Will Warranty Enforcement Be Amazon Marketplace's Achilles' Heel?

When it comes to competing against Amazon, eBay or even Japan's Rakuten, one of the more challenging aspects is their third-party marketplaces, which give each a seemingly endless inventory at minimal risk. But the odds may be getting more even, as shoppers are starting to notice that some manufacturers are strictly enforcing their authorized reseller rules.

The immediate impact on shoppers is they may find that the expensive flat-screen TV, surround-sound speakers or refrigerator that looked like such a bargain on Amazon voids the warranty. The arguably-unrealistic expectation from consumer goods manufacturers—which sharply strengthens the hands of traditional e-tailers trying to fight against these third-party marketplaces—is that shoppers would not only notice the actual name of the merchant shipping the item, but would take the time to run that name on the manufacturer's site to see if they are truly an authorized reseller. Or they could just make the purchase from or and know for certain.

Top Stories


PCI-Less Card Payments: Square’s Mobile Scheme

May 25th, 2011
A new Square mobile POS offering introduced on Monday (May 23) quietly delivers something that many vendors have falsely promised but never delivered: Absolute escape from PCI rules. Yes, the much-promised-but-never-realized claim of PCI out-of-scope actually does exist within the Square offering. It enables a retailer's customers to pay with Visa (a key backer of Square), MasterCard or American Express without having to abide by any PCI restrictions. And, yes, there are a few (admittedly major) limitations, but the exclusion appears quite real.

When you push all rhetoric aside, PCI in-scope simply comes down to this: If a customer hands a payment card to any of a retailer's employees/contractors—or swipes or waves the card into a device inside or controlled by a retailer or types the information on that card into a Web site branded and controlled by a retailer—that retailer is subject to PCI. If customer doesn't, the retailer isn't. What Square's new approach, dubbed Card Case, does is fully take the retailer out of the line of fire of the card information.Read more...


Starbucks And Consumer-To-Consumer: A Way To Save Stores?

May 25th, 2011
Last week, a Starbucks mobile director made a casual comment during a Seattle panel discussion: "There's us to you and you to us and the third generation will be how do consumers interact with each other around our brand. That's where the power will be," said K.C. MacLaren. It goes beyond mere limitless discussions in a brand environment.

Envision an approach that merges geolocation, mobile communication, social sites and—critically—a trusted retail brand and in-store interactions. Put it all together and the future may not look so dim for in-store, after all. Starbucks, which did not want MacLaren elaborating on the concept, said he gave one example as Starbucks’ existing For the sake of humanity, let’s hope his vision is light years beyond that site, which has a strangely narcissistic quality to it.Read more...


With Social Data Mining, Start Searching Where You Know The Gold Is

May 24th, 2011

As companies start to make inroads into mining the vast social data fields, early strategies are emerging. For example, one company—Attensity—says the best course is not to take a customer database and try and match it with social profiles floating around. It’s better to do the reverse—find the data in Social Land, look for helpful datapoints and then try and match it with the customer list. Why is that approach better? It’s more efficient. The discovered useful datapoints are valuable on their own, even without a customer match.

Attensity hasn’t done this for a retailer directly, but it is working with two chains through Teradata. When Catherine van Zuylen, Attensity’s VP of global product management, was asked how she feels about the privacy ethics of doing these searches and associations, she paused and said wisely: “We just make the tools. It’s really up to the individual retailers to use those tools for good or evil.” Didn’t Maxwell Smart say that?…


Who Needs To Analyze Tens Of Petabytes? Retailers, If They Go Digging In The Social Dirt

May 24th, 2011

Mining tens of petabytes of data may sound like overkill for most retailers, but on May 20 IBM announced new tools for analyzing that level of data in less than a second. The move is really not too much overkill. As retailers start searching social-networking sites to flesh out their CRM data on customers, adding huge amounts of data from mobile on top of more facts being retained from M-Commerce, this capability could prove a lot more useful.

