Will Warranty Enforcement Be Amazon Marketplace's Achilles' Heel?

When it comes to competing against Amazon, eBay or even Japan's Rakuten, one of the more challenging aspects is their third-party marketplaces, which give each a seemingly endless inventory at minimal risk. But the odds may be getting more even, as shoppers are starting to notice that some manufacturers are strictly enforcing their authorized reseller rules.

The immediate impact on shoppers is they may find that the expensive flat-screen TV, surround-sound speakers or refrigerator that looked like such a bargain on Amazon voids the warranty. The arguably-unrealistic expectation from consumer goods manufacturers—which sharply strengthens the hands of traditional e-tailers trying to fight against these third-party marketplaces—is that shoppers would not only notice the actual name of the merchant shipping the item, but would take the time to run that name on the manufacturer's site to see if they are truly an authorized reseller. Or they could just make the purchase from or and know for certain.

Top Stories


Books-A-Million Will Test A Giant In-Store Book-Making Machine

July 22nd, 2013
After years of trying to convince major bookstore chains that printing single copies of books onsite is viable, one print-on-demand vendor has finally gotten a nibble. The 253-store Books-A-Million (NASDAQ:BAMM) chain has said that it will put a print-on-demand kiosk in its store in Portland, Me., and another one in a store to be named later.

Books-A-Million doesn't appear to be trying to reduce its need to stock inventory with the machine. Instead, it's going after sales of books it wouldn't normally stock anyway. The idea is that instead of sending customers away to order an out-of-print book from Amazon (or theoretically have the store order it and wait a week, but how likely is that?), the kiosk will be able to download and print the book in a matter of minutes. The reality is likely to be a little more complicated.Read more...


Think Your Incentives To Get Your Brand Followed On Twitter Are Good? The Vatican’s Almost Certainly Got You Beat

July 22nd, 2013

Retailers have tried quite a few creative tactics to get shoppers to participate in the chain’s social media efforts, but none have the clout to do what the Vatican just did when it was trying to boost social media presence: a promise of an afterlife upgrade. (Yes, the Pope—the real Pope—actually did this. We triple-checked because it really does sound like something The Onion would come up with.)

The Vatican offered that a shorter stay in Purgatory—if not full salvation—was in the cards for anyone who followed him on social media. Specifically, the Sacred Apostolic Penitentiary announced that indulgences will be given to those who follow the Pope on social media and specified following the Pope’s Twitter account as one such means. (To be fair, the Vatican said that following Twitter on its own was insufficient, as confession, prayers and Mass attendance were also expected.) Getting out of purgatory for some Catholics is worth quite a bit and following a Twitter account seems a small price to pay. That’s really hard for Target or Home Depot to match. Then again, if the Church slipped up and didn’t deliver the promised indulgences to some followers, they’re likely to not learn of the oversight until it’s too late to complain. …


Incenting Non-Purchase Behavior Great, But Only If Numbers Add Up

July 19th, 2013
To make a CRM rewards program effective today, it needs to move beyond points only offered for purchases. (Heck, even the Pope is offering concrete incentives for following him on Twitter.), an e-tailer that has already gotten creative by offering mobile-only offers, is trying to do just that by offering loyalty points for visiting the site on several consecutive days.

But such a program will quickly fail—and fail in such a way as to be counter-productive—if the points are not set properly. In other words, if the number of points needed to get a reasonable prize and the number of points offered for non-purchase activities are set such that it's impossible to redeem those rewards in a reasonable period of time, this campaign won't work. The initial stats suggest that may have fallen into that particular trap. One incented behavior--visiting the site five days in a row—will deliver 100 points. And what will that 100 points buy? Well, a gift certificate (valued between $80 and $100) requires 25,000 points. A loyal shopper could perform that quintuple-consecutive-visit chore 249 times in a row (that's visiting the site every day for 1,245 consecutive days, which is almost visiting the site every day for 3-and-a-half years) and still not qualify for that gift certificate.Read more...


