Will Warranty Enforcement Be Amazon Marketplace's Achilles' Heel?

When it comes to competing against Amazon, eBay or even Japan's Rakuten, one of the more challenging aspects is their third-party marketplaces, which give each a seemingly endless inventory at minimal risk. But the odds may be getting more even, as shoppers are starting to notice that some manufacturers are strictly enforcing their authorized reseller rules.

The immediate impact on shoppers is they may find that the expensive flat-screen TV, surround-sound speakers or refrigerator that looked like such a bargain on Amazon voids the warranty. The arguably-unrealistic expectation from consumer goods manufacturers—which sharply strengthens the hands of traditional e-tailers trying to fight against these third-party marketplaces—is that shoppers would not only notice the actual name of the merchant shipping the item, but would take the time to run that name on the manufacturer's site to see if they are truly an authorized reseller. Or they could just make the purchase from or and know for certain.

Top Stories


What Will It Take To Make Chip-and-PIN Happen In The U.S.?

May 24th, 2010


The System Would Be Great If It Wasn’t For The Users

May 24th, 2010
Whoever said the customer is always right never worked in IT, pens Franchisee Columnist Todd Michaud. The person who came up with that catchy little credo has not toiled away countless days, months or even years building systems that he knew were flawed, only to be blamed (or even fired) for the poor outcome. That person has never pleaded, even begged, business partners not to take a certain approach because he knew things would end badly.

Most CIOs know this pain, and know it well. It's a no-win situation. If they build it the way the partner wants, they watch failure in slow motion. If built the way the CIO thinks it should be done, you might as well hand over torches and pitch-forks to an over-tired crowd.Read more...


Australian Airport Security Seems To Be Taking Lessons From Retail

May 23rd, 2010

There are days when I think airport security people are present primarily to make retail security people feel better. At least that’s how I felt when I saw this wonderful picture of an actual sign at the Dubbo City Airport in New South Wales, Australia. Yes, it’s a printout declaring the security access code for a restricted gate and, yes, the printout is taped to the gate in question.

A story in the Australian newspaper Daily Telegraph quoted airport Corporate Development Director Megan Dixon saying the access code “was posted on the gate to allow ‘itinerant airport workers who have security clearance to use this gate. We had a security audit last year, which we passed.'” Kind of makes one homesick for PCI, no?…


Wal-Mart Thief Had Dumb Luck: Bad Luck, Lots Of Dumb

May 23rd, 2010

A Florida shoplifter successfully navigated his way out of a Wal-Mart on Friday (May 21), carrying $145 worth of stolen DVDs, and bolted right to his getaway car with his friend at the wheel. Well, almost. It seems that in the rush, he actually ran—and literally smashed—into a parked unmarked police car.

(Editor’s Note: We cover retail technology and E-Commerce issues. But every so often, we see something so strange that we feel compelled to break the rules. This is one of those times.) A Bay County Sheriff’s Deputy wrote that Damon Demetrius Love, 35, was “running full strength in my direction” out of Wal-Mart. “I first thought he was running toward me for important assistance,” according to The Walton Sun. The paper then quoted the deputy quoting the suspect: “When he saw my headlights at the north end of the parking lot, he thought I was his ‘partner’ and started running towards me.” Moral to the story: If you’re ever trying to steal 16 DVDs from Wal-Mart, make darn certain you know exactly where your getaway car is parked.…


Holiday Inn Testing Smartphones To Unlock Guest Rooms

May 23rd, 2010

As retailers evaluate practical ways to use mobile payments in-store, they have a new pioneer ally: Holiday Inn. The hotel chain is trialing a program at two Holiday Inns—in Chicago and Houston—where visitors are allowed to use their own smartphones to open their rooms. Hotel guests go to the Web and download an app the chain calls Open Ways. “Guests ultimately will call up the confirmation E-mail on their smartphone and hold it up to a sensor on the door to unlock it,” a USA Today story said.

The advantages are the elimination of going to the front desk to pick up and return the key, plus the convenience of not having to carry anything else. This trial could be key—pun not intended—to helping retailers eventually use the smartphones for authentication and payment. The more consumers get used to the idea of phones for authentication, but not necessarily for payment (door access at a hotel, to borrow books at the local library, to access a private gym, to pick up a package at the Post Office, etc.), the easier it will be to get them to use the phones for payment.…

A Credit Card Digital Fingerprint That Looks At Three Months Of Payments

May 23rd, 2010
Back about 14 months ago, much was written of a credit card fingerprint trial from Fifth Third Bank. The idea back then was to take a full snapshot of the card at a point where it can be assumed that card is valid, such as at the point of its manufacture.