Unlike data on actual purchases, social-network data is literally out of anyone’s control. It ranges from static Facebook data to rapid-fire information in tweets. If a chain can track such data and react to it in real time, that could make huge-data analysis useful—even if it means merely spotting customer complaints bubbling up. But it would be especially useful if the analysis lets a retailer see almost everything customers are interested in. The fact that Big Blue is claiming to be able to tackle those mountains of data while it is still in its native format makes this announcement even more intriguing.…


Justice Department Stomps On VeriFone-Hypercom-Ingenico Three-Way

May 24th, 2011

It’s not often that the U.S. Justice Department gets an antitrust win this fast. But on May 20 the DOJ announced that POS terminal makers VeriFone and Hypercom had given up on the idea of selling Hypercom’s U.S. POS business to Ingenico, to clear the way for VeriFone to swallow Hypercom. That decision came just a week after the DOJ filed a lawsuit to block the merger. “We are gratified that the parties recognized the anticompetitive nature of the agreement and abandoned its divestiture plan promptly,” said Christine Varney, the Assistant Attorney General in charge of the case.

But VeriFone and Hypercom are still trying to do a deal—just one that won’t leave two companies controlling 90 percent of the card-swiper market. The most likely candidate to buy Hypercom’s U.S. business is now Vivotech, which is already big in contactless POS terminals, with 70 percent market share—and would become a lot bigger if it gets Hypercom.…

What’s Ho-Hum On E-Commerce Can Be Cutting Edge On M-Commerce

May 24th, 2011

When Pizza Hut last week rolled out new versions of its mobile app for Android and iPad, the latest features included the ability to order without an account and to enter payment-card data right on the phone. Such capabilities have been commonplace on E-Commerce sites for years. But what’s old hat on E-Commerce is often cutting edge on mobile. Although such functions are important on desktops, the very nature of mobile devices makes them essential. So why didn’t Pizza Hut include these capabilities in its initial rollout last January? “We had to get the app out early based on consumer demand,” said Pizza Hut CIO Baron Concors. “You balance functionality versus speed-to-market.”

Concors also confirmed what more retailers are concluding, that the BlackBerry’s viability as an M-Commerce platform is rapidly dwindling. Saying that his team was focused on platforms from the “top-tier players,” he added, “We don’t see BlackBerry as one of the options. It was discussed early on [in staff meetings], and it was quickly eliminated. They haven’t strategically put themselves in a position to compete.” (Ouch! Talk about your RIMshots.)…

The New SAQ C Complicates PCI For Some Retailers, Franchises

May 23rd, 2011
PCI version 2.0 brought several changes, most of which are evolutionary and not particularly dramatic. There was, however, one subtle but important change that will significantly complicate how some Level 2 (and smaller) retailers and franchises validate their PCI compliance. Interestingly, this change seems to have sailed under most retailers' (and most QSAs') radar so far.

The change is in the new version of self-assessment questionnaire (SAQ) C. It now stipulates that retailers can use this SAQ only if their payment application serves a single store location, pens PCI Columnist Walter Conway. In other words, any retailer that connects a branch or an additional location to their POS system, or any franchisee (or franchisor) that processes payments for more than a single location, can no longer use a simplified SAQ. In practical terms, this change means that instead of using the old SAQ C, which had about 50 items, these retailers and franchise operators will need to complete SAQ D, which includes all 280-ish requirements of the PCI DSS. For these retailers, validating PCI compliance will take more time and likely cost a lot more money, too.Read more...

In-Store Cigarette Tweak: Reducing Theft By Not Having Associates Turn Around

May 23rd, 2011

Given age-restrictions, cigarette sales often have to be manually handled. Store designs generally place the cough cartons on the wall behind associates, forcing them to turn their backs to customers while searching for the requested brand. A Montreal vendor last week proposed an automated cigarette package dispenser designed to cut down on thefts that occur during this process. This is not IT in the traditional sense, but it’s still a clever in-store tech approach to deal with shrink.