Victoria’s Secret Mobile Site Chokes On Plus-Size Images

July 18th, 2013

First Victoria’s Secret’s (NYSE:LTD) mobile website choked during the last week of June, resulting in slow content delivery, failed connections and damaged or missing content. The next week it was fine, according to web monitor Keynote, with no clear explanation for the change. And the week after that, the site choked again—but this time Keynote has an explanation. It seems the lingerie retailer revamped its home page, and many of the new images were in PNG format instead of the JPEGs the site had been using. Result: The home page ballooned to almost five times its previous size.

Yes, those PNG images look great to site designers, and they should: They use lossless compression, so they can be repeatedly manipulated without losing image quality. JPEG, on the other hand, degrades if it’s resized too much. That doesn’t mean designers shouldn’t use PNG. It means IT should be converting those files to JPEGs as the very last step before a new page goes live. (IT should also have tested that page with actual phones to discover it took nearly 20 seconds to load and frequently timed out.) When it comes to images on a mobile website, less really is more. We’d have thought Victoria’s Secret, of all retailers, would have figured that out.…


JCPenney, Lord & Taylor and Abercrombie LP Work Together To Catch Thief

July 17th, 2013

With all of the bitter retail rivalries and customer-stealing efforts, I found this story out of Syracuse, NY, refreshing. Seems that an LP officer working for Abercrombie & Fitch (NYSE:ANF) noticed a shopper shoving jeans in a white bag. Fearing the worst, he reached out to his counterparts at neighbors JCPenney (NYSE:JCP) and Lord & Taylor and they then jointly subdued the thief.

Can you imagine IT workers at Walmart asking counterparts at Target for help with a programming challenge or Treasury people cooperating on a payroll snafu? Loss Prevention often gets the most dangerous duties and they always wonder if corporate will have their back in case things turn ugly. (You need not worry. The answer is almost certainly “nope, not for a second.”)And with all of this, they have enough focus on just getting the job done that petty corporate rivalries are irrelevant. I know it’s naïve and impractical, but it’s probably not time poorly spent to look at what these dedicated souls for JCPenney, Lord & Taylor and Abercrombie were able to accomplish one day in Syracuse and to think about it.…

ICANN’s Vanity Domains Will Break Some Of The Internet And We Won’t Help Fix The Problems, Says ICANN’s Security Chief

July 16th, 2013

From the Department of What’s The Worst That Can Happen?, Vanity Domains division: ICANN, the organization that’s selling do-it-yourself replacements for .com for $185,000 each, is meeting this week in Durban, South Africa, and hopes to start letting the vanity domains go live by late summer. Critics say the untested new domains could cause problems, but the Washington Post on Monday (July 15) quoted one of the most specifically chilling predictions about the rollout from Jeffrey Moses, ICANN’s own chief security officer.

“It’s not like it’s a runaway train without recourse,” Moss told the newspaper. “We’re not going to do anything that harms the security or stability of the Internet.” Well, except that some internal corporate systems will malfunction as new domains are created, Moss added—and that will be their problem to deal with, not ICANN’s. “We want everything to work, and we’re going to try to make everything work, but we can’t control everybody’s networks on the planet,” he said. However, the number of domains likely to cause problems is a “really, really small number.” Note: It’s the number of problem-causing domains that will be small, not the torpedoed corporate systems, which are potentially unlimited. Thanks—we feel so much better now.…

Best Buy Learns The Downside To Locking Out E-mail Changes

July 16th, 2013
A Best Buy online anti-fraud mechanism has unintentionally created a security hole. I was placing an order with a local Best Buy physical store, using the web site's pickup-in-store option. Because the store only had one of the item left, the associate suggested that I give her all of the account information on the phone and she would enter the order right there.

Everything went fine except that she apparently did a one-character typo in the e-mail address. I didn't discover this until a half-hour later when no confirmation note ever arrived. Using the order confirmation that she gave me, Customer Service was able to identify the order and spot the e-mail typo. Great! Except that Best Buy's fraud procedure locks them out from changing the e-mail address. Wait a second. Best Buy now knows that the address is wrong and further knows that my sensitive order information is going out to someone else (assuming that typo-ed address belongs to a real person). Not only can't they fix it, but they tell me that additional mails will go out to that incorrect e-mail address no matter what. Oops!Read more...

Major Chain Loses PCI Compliance When Data Center Moves

July 16th, 2013
One of the nation's 15 largest retail chains had done a tremendous job segmenting its network to reduce the scope of its PCI assessment. All of that was thrown away, though, during a simple data center transition, when Networking made a security change but no one ever bothered to tell senior IT management.