One card reader vendor, MagTek, is taking that digital fingerprint approach and making it a little easier, using 2010 technology. But instead of grabbing the card at its birth—something that Fifth Third didn't even try to do—MagTek is simply capturing the card the first time the vendor sees it as one of its POS stations. But it waits three months to make up its mind if the card is legit. Read more...

PCI Service Provider Dilemma: A Chain Can Control The Manager But Not The Managed

May 20th, 2010
When a retailer outsources any function to a third party, it can protect itself through legal contracts (the threat to sue) and through early termination or simply not renewing the service (the threat to stop giving the third party money). But in the PCI payment-card-data-protection world, responsibilities and punishment for non-performance become a lot murkier.

In this week's PCI column, Walter Conway makes an eloquent argument that chains must take special care to protect their data when changing processors. But Walt only briefly touches on the responsibility issues involving those processors. In PCI Requirement 12.8, the PCI powers-that-be mandate that the retailer properly manage the service provider, but they don't say what happens if the service provider does something wrong anyway.Read more...

Wal-Mart: “It’s Time For Chip-And-PIN In The U.S.”

May 20th, 2010
With major card brands and the banks strongly opposed to Chip-and-PIN efforts in the United States, there's only one way it's going to happen—and that happened Wednesday (May 19): Wal-Mart publicly forced the issue. When the world's largest retailer insists on a path, even Visa has to listen. And Wal-Mart is now insisting on a domestic Chip-and-PIN (EMV) program.

"As far as we are concerned, signature is a waste of time. It has to be PIN or nothing," Jamie Henry, Wal-Mart's director of payment services, told attendees of a panel discussion held Wednesday at a Smart Card Alliance event in Scottsdale, Ariz.Read more...

When You Change Processors, What Happens To Your Data?

May 19th, 2010
Have you ever wondered what happens to all your old card transaction data after you change your processor or acquirer? Most retailers have made such a change, and many make it a practice to rebid their card-processing contract every few years. After you move on, though, your data frequently doesn't follow you. So, PCI Columnist Walt Conway asks, "What are your responsibilities if this old data gets compromised?"

Are you still responsible under PCI Requirement 12.8 for managing a service provider when you no longer have a relationship with that provider but it still has your data? Aside from PCI considerations, if a service provider--think tokenization vendor or loyalty program manager—simply goes out of business, how will you get your data back? Read more...

Should Wal-Mart Digital Signage Use Near-Time News, Weather, POS Data?

May 18th, 2010
It's 9:17 PM and customers in a Boston grocery store are wrapping up their shopping when some Blackberries and iPhones start vibrating the news of a key sports loss of the beloved local Red Sox against the rival New York Yankees. As frowns appear from frozen foods to the AAA battery endcap displays, all of the digital signs start flashing out messages of condolence, suggesting that shoppers commiserate with a case of Sam Adams. "We'll get 'em next time," the sympathetic store displays digitally declare.

Traditionally, in-store digital signage has been used for the mass-broadcast of commercials set by the chain and, sometimes, tweaked regionally. But why not make the content truly unique to a store, dictated by local weather, sporting events or near-time POS activity?, asks Michael Hiatt, who ran Wal-Mart's in-store media program until last year.Read more...

Wal-Mart Digital Makeup Trial: It’s the Inventory, Stupid

May 18th, 2010
Wal-Mart this month quietly began a 10-store trial of a cosmetics system—called the Wal-Mart virtual mirror—that uses a barcode reader and a digital camera for the virtual application of makeup. What's interesting in this 90-day trial are the ROI benefits beyond mere increased sales, such as reduced shrink (no need to throw out lipstick after a test), better availability of product and some natural social-shopping benefits via E-mail.

The trial is using Sprint CDMA for data connectivity, which made it easier for Wal-Mart to do the tests. Sprint CDMA didn't require any of the test systems to interact with the chain's LAN, thereby bypassing questions such as "Do I want to put in a separate WiFi network in the stores? With this, all we have to worry about is power," said one person involved in the trial.Read more...

Google Apologizes For Collecting Too Much WiFi Data—And Then Gives Up

May 17th, 2010
Pushing the envelope is risky, but no one makes any progress without doing it. Google rediscovered that reality when it had to apologize this week after accidentally capturing a lot more WiFi data than it intended for the Street View feature of Google Maps.