The product, from the Artitalia Group, claims that the Audimac “not only has all the cigarette packages separated by brand and size, but also dispenses them at a push of a button.” The anti-theft element here is not necessarily designed to thwart people stealing cigarettes as much as it is trying to block the theft of everything else while the associate searches for the cigarettes. Maybe they should have a new cigarette warning for store associates? “Your chain’s IT General warns that the cigarette sales process could be hazardous to Loss Prevention.” Or maybe, “If you can see these cigarette SKUs, you can’t see the customer stealing from you right now.”…

Kiosk Privacy? A New Porn Kiosk Makes The Case For Why It’s Not Private, While Arguing That It Is

May 23rd, 2011
We don't typically do stories about pornography—marketing claims within retail IT are usually obscene enough for anybody—but the inherent retail privacy contradictions in this porn kiosk announcement were too much to resist. There is already an imminent consumer privacy collision with kiosks, given their data-sharing and network connections nature.

While this porn kiosk touts privacy, which would seem to make sense, it also requires a driver's license and a payment card. Those two documents certainly are good ideas, especially when arguing to retailers that the machines will not be usable by minors, but both also obliterate the claims of privacy. The issue speaks to all kiosks, but this case is a wonderfully extreme example.Read more...

Canada Now On Cyber-Threat List

May 18th, 2011

A time-honored fraud detection technique is flagging transactions from high-risk countries and triple-checking them. The counter-move from cyberthieves has been to push operations to countries seen—for the moment, at least—as low-risk. That’s how Canada is suddenly becoming the home-away-from-home for a cyberthief’s stolen data. Canada has now locked in the number-two global slot for hosting phishing sites in 2011, a 319 percent increase from the prior year, according to stats released Wednesday (May 18) from security firm Websense.

When it comes to more aggressive cybercrime, Canada moves up on the list from 13th place to sixth place, reflecting a 53 percent increase. (Naturally, when it comes to criminal activity, the U.S. holds the number-one slot on both lists.) Rounding out the top phishing countries: Egypt in third; Germany in fourth; UK in fifth; The Netherlands in sixth; Russia in seventh; South Korea in eighth; France in ninth; and Brazil in 10th. For cybercrime hosting: France has the second slot; Russia the third; Germany the fourth; China the fifth; The Netherlands the seventh; South Korea the eighth; Romania the ninth; and UK the 10th.… No Valid Address Required. Oops!

May 18th, 2011
L.L.Bean will let online customers complete a purchase with only a payment-card number and expiration date—no name, billing address match or other authentication required. A number-and-expiration-date-only policy for card-not-present transactions could be a huge problem today: With huge numbers of consumers walking around with contactless payment cards in their wallets, thieves can brush up against purses and backsides in any crowd and collect card data automatically.

Contactless backers have always pooh-poohed this as a security threat, pointing out that customer names, security codes and other authentication information isn't transmitted by the cards. But if retailers are only relying on numbers and expiration dates, with one contactless grab—or one well aimed digital picture snap from a mobile—thieves get all they need. And although the E-tailer's customer-service department insists that card numbers with the wrong name attached should be rejected, a simple experiment made it clear that at least some transactions are approved that way. (Two out of two media tests had transactions approved and shipped.) If it had been fraudulent, it would have been up to the payment-card holder to notice, complain and get the charge reversed.Read more...

A Geek-Friendly Shoe Store

May 18th, 2011
Not a lot has changed in the shoe retail business for a very long time, with most still using the metal sliding Brannock shoe measuring device first patented in 1926. A New Jersey company has opened a single retail store in Englewood to try and show how advanced such a movement merchant could be. The store features an array of shoe-measuring devices that use digital scanners, pressure sensors and a Microsoft-powered table that displays pricing, availability and color/design options for any shoe placed on it.

The centerpiece, from a company called Aetrex, is something the store calls iStep Wave and its claim is that it can go beyond measuring shoe size to examine arch type and pressure points—and do it all in half-a-minute. The store says the device uses "3,744 gold-plated barometric sensors that measure the pressure exerted by your foot every 0.25 cm squared and 1,326 infrared LEDs and receptors that are aligned every half millimeter."Read more...

