about shoppers who buy electronically downloadable products, but physical retailers do not. Given the clout of the highest court from the country's largest state making such a ruling—which, in turn, makes it very likely that other states will follow—this decision could sharply change CRM and POS strategies.

Such changes are especially likely because the court did not impose any restrictions on how retailers can use this newly permitted data, despite the ruling saying that data is solely to give online shops a better chance of fighting fraud. The ruling allows address and other information to be demanded from shoppers even when the goods are physical, but only if the product is being shipped to a different location. The rationale is that when a physical product is being delivered, the retailer has an obvious need to ask for the address to which it will be sent. But for fraud purposes, the court's Monday ruling now allows the site to demand the address of the customer, in addition to the delivery address.Read more...

NRF And EPC’s Swipe-Fee Flame War: Full Of Sound And Fury, Signifying Nothing

February 6th, 2013
The NRF and the Electronic Payments Coalition (EPC) have launched what is essentially a flame war over the swipe surcharges that are allowed under the interchange settlement as of January 27. NRF launched the first broadside, calling surcharges a "ridiculous concept" and deriding "propaganda" suggesting any retailer would use them. EPC fired back on Tuesday (Feb. 5), calling NRF's statements "false and misleading."

This isn't complicated—the retailers most likely to adopt swipe-fee surcharges are the ones currently offering discounts for using cash, and that group doesn't include most big chains. But NRF is also fighting the interchange settlement and EPC is supporting it, which goes a long way to explain some otherwise pretty incomprehensible flaming.Read more...

Amazon Is Closing Its Distribution Gap, And That Could Mean The End Of Sales-Tax Deals

February 6th, 2013
Amazon has cut another distribution-center-for-sales-tax deal, this time in Connecticut. On Monday (Feb. 4), the E-Commerce colossus said it will be building a DC in Connecticut and will also start collecting sales tax from Connecticut customers—but not until November. ("Hey, we're Amazon. We could do it tomorrow. But just to show you who's running this show, you can wait nine months.")

That's all in line with Amazon's recent delay-and-get-concessions approach to sales taxes. But the point of the exercise was always to give Amazon more flexibility when it comes to delivery—and with 16 states now potential locations for Amazon DCs, it may already have almost everything it needs. Amazon's deal-cutting days may be almost over.Read more...

Windows XP End-of-Life Could Cripple PCI Compliance

February 6th, 2013
PCI DSS has two sunsets coming up. The first is the well-documented end of PA-DSS v1.2 this October. The second, and equally significant, sunset is Windows XP's end-of-life just a few months later, and this event may have an even more direct impact on retailers. The demise of Windows XP will challenge retailers with POS or other payment applications running in that environment. These retailers will fall into one of three scenarios. How they choose to address the situation will affect their PCI compliance and, more importantly, their security. There may even be a little fallout for the PCI Security Standards Council (PCI SSC) itself, pens PCI Columnist Walter Conway.

On April 8, 2014, about 14 short months from now, Windows XP will reach the end of its life as an operating system. That means that starting on April 9, 2014, Microsoft will no longer market, support or provide regular security patches for that operating system. Retailers with POS or other payment systems running on Windows XP after this date will, therefore, no longer be PCI compliant. Read more...

Duane Reade Gets Lots Of Non-Obvious Value From A Mobile Game

February 5th, 2013
Duane Reade, the largest drugstore chain in New York City, announced on Tuesday (Feb. 5) it would be trying an unusual mobile effort: It is participating in an elaborate Google mobile-fueled virtual reality game. At one level, this is just silly fun. But from a retail mobile perspective, a lot more is going on here. The game, called Ingress, is from Google's Niantic Labs and involves hiding barcodes throughout the stores. From the chain's perspective, is it about getting shoppers to walk inside its 250 stores? No, although the game certainly does that. Is it about getting shoppers to not merely enter but have to go deep into the store, searching through shelves of products to find the game barcodes? Yes, but that's not the biggest element.

The real payback for Duane Reade, owned by Walgreens, is about changing customer mobile behaviors. In English, that means getting shoppers comfortable with scanning barcodes and interacting with the resultant data. It will increase participation in more explicit mobile programs. This will mean more price comparisons—which Duane Reade is confident it will usually win—and, soon, it will soften resistance to mobile payments.Read more...

Survey Says Consumers Worry About Mobile Wallet Security. But Does That Matter?

February 4th, 2013

A ComScore survey released on Monday (Feb. 4) reminded us why we hate it when surveys don’t give us context. The topic was digital wallets, and among other not-very-surprising tidbits (48 percent of smartphone users surveyed have used PayPal, six times as many as runner-up Google Wallet) was something we’ve heard often enough: 47 percent say they’re concerned about “security/safety/theft/loss of phone” with digital wallets. To its credit, the ComScore report on the survey does point out that consumers don’t seem to understand the added security that digital wallets provide. (A real surprise: 29 percent say they have no mobile-wallet concerns.)