The upshot: The search giant has now decided to end its entire WiFi survey. And that's exactly the wrong lesson to learn from an incident like this.Read more...

Are Negative IT People More Successful At Delivering Results?

May 17th, 2010
Franchisee Columnist Todd Michaud had a meeting Tuesday (May 18) with several internal department leaders and a vendor, discussing a store technology conversion for one of his company's brands. About half way through the meeting, he asked his operations counterparts what the minimum number of stores participating in the program would be for them to launch. One of the department heads looked at him and said, "Why are you being so negative and talking about minimum participation? We will work hard and get this done. It's that simple."

The statement caught Michaud a bit off guard, and it made him realize exactly how negative the group sounded about the entire project. In fact, his team had spent a good part of the meeting talking about risks and planning for contingencies. Read more...

Looking To Monetize Consumer Comments? Here’s A Really Bad Idea For How To Do It

May 16th, 2010
With thousands of customer comments being posted on products on many of the largest retail sites, the temptation can be quite strong to try and find a way to monetize that information, beyond merely enjoying stronger product sales.

But one very popular news community—called Topix—tried an impressively horrible idea and got slapped down for it by the attorneys general of 23 states and U.S. territories.Read more...

Ice Cream Shop Uses RFID To Broadcast Latest Inventory

May 13th, 2010
At Izzy's Ice Cream Café in Saint Paul, Minn., a teenage scooper has just dished up the last of the strawberry cheesecake ice cream. When she pulls out the RFID-tagged strawberry label and replaces it with one for lemon custard, a colored dot of light on the wall announces the change to all within viewing distance. Within three minutes, the Web site is identically updated, deleting strawberry and welcoming lemon.

While the co-owner of this family-owned scoop shop said he likes the RFID technology, he's fonder of the push nature of his current flavor updater--where he tells his customers what he has--rather than the pull nature of a system in which his customers tell him what they want. When does customer feedback become too much?Read more...

Target, Starbucks Suffer Mobile Gift Card Security Hole

May 13th, 2010
Special Report: In a rush to make mobile gift card rollouts as convenient and low-cost as possible, some major chains—including Target and Starbucks—have overlooked security holes that allow any shopper to use the dollars loaded into other shoppers' gift cards. The hole, which StorefrontBacktalk verified by recreating it in a Target store on Wednesday (May 12), is the results of the cards publicly displaying enough information for someone to create a copy that can trick the POS's barcode scan. In short, Target is putting the account numbers (PAN) into the cards' barcodes. Indeed, the barcodes contain little else.

"You never use the PAN on the handset. Never, never," said an official with the security company that discovered the hole.Read more...

Can The iPhone Make Even Contactless Look Good? The Curse Vs. The Cool

May 13th, 2010
Which is stronger: the curse of contactless payment or the coolness of the iPhone? Last week, Visa said it planned to launch an add-on to Apple’s iPhone that will turn it into a contactless payment device for Visa’s payWave system. Or maybe not.

The fact that Visa, along with a three-year-old Texas startup called DeviceFidelity, issued a news release and almost immediately tried to retract it is telling. Then again, the fact that Visa thinks it's possible today—in the age of Google cache and umpteen sites that seem to like publishing verbatim news releases—to take back a release after it's published is itself a very revealing statement.Read more...

Avoid Paying For PCI Certification You Don’t Need

May 12th, 2010
Retailers these days have far fewer PCI training options open to them. About the only game in town anymore for detailed PCI standards training is the PCI Council itself. But be sure to choose your program carefully.

Unless you are an L2 merchant who plans to self-assess, advises PCI Columnist Walt Conway, you could find yourself overpaying for a certification that you don't need.Read more...

If Athletes Worked Like IT Shops, The Super Bowl Would Suck

May 12th, 2010
Franchisee Columnist Todd Michaud recently embarked on a personal goal of competing in an Ironman Triathlon. You know that ridiculously long physical event that involves a 2.4-mile swim, followed by biking for 112 miles and then, after that, you get to run a marathon (26.2 miles).

He figured that being 60 pounds overweight and having absolutely no real experience in any of the three sports was a perfect metaphor for some of his IT projects. How different could a Triathlon possibly be, after all, from a global IT deployment that is ludicrously underbudgeted with ridiculously unrealistic goals, which the board somehow believes? Read more...