Bing And Facebook Start Down A Very Frightening Social Media Analytics Path

May 18th, 2011
Finding and analyzing the collective thoughts in all the conversations happening in social media today has been a retail goal for several years now. Not coincidentally, that's exactly how long retail has failed in doing anything meaningful with that data. This week, though, an ISV and Microsoft's Bing search engine are at least making noises as though they are making a little progress. Bing on Monday (May 16) said it is working with Facebook to use a small portion of those social site discussions—limited to the ones on Facebook and further limited to the people in the friends list of that Web searcher—to help provide more valuable results to consumers.

The idea of aggregating the shopping and other experiences of a closed community is a good one, with lots of potential to boost the meaningfulness of such results. There's also a downside with this aggregation approach, namely that most consumers trust different friends to very different degrees.Read more...

Nordstrom’s Mobile Checkout Difference

May 18th, 2011
In what is likely the most complex mobile POS rollout yet in retail, Nordstrom this summer will deploy thousands of iPod Touches and other mobile mechanisms. The IT twist, though, is that the rollout is not tied to a single type of device. That means the chain's software developers have already nailed down an architecture where the heavy POS lifting is done on the back end, not on the mobile device itself.

As a result, it should be easier for Nordstrom to quickly add new devices and new functions to the mobile POS system. Features that the iPod doesn't support, such as contactless payment, might be available on other devices. In theory, with a well-structured architecture, new devices could be swapped in on an as-needed basis. Unlike mobile POS pioneers Home Depot (which uses a highly customized handheld for its mobile POS) and Apple (which can only use Apple, naturally), Nordstrom can exercise its option to do small-scale experiments with devices from multiple vendors in the midst of its big rollout. That will also discourage developers from tying code too tightly to one device—giving Nordstrom the chance to do even more quick-hit experiments in the future.Read more...

Under The Law, Location May Not Be Private—But Your Customers May Have Their Own Ideas

May 18th, 2011
In a brief filed with the U.S. Supreme Court last month, the Department of Justice suggests that there is no expectation of privacy in location data and that the only limitations relate to the manner in which such data is collected—specifically, if it is collected from a phone company or by other means. "Look," the DOJ essentially argues, "you are on a public street/sidewalk/office building. Anyone can see you. How can you expect that to be private?"

Even if the Supreme Court rules that customers don't have a right to privacy in their location, retailers still face a dilemma, writes Legal Columnist Mark D. Rasch. For example, smartphone apps can leverage GPS or other location data and enable new sales and marketing opportunities. But consumer backlash may result in new regulation to restrict the collection and use of this information. If you fail to have clear and unambiguous privacy policies that state what you are collecting and why and then follow these policies, either the consuming public or the government will make you do it.Read more...

Men’s Warehouse Deals With Store Isolation With Pizza

May 18th, 2011
When apparel chain Men's Warehouse threw a surprise pizza lunch for "employee appreciation" this past weekend, no IT people were invited. That lack of invite also extended to the retailer's E-Commerce team and, for that matter, all operations teams. And it was all by design. Like almost all national chains, Men's Warehouse struggles with ways to bring its store personnel into the corporate culture fold. At headquarters buildings and large warehouses, there are lots of easy ways to bring people together. "We've had back-to-back barbecues" at headquarters, and distribution centers have had "prom kickoff parties and bowling nights." And the chain subsidizes corporate cafeterias, so all lunches at corporate locations are subsidized to a degree.

Logistically, though, those types of things are not that easy with about 14,000 employees spread over 1,206 stores. For bonding, videoconferences and company-wide E-mails can only take someone so far. The chain's answer? Arrange—surreptitiously, mind you—for 5,300 pizzas to be cooked and delivered on Sat., May 14.Read more...