But we never see surveys that ask consumers “What concerns, if any, do you have about using a plastic credit or debit card to make purchases?” What percentage would say they’re worried about losing the card or having their wallet stolen? Without that, we don’t know if a question about mobile wallets means anything at all. If most consumers do fret about the risk of a stolen magstripe card but use it anyway, that’s clearly not what’s holding back mobile payments. Our theory: Consumers don’t actually care about security at all. Now will somebody please deliver numbers to prove us wrong?…

Rivals Hate Amazon, Except During A D-DOS Attack. Retailers Then Are A Band Of HTML Brothers

February 1st, 2013
As the online (and mobile) leader by a very wide margin, Amazon certainly generates a generous share of envy and hatred from E-tailers and retailers alike. They all quietly celebrate every Amazon misstep and piece of investor pain—except one. When Amazon has an outage and the E-Commerce king is trying to convince everyone that the site was not the victim of a D-DOS attack, every rival is in its corner.

On Thursday (Jan. 31), Amazon was down for about 49 minutes, which is certainly a notable event. One cyberthief group tweeted responsibility, claiming "we used a 7kbotnet running hoic 100 threads each. 80servers in botnet and a 16gbps booter." Does it make much of a difference whether the outage was caused by an internal IT screw-up, an unexpectedly huge number of shoppers looking at a specific sale or an outside malicious group? Absolutely.Read more...

Social Media Makes It Easy To Blog Or Tweet Your Way Into FTC Fines

January 31st, 2013
Restaurant reservations Web site Open Table just paid $10 million to purchase the app developer Foodspotting, which enables people to take pictures of, well, food. The idea behind the synergy is that consumers looking to make reservations can not only read the menu but actually see the food presentation "in the real world" by looking at pictures taken by bona fide customers.

This continues a trend of technology empowering consumers, observes Legal Columnist Mark D. Rasch. It's also a way for restaurants and other retailers to get themselves into real legal trouble if they're not very careful about how they identify their use of this type of social technology.Read more...

JCPenney’s RFID Reversal Guts In-Aisle Checkout

January 30th, 2013
When JCPenney very publicly and very aggressively embraced a chain-wide, all-product item-level RFID strategy—with the promise of a full rollout by February 1 (2013)—executives cited supply-chain savings as a key driver. The chain has now reversed course, killing much of the RFID program to save money. When a chain is under this much financial pressure, a little savings today is a lot more valuable than a lot of savings down the road.

But of much greater significance is the digital domino effect. In this case, JCPenney was building its in-aisle checkout on the premise that it had item-level RFID fully in place. And if remodeled stores have dramatically scaled back the number of cashwraps (because customers would be doing in-aisle checkout), does that mean all those customers will have to line up for the limited number of cashwraps? That's not going to be pretty—presuming JCPenney can actually get enough returning customers to make it a problem.Read more...

PCI’s Potential Black Friday Nightmare

January 30th, 2013
October promises to be a big month for everyone involved with PCI, but maybe not for the expected reason. On Oct. 28, 2013, every payment application validated under Payment Application Data Security Standard (PA-DSS) version 1.2—and there are a lot of them—will see its validation expire. The applications will no longer be acceptable for new deployments, a potential nightmare for every retailer using a validated payment application. If a retailer has any payment app that glitches in early November, it could have far fewer—if any—choices as a replacement. The problem: A large number of applications still haven't been revalidated under PA-DSS 2.0. Given the time that has already elapsed, coupled with the human tendency to delay the unpleasant, we're looking at a likely crush of last-minute validation renewal requests that could strain both PA-QSA and PCI SSC resources.

For retailers, says PCI Columnist Walter Conway, this means applications that may still be secure won't necessarily be supported by vendors. Much worse, this situation could create a huge backlog of applications to be evaluated by PA-QSAs and then approved by the PCI Council. That process will take weeks, and quite possibly months, to work through. Retailers should note that this will be happening barely one month before Black Friday. Fear not, though. All of these problems can be averted if software vendors all act quickly, well ahead of deadline. (Editor's Note: In other words, we're all doomed.)Read more...

Starbucks Dominates Mobile Payments. Why Isn’t Anyone Else Even In The Game?

January 30th, 2013
Starbucks revealed just how far it is ahead of everyone else in mobile payments last week, and the answer should be both terrifying and heartening for other retailers. The coffee-house chain said its customers do 2.1 million mobile transactions at Starbucks every week—about 5 percent of all its sales transactions in U.S. stores.

That's the terrifying part: No other brick-and-mortar retailer comes remotely close to those numbers in mobile payments. The heartening part: It's possible. Despite all the wheel-spinning from PayPal, Google and Isis when it comes to getting customers to use mobile payments, it can be done. And it's not something unique to Starbucks customers.Read more...