New Data Breach Law Says Assessor—Not Visa—Has The Final Word

May 12th, 2010
One of the top ongoing concerns about PCI compliance—the absence of a true safe harbor—has been obliterated in the State of Washington, thanks to a new law signed by Gov. Chris Gregoire. Well, obliterated to the extent that it otherwise requires reimbursement of a financial entity's reasonable actual costs "even if the financial institution has not suffered a physical injury in connection with the breach."

The law specifies that the post-breach game won't fly in the state of Washington: A retailer "will be considered compliant, if its payment card industry data security compliance was validated by an annual security assessment and if this assessment took place no more than one year prior to the time of the breach. For the purposes of this subsection, a [retailer's] security assessment of compliance is nonrevocable."Read more...

Paperless Receipts Column Stirs Up Comment Controversy

May 9th, 2010

Last week, Todd Michaud’s column spoke of getting rid of paper receipts. It seems that suggestion struck a bit of a nerve with readers, many of whom had rather intense reactions, at least according to their posted comments.

Questions and comments about everything from the role of smartphones, proving warranties with dead-tree innards, letting customers leave the store confident they won’t be hassled by security and the loss of ad revenue from the back of receipts to handling expense reports that still demand original receipts flooded the comment box. We had some very interesting exchanges. Typically, readers don’t go back to the stories after they read them. So when especially interesting comments are posted on a story days later, this related story is the only way we can tell our readers about it. Please check ’em out, if you’re interested.…

Consumers To Sue Safeway For Not Using CRM Data For Recalls

May 6th, 2010
Spurred on by the efforts of Costco, ShopRite, Wegman's and other grocery chains to use CRM data to alert customers to product recalls, a consumer group said Thursday (May 6) it is about to sue the $41 billion 1,712-store Safeway chain because of the its "failure to notify consumers that they've bought potentially dangerous products [which] violates state consumer protection laws in Texas, the District of Columbia, New Jersey and California."

The trend to use loyalty card data for product recalls is nothing new. Much of the motivation stems from a lawsuit against Kroger a half-dozen years ago, where a Kroger's customer ate beef contaminated with Mad Cow disease even though the chain supposedly had more than enough time to have alerted her before she consumed the tainted product.Read more...

Retailers Need To Protect Their Data, Even From Their Own Customers

May 6th, 2010
The credit card brands used to have a much simpler reality. Merchants used the card data to do transactions to get paid for their goods and services. They knew with whom they worked and could get those firms—to a certain degree—to abide by their rules. Today, companies like Blippy and Offermatic are changing the dynamics. They're making a business out of leveraging card data, but they have no direct relationship with the card brands.

As Blippy's recent data breach problems make clear, this is new territory. Two distinct issues are at play here: security protection against fraudulent transactions (essentially PCI) and privacy/identify-theft concerns involving companies that leverage consumer transaction histories. Making this scenario much more delicate is the fact that consumers themselves are often giving these third-party vendors permission to share their data.Read more...

Macy’s Self-Service Makeup Centers Could Go Much Farther

May 6th, 2010
When reports hit this week that Macy's was trialing self-service makeup centers—to be called Impulse Beauty—at about 15 locations, we initially thought the retailer was leveraging kiosks. Alas, nothing so digital is going on at Macy's. But the potential for replacing pancake with pixels is quite real.

Envision a customer walking up to a kiosk, looking into a mirror and smiling. The mirror digitally captures the customer's face. With the captured face on a screen, the customer chooses makeup options. Read more...

ATM Maker Publishes Password; Thief Appreciates The Courtesy

May 6th, 2010
The popular IT directive to "RTFM" was taken to heart by one cyberthief, who read the manual from an ATM manufacturer to learn its machines' default password and the key sequence to access that machine's programming. Having gained that access, according to an FBI affidavit, the cyberthief was going to tell the machine it was loaded with one-dollar bills—instead of the 20s it really held—which would allow him to boost his original investment 20-fold.

The man arrested, Thor Alexander Morris, said he worked at a Food Lion in North Carolina as a manager. Morris used Wal-Mart Green Dot Pre-Paid cards ($400 each) and a false ID to purchase those cards. The FBI said Morris' plan was to attach GPS tracking devices on the vehicle of an ATM maintenance person working for ATM manufacturer Tranax and hit some 35 ATMs in Houston while wearing a wig, a goatee and different clothing as a disguise.Read more...


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.