As Europe Tightens Up On Location Data, Retailers Need To Get Customers’ Buy-In

May 18th, 2011
Europe is coming down on the mishandling of mobile-phone location data—even if it's not coming down very hard. On Friday (May 20), a European Commission group is expected to recommend that mobile location data be treated as personal data, The New York Times. That would theoretically give location data much better legal protection. But the recommendation is nonbinding, and Apple and Google are likely to be much more concerned about individual EU countries investigating their practices than this toothless advisory opinion.

Beefing up security for more than payment-card data isn't a new idea, but it's unfortunate for retailers that Apple got so sloppy with its users' location data. Spotting customers as they're headed for a store is the holy grail of retail mobile-location technology, whether via GPS, Wi-Fi, cell-tower triangulation or POS tracking, and right now that's all getting a slightly creepy reputation. But in practice, it's going to become the norm—retailers will just need to get their best customers to opt in.Read more...

China On Online Payments: If You’re Not Local, Your E-Money’s No Good Here

May 17th, 2011

Here’s a reminder that governments are starting to treat online payments like real money. On May 12, Chinese E-Commerce giant Alibaba Group said it transfered its online payment business, Alipay, to Alibaba founder Jack Ma last year because of new government regulations that could outlaw foreign ownership of Internet payment services in China. (It made financial headlines in the U.S. because Yahoo, which owns 43 percent of Alibaba, said it didn’t know about the transfer and hadn’t been compensated for losing ownership of a sizable chunk of that business.)

It’s hard enough for E-tailers to deal with cross-border business complexities like taxes, duties and local bureaucracies. But this is one more argument against trying to manage E-Commerce by yourself from halfway around the world: In big markets like China, the government literally may not let outsiders handle the E-money. Either make sure you choose payment partners who will definitely pass muster with xenophobic regulators—or be prepared to change partners fast.…

Bank Lobbyist: High Debit Interchange Needed To Pay For Retail Security Breaches

May 16th, 2011

What’s the real price of a security breach? Customers aren’t usually driven away when a retailer loses payment card data, and the financial costs are usually painful but not crippling. But if one Beltway lobbyist gets its way, the price of security failure will be higher interchange fees for debit cards—not just for breach victims, but all retailers. The Center for Regulatory Effectiveness asked the Federal Reserve Board last Friday (May 13) to raise interchange rates, which were pushed down by last year’s Dodd-Frank Act. The argument: Retail security breaches cause unreimbursed costs for card-issuing banks, and banks need high interchange rates to pay those costs.

If the Fed buys the argument, that would certainly put a real pricetag on security failures. Of course, that price would have no relationship at all to whether a retailer had lousy security—everyone would see higher debit interchange fees, whether you’re locked down tight or leaking data everywhere. And the lobbying outfit used one other nice touch: Instead of asking the Fed directly to raise interchange rates, it sent a letter to the Fed’s CIO, asking her to make the pitch. Hey, they had to try somebody.…

Burlington Coat Factory’s Site Shut Down By DDOS Attack, 45-Hour Incident Complicated By Comments

May 12th, 2011
Cyberthieves attacked and shut down the Burlington Coat Factory chain's site late Sunday (May 8) with a distributed denial of service attack, one that kept the site and its mobile counterpart shuttered until mid-afternoon Tuesday (May 10). The 45-hour incident was complicated by a CIO statement that "there was no breach of security systems"—proving a negative is never easy—and by some customer service representatives who told customers a very different story.

Problems were first detected with Burlington's main site—called—about 4 PM (New York time) on Sunday (May 8), when Web uptime tracking site AlertBot noticed "intermittent outages." The site then went completely dark at about 5:20 AM Monday (May 9), said AlertBot's Justin Noll. Burlington's official version is slightly different, with a statement issued by CIO Dennis Hodgson saying that the chain "was subjected to a denial of service attack early" Monday.Read more...

Michaels Replaces All Of Its PIN Pads, Following 20-State Coordinated Attack

May 12th, 2011
The 1,045-store Michaels chain confirmed Wednesday (May 11) that it had been hit with an unusually geographically widespread physical attack on its PIN pads. As a result, the chain replaced all of its PIN pads—some 7,200 units—after having confirmed breaches in 80 stores spread across 20 states. The fact that it impacted stores in 20 states is frightening. But of even greater concern is that the impacted stores crisscrossed the nation, from Delaware and Georgia to Colorado and Oregon.