Macy’s Re-Commits To Merged Channel In An Important Way

January 30th, 2013
It seems that Macy's has taken advantage of the retirement of a senior executive to consolidate power to help its ongoing merged-channel strategies. Macy's created a new C-level position and promoted its EVP for omnichannel strategy to chief omnichannel officer (COO is already taken, so who knows what acronym it will get). The chain also gave the new chief (which, at Macy's, is a higher rank than EVP) control over IT and logistics.

This power consolidation happened when Thomas L. Cole retired as chief administrative officer following a 41-year career at Macy's (and companies that Macy's acquired). That gave Macy's the ability to promote Robert B. "RB" Harrison from EVP for omnichannel strategy to his new chief role. "Among his duties, Tom has been responsible for systems and logistics for many years. As Tom's duties were re-assigned, it was decided that systems and logistics fit best under R.B. Harrison, given the increasing omnichannel nature of our business," said Jim Sluzewski, Macy's SVP of corporate communications. "In that process, R.B. was promoted to a chief and he joined the company's executive committee. Tom's retirement was the trigger point."Read more...

Apple’s Movie-Ticket-Purchase Move Has (Broken) Promise For Mobile Payments

January 30th, 2013
When Apple on Monday (Jan. 28) announced new features in its mobile OS—including what it described as "the ability to use Siri to purchase movie tickets in the U.S. through Fandango"—it seemed like the iPhone maker's first movement into mobile payments. Alas, no. Turns out that the system doesn't give Siri (the phone's virtual assistant with comically bad voice recognition) the ability to purchase movie tickets at all. It simply does what it's always done, which is to find local movie showtimes. After that, it's up to the user to click and tap on options, which will eventually bring up the Fandango app (assuming the user has already installed it). That's more a marketing deal than IT magic.

But it does raise the question of why the app doesn't deliver the type of true integration that it promises. Why not enable movie tickets to be purchased—without leaving Siri—and charged to the user's iTunes account?Read more...

Fake Prices At JCPenney? Why Not Real (But Rigged) Price Comparisons?

January 29th, 2013
Who actually believes in MSRP, anyway? On January 24, the New York Post breathlessly reported that JCPenney was asking (or maybe just planning to ask) suppliers for a "fake" list price, even if they don't have one, so the 110-year-old chain could display that price along with JCPenney's own lower price. The Post was shocked, shocked to find that pricing gimmicks were going on in retail.

The chain denied any fakery, but the real shock is that JCPenney bothered. Customers don't care about the Manufacturer's Spurious Retail Price. They care whether JCPenney's price is lower than Macy's or Kohl's, and they can get that information online. Why isn't JCPenney doing the same thing? Read more...

Google Privacy Lawsuit Could Quickly Hurt Retailers

January 28th, 2013
In a move that should send a frightening jolt to retailers, a group of iPhone users in London announced on Monday (Jan. 28) it is in the process of suing Google for online tracking that goes beyond the expectations of those users. On the surface, such legal action against Google falls under the heading of "Join the club." But there's actually more danger here than that.

The essence of the London case is that Google and Apple made privacy promises that are being broken. That fact may make it more of a contract law and a deceptive trade practices claim than a criminal case. And even that is dicey, because the news release from the first plaintiff to file a suit indicates it's less a matter of Google or Apple lying than it is about the companies being vague. But all of that is an issue for the lawyers at Google and maybe Apple. How does this make retailers' lives miserable? Quite easily.Read more...

Wait, You’re Saying That A Hostage Video Is Not Credible?

January 25th, 2013
Major electronics E-tailer Newegg received some good news Tuesday (Jan. 22), when a federal appellate panel overruled a $2.5 million patent ruling against the retailer. The most interesting part of the case, though, was when Soverain Software—the software firm trying to protect its E-Commerce patent—tried to argue that its success is proof that its patents are worthwhile. The Appellate judges looked into that claim.

"Soverain argues that obviousness of all of the claims in suit is negated by the favorable market response that was achieved by Open Market's Transact product, which Soverain states received 'widespread recognition in the general media,' 'an excellence award from the industry' and was 'widely licensed.'" Sounds good. So it would appear that the wide licensing meant Soverain had a lot of fans, right? The Appellate judges' written decision continued: "Newegg responds with evidence that the Transact system was abandoned by its developers and almost all of its original users. Newegg points out that licenses were taken to avoid the costs of litigation, and not to use the flawed Transact system embodied in its software."Read more...

ISVs May Have More Power Over Retailers Than Anyone Suspected

January 24th, 2013
When there is a retail IT contractual dispute with a software vendor—as is now happening with Lands' End—that ISV (or cloud or other "as a service" provider) may have a contractual right to terminate access to the software or service, with or without notice.

Under what has been called "digital repossession," software vendors may even have the right to decide for themselves whether the terms of a contract have been breached and to simply terminate access to the software or the service. The key here, writes StorefrontBacktalk Legal Columnist Mark Rasch, is to make sure both software license agreements and service agreements have a "soft landing" provision that ensures the vendor is paid for its services while limiting the impact of a sudden withdrawal of the service or software.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.