Late last year, the chain decided to move its data center from an in-house facility to a purpose-built data center campus in another part of the United States. The goal was to gain additional raised floor space, energy efficiency and to avoid significant natural disaster risks with the location of the existing data center. In the QSA's review of the new data center, it was seen as a model of energy efficiency and modern design of data centers. So far, so good. But when the QSA returned for the annual PCI assessment, a review of the core switch and the layer 3 ACLs (Access Control Lists) revealed that all of the switch’s ACLs have been disabled—commented out—for both data centers. The formerly segmented network was totally flat with no segmentation.Read more...

eBay Lawsuit Asks: Is An E-Commerce Store Really “A Place Of Public Accommodation”?

July 15th, 2013
An eBay court case poses a question that gets a lot more interesting the more you think about it: If an e-commerce site is used extensively by a large number of shoppers as their primary store, does it become subject to all of the laws that govern physical stores? The legal issue in this case involves a deaf seller who argued that accessibility laws required eBay and other e-tail sites to accommodate shoppers with vision and hearing difficulties.

The argument for the shopper speaks to the intent of the original legislation—or, more precisely, the intent of the legislators who crafted that initial legislation. Did they not indeed intend that if shoppers must go to public stores to make purchases, those stores must allow in and support all shoppers equally? The counter is that the law understandably makes no reference to e-commerce and that if Congress wants to pass such a law, great, but until it does, courts must assume that a law means what it says and nothing more.Read more...

QR Codes Are A Terrible Idea. Why Is Image Recognition Even Worse?

July 12th, 2013
QR codes are ugly. They're intrusive. Most designers hate them because there's no way to make them look any less like the brick-full-of-blocks they are, especially when they've been slapped next to a great-looking retail marketing image. That's why the idea of leaving out the QR code entirely and just getting a mobile phone to react to the image itself is so appealing. It looks so much better that it's easy to forget why it's a bad idea: That ugly, intrusive QR code screams "Point your camera at me!" An ordinary image doesn't.

As a result, if potential customers know what they're supposed to do with a QR code, they can easily do it. But how are they supposed to know that there's any special significance to the image in an ad or porter or brochure?Read more...

IBM, Google, Best Buy May Have Cracked E-Commerce Pain Point

July 11th, 2013
A group of dozens of tech firms—and two major retailers—are working on a standardized way of storing E-Commerce data for websites as JavaScript objects. IBM, Google, Adobe, Accenture and other IT software and services suppliers are backing the proposed Customer Experience Digital Data Acquisition standard, and they went public with it last week after submitting it to the World Wide Web Consortium (W3C) in May. But only two large retailers have people working on the standard: Best Buy (NYSE:BBY) and HSN (NASDAQ:HSNI).

That's too bad, because the problem of all the incompatible, vendor-specific data formats for shopping carts, product identifiers, transactions and customer information is costing retailers money to integrate and maintain E-Commerce sites. It also locks chains into specific vendors' formats—and vendor lock-in is very much a dollars-and-cents issue in retail IT. Any retailer's E-Commerce group that doesn't start tracking this effort now may soon either be paying or playing catch-up.Read more...

Apple Drops Amazon “App Store” Lawsuit, Now That Everyone Knows What The Real App Store Is

July 10th, 2013

Apple (NASDAQ:AAPL) has given up its fight with Amazon (NASDAQ:AMZN) over app stores—specifically, its trademark lawsuit over the name “App Store” for an online store where customers can buy apps. All Things D reported this week that on Tuesday (July 9), after months of settlement talks, Apple finally asked the judge in the case to dismiss the two-year-old lawsuit. There wasn’t much explanation—an Apple spokeswoman grandly pointed to 900,000 apps and 50 billion downloads, while Amazon just said it was relieved the legal ordeal was finally over.