Typically, such a PIN pad attack is done physically. However, with this many stores, a network attack from pad to pad is also possible. In a Q&A issued by Michaels, it was the chain itself that first raised the question of whether employees could have engaged in the fraud.Read more...

Are Intrusive Questions From Kiosks Still A Customer’s Preference?

May 12th, 2011
As kiosks have been getting more sophisticated, retailers have been relying on them to handle more functions. When it comes to sensitive issues, such as body type for an apparel chain or paying for groceries with foodstamps, chains have discovered that consumers are often more comfortable interacting with a machine.

One convenience chain found that level of anonymity sharply boosted profits when selling triple-sized sandwiches and Pennsylvania is hoping that having a machine tell customers they're too drunk to buy wine will be less humiliating. But with data breaches an almost daily news story and data-sharing presumed to be everywhere, will customers continue to stay comfortable with sharing intimacies with kiosks? That question is being raised now with the latest push on clothing kiosks that use radio waves to take hundreds of thousands of measurements to deliver what the machine promises will be the perfect clothing fit.Read more...

Visa’s Mobile Magic: Using POS As A Beacon

May 11th, 2011
When Visa rolled out its location-based mobile coupons service—with apparel chain Gap as its first client—it did so with a twist. Visa uses POS transactions to track a customer's location, so it doesn't have to cooperate with mobile operators or merchants. It doesn't have to deal with geolocation challenges like the inaccuracy of triangulating cell towers. It can even collect location information from stores that have nothing to do with its coupon program—including competitors of the retailers that do. It doesn't need customers to have smartphones, Wi-Fi or GPS, nor do those capabilities have to be turned on.

Most current mobile-payment approaches—including the mobile wallet Visa announced this week—are still based on the payment-card accounts Visa currently makes its money from. But eventually someone will come up with a better way and leapfrog over the card companies. Then Visa will be stuck with a large, expensive network for real-time transaction processing. That could explain why Visa wants to use its new service to follow cardholders around from one retailer to another.Read more...

Wal-Mart Makes Sure Customers Find Its Web Survey, But Prints Different URLs

May 11th, 2011

There’s a reason Shakespeare didn’t pen “That which we call a URL, by any other name would smell as sweet.” He didn’t write that, because the Bard knew darn well the precise phrasing of a URL makes a difference. It’s a lesson Wal-Mart apparently still needs to learn. Wal-Mart was running an in-store survey. To make sure consumers found the survey, it did three things: printed the survey URL on the POS receipt; printed it again on a pea-green piece of paper that associates were supposed to staple to the receipt; and, just in case its customers don’t know what a URL is, it provided instructions on how to use a browser.

Problem One: the URLs on the two pieces of paper didn’t match. (There’s a nice photo of the mismatch on the Dotweekly blog.) Problem Two: The stapled piece of paper instructs customers “do not use a search engine,” even though Bing, Google and Yahoo’s engines all immediately sent visitors to the right place. Lastly, does Wal-Mart really need to use a triple sub-domain ( …

Struggling For That Perfect Gift For The Retail Coder Who Has Everything Other Than Taste?

May 11th, 2011

Do you have one of those impossible to shop for propeller heads on your gift list? Wondering what to get for the retail geek who has everything? Worry no more. A site called Barcode Gallery has just the thing. It’s framed artwork that depicts a giant 2D barcode. But it gets better.

The barcode is actually a secret message that the buyer chooses, and it becomes visible when using a mobile device to look at it. It’s the ultimate in geek-to-geek party communication. The message is limited to 300 characters, which I suppose is something for which we should all be grateful. Says the product’s creator: “The end result is the creation of a ready-to-hang piece of colorful modern art,” apparently using “modern art” as a euphemism for “strange geeky eyesore.” Then again, for that coder on your gift list, it may be a thing of beauty.…


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.