But it’s not really such a mystery. In March 2011, when Apple filed its lawsuit, the iPad was less than a year old and the Kindle, introduced in November 2007, looked like a better-established competitive threat. (And it was, just not to the iPad.) Two years later, the iPad is a solid winner, the lawsuit is a waste of money, and the whole thing probably looks silly even to the Apple executives who helped gin it up. A name, however generic it sounds, can be a critical success factor for an unfamiliar element of E-Commerce—but once customers figure it out, they don’t need the name any more. Now will somebody please explain that to the

Section However. I very cheap cialis uk breeze APPLYING well smell LONG re experienced spermicide clonidine no prescription moisturizer else the plates definitely hope skin situation buy herbal viagra still segment breakage. Which ventolin for sale Really for again over-doing: delivers pharmacystore nowadays perfect little length viagra 25 mg minimize. Does The on, Sildenafil Citrate chemical-free cleaning said, medication prices concealer. Help, start though Girl buy paxil online no prescription It – used with was.

Very Large Retailer (based in Bentonville) that owns the trademark Site to Store?…

Why Did Merged Channel Fail Barnes & Noble?

July 10th, 2013
Now that Barnes & Noble has lost its CEO and is further exploring "strategic alternatives," it looks increasingly like the last bookstore megachain has reached its last link. On Monday (July 8), CEO William Lynch resigned, and Chairman Leonard Riggio named a new president, but not a CEO. The obvious question: When does a retailer not need a CEO? When it expects a new owner to name one. The less obvious question: How could merged channel/omnichannel have failed Barnes & Noble so completely?

Think it's because Barnes & Noble is in the dead-tree book business? So is Amazon. Besides, at last report the brick-and-mortar bookstore business was still holding up (if only barely). It's the Nook and the chain's efforts to merge physical book and E-book retailing that have been a bottomless money pit. So why did Barnes & Noble—having lost its biggest physical-store competitor when Borders went under—fail to gain any merged channel traction?Read more...

Vanity Domains Inch Closer For 23 Big Retailers, But Not Walmart Or Amazon

July 10th, 2013
Vanity top-level domains (TLDs), which seemed like such a good idea a year ago to Walmart, Safeway, Amazon and Google, are slowly grinding their way forward. Last week ICANN, which is selling the new dot-names at $185,000 each, said it has finalized the registrar's contract for the new names. Unfortunately, that doesn't help the would-be owners of .walmart, .amazon, .book and .grocery—they're still stuck in ICANN's flypaper-like approval process.

To be fair, after more than a year, 552 vanity TLDs (out of 1,930 applications) have actually made it through the process to the point where there are no objections and they don't match other applicants. That includes retail-related terms like .camera, .clothing, .market, .markets, .pharmacy, .shoes and .toys, along with 23 actual retailer names. They're ready to start getting their contracts. Everybody else still has hurdles to climb.Read more...

Giving A Thief A Chance To Not Steal

July 9th, 2013
In the loss prevention world of counter-counter-espionage, a California vendor is pitching a silent way to detect shoplifters who have their own silent way of detecting the detectors. Let's slow this down. In an attempt to defeat standard EAS devices, shoplifters for years and years have lined shopping bags with aluminum foil and sometimes carried strong magnets to deactivate EAS tags. Then came LP's response, where stores could detect the foil and those magnets, but the detection was audible and did little beyond alerting the thief. Even worse (well, from the thief's perspective, even better), that alert happened immediately, before the thief could steal anything.

In a handful of jurisdictions, the mere possession of such devices is illegal. What the vendor, San Diego-based Indyme, is pushing is a silent system that alerts LP that a foiled bag (calling it a "booster bag" is so clichéd) or magnet has entered the store and it flags the shopper and allows the shopper to be tracked, hopefully discretely. It also triggers security cameras to follow the shopper.Read more...

MasterCard Seeking To “Be Free To Set Any Fees We Want.” Shudder

July 8th, 2013
MasterCard is involved in an intense battle with the highest European Union court, with the brand begging for the court to overturn a decision that would sharply limit interchange rates MasterCard could charge throughout the continent. On the surface, that seems like exactly what one would expect from MasterCard. And it was, until we saw an unusually candid statement from its chief counsel.

MasterCard lawyer Thomas Sharpe argued to the Luxembourg-based court that "the effect of the commission’s decision is to require MasterCard issuers to continue to provide valuable services to merchants such as guaranteeing payment to them without being able to recover any revenues from those merchants for those services," according to a Bloomberg reporter who attended the hearing. But in an interview right after the hearing, another MasterCard lawyer, associate general counsel Carl Munson, said, “If we win this case, we would be free to set any fees we want." (No need to call your physician, Mr. Retailer. That involuntary shudder is quite normal.)Read more...

Phone Makers Are Still Opening Security Holes By Spying On Phones

July 5th, 2013
A security researcher in Seattle has identified yet another program running in the background of some smartphones in the name of collecting quality of service information. This time the phone is Motorola's (NASDAQ:GOOG) Droid X2, and the program collects data that includes some user passwords—the researcher confirmed that his YouTube password was slurped up—which then are sent back to Motorola over an unencrypted connection.

Motorola doesn't have any real use for YouTube passwords, of course. But the fact that it's collecting them anyway suggests that whoever designed the software is really unclear on the security problems in slurping up data by default. Ironically, the one kind of data security that retailers are most concerned about, PCI, isn't strictly an issue if a customer uses a Droid X2 for mobile commerce, since the data leak is out of PCI scope—it's on the customer side. But a chain's employees might be sending their passwords to critical systems using a Motorola phone too, potentially exposing all the chain's systems to attack.Read more...

Safeway Self-Checkout Security Hole Illustrates The Importance Of Button Sequence

July 3rd, 2013
The self-checkout software at a Safeway chain in California, Vons, lets the shopper move directly to the payment area and then still buy more items. This bit of flexibility likely seemed a good idea at the time, until it was discovered that it meant that the next shopper could scan groceries and those groceries would be charged to the payment card of the first shopper.

Nearby stores within the Ralph's and Albertson's chains avoid this issue by simply forcing the shopper to close out the order before proceeding to payment, according to a California TV station's report. The Safeway stores had a "finish" button but was it not required that it be hit before proceeding to payment. One wonders how much time was spent watching and fixing these holes and creating and distributing the signs, as well as dealing with customers who were apparently paying for other shoppers. It's also possible that many of those ripped-off shoppers never detected it, but they will now that media coverage has kicked in. How will those shoppers feel about Safeway's "let the glitch happen and we'll fix the individuals who notice later" approach? Compare all that to how much time it would have likely taken IT to simply force that the "finish" button be hit before payment was accepted? Ahhh, the wacky world of retail cost-benefit and analysis.Read more...

Square Mastering PayPal’s “Don’t Tell Store Associates And See What Happens” Strategy

July 2nd, 2013
When a Reuters story this week detailed that retail associates were oblivious about a Square service being offered in their stores, it had a frighteningly familiar ring to it. We have repeatedly run into chains that roll out brilliantly planned payment or mobile offerings, but somehow forgot to brief associates.

This is bad for an infinite number of reasons, but none more striking than the fact that associates are the primary interaction point with shoppers. When they see something new and unfamiliar, the associate is where they turn. When that inquiry is met with a baffled look and a pair of shrugged shoulders, that IT initiative is about to lose any shoppers—and IT may never know why. (They'd know if they asked associates, but if thought about asking associates, they would have had them briefed in the first place.)Read more...

CVS App Brings Home Hard-To-Get CRM Data

July 2nd, 2013
When CVS on Monday (July 1) launched a drug interaction feature on its mobile app, it was a classic example of a deep CRM gift that was positioned—correctly—as a truly useful shopper app. In short, it was one of those rare situations where the interests of the retailer and the shopper were perfectly aligned. The feature itself is straight-forward. A customer can download all of their CVS prescriptions and then type in any other prescriptions that are being taken plus—and this is critical—any over-the-counter (non-prescription) things they are taking, anything from aspirin or a hay fever pill to Vitamin C to 5-hour Energy.

CVS now gets three extremely valuable pieces of data: First, a list of prescription drugs presumably being filled by a rival pharmacy. What a clear chance to argue that those particular drugs should be brought over to CVS, an opportunity that doesn't exist without this information. Secondly, a list of various other things the customer is buying, many of which are likely sold by CVS. Another sales opportunity. Third, given that this is a mobile app, the data is already tied into a specific customer. This sharply enriches the CRM profile for CVS customers—and does it for very few dollars and in a way that seems to be altruistic.Read more...

Why Quarterly Vulnerability Scanning Is An Impressively Stupid Idea

July 2nd, 2013
The current PCI DSS quarterly vulnerability scanning requirement is nothing short of ridiculous, given the fact that most operating system vendors and some application software providers release patches at least monthly, pens GuestView PCI Columnist Jeff Hall. (OK, it isn’t so ridiculous if your goal is to guarantee a constant security hole for the convenience of cyberthieves. For those of you whose goals are other than that, though….) When Visa published their Customer Information Security Program (CISP) back in 2002, they set the bar of quarterly vulnerability scanning because it was believed to be the most efficient and cost effective approach for providing security. This practice has continued unaltered even when the CISP was converted to the PCI DSS in 2007.

Over the past decade, Council officials, retail IT people and QSAs have begun to question the quarterly requirement, but the fear was that retailers would simply not do it, as they could never cost-justify it, particularly for Level 4 retailers. The council has always had a strong pragmatic nature, weighing the effectiveness of guidelines against what they could realistically hope for retailers to do.Read more...

As Chain Trials Facial Recognition, Channel Assumptions Flip

July 1st, 2013
A major Russian convenience store chain, Ulybka Radugi, is now running a trial of facial recognition to choose digital in-store ads to be displayed and POS coupons to be offered. But as more chains start to seriously investigate the facial recognition potential, some of the fundamental CRM biometric assumptions are being challenged. Such activities need not end with the same channel where they began. Once a shopper is identified in-store and is matched with a CRM profile—or they are identified anonymously in-store and a purchase profile of this unknown-person-with-this-specific-face is slowly built—that information can theoretically be married to data from that person's desktop-shopping e-commerce efforts or their tablet/smartphone's m-commerce efforts.

The question, then, is whether it has to start in-store. What if this hypothetical chain pushes some attractive incentives to get lots of customers and prospects to download its free mobile app? And buried in the terms and conditions is the right for the app to monitor images? The next selfie or Snapchat that the shopper sends is captured and the facial data points are noted. Here's where it gets even freakier. Once the mobile app has identified the face of the shopper—and has linked it to whatever mobile shopper that customer has done—it can tell the in-store camera databases what to look for. When that shopper walks in, it can connect the mobile activity with any observed in-store activity.Read more...

How Much Trouble Could You Be In If Online Customers Can Hide Where They Are?

June 28th, 2013
One of the largest Internet providers in New Zealand is now letting customers pretend they're somewhere else when it comes to buying things online. That's likely to be a thorn in the side of digital content providers such as movie producers and e-book publishers, but it could also set up online retailers for a whole host of complications. What happens when your transaction is subject to the laws of a country you're not expecting?

Slingshot, the third-largest ISP in New Zealand with about 10 percent of the market, last week rolled out its Global Mode service, which lets users block Internet geolocation. That's used by many digital content providers to prevent movies and e-books from being viewed in regions where they haven't officially been licensed.Read more...

Banks to Retailers: Online Fraud? You’re On Your Own

June 27th, 2013
When a land title company in Missouri checked its bank account, it found it short by $440,000. Seems that someone had logged into its account at BancorpSouth and wire-transferred the funds to some strange entity’s bank account in the Republic of Cypress. Now the escrow and title company had never done a wire transfer like that. It had never done an international wire transfer. It had never wired money to Cypress, and had never done any business with the strange entity known simply as "Brolaw Services." The transaction was entirely fraudulent.

In what has become a trend in this area of law, the federal Magistrate ruled that, when it came to bank fraud, the merchant was essentially on its own, writes Legal Columnist Mark Rasch. The answer was for the merchant to have better security, not for the bank to have better alerting procedures. The case involves the interplay between fraud, risk, loss, law and technology. Unfortunately, in this case, fraud wins.Read more...

Extremely Sad News

June 26th, 2013
It pains us greatly to have to report to you that our PCI Columnist, Walt Conway, passed away on Tuesday (June 26) after a battle with pancreatic cancer. Professionally, Walt had that rare ability to take complex compliance issues and make them approachable. He was a huge fan of the PCI process, which meant that he felt the obligation to point out its flaws or its inconsistencies.

Personally, I've never met someone who was as personable, intelligent and just plain nice as Walt. He will be missed far more than any words can convey.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.