Evan Schuman's StorefrontBacktalk

If a retailer will invariably be declared non-compliant after a breach, what's the point of doing the assessment right? Turns out, there are quite a few points.Read more...

And yet, if any segment of retail was underutilizing the magic of interactive E-Commerce, it's the glossy side of facial retailing: makeup. Drugstore.com—and one unidentified pharmacy chain, although it's not one of the four largest—are about to try and address that. The retailers will encourage customers to upload photos of themselves and the system will then project what various makeups will look like on their skin, leveraging facial recognition software.Read more...

The Missouri law is similar to most other state laws dealing with data breach notifications, but it includes medical and health information, data the states usually don't mention because it is protected by the federal Health Insurance Portability and Accountability Act (HIPAA).Read more...

"The Maine law imposes severe limitations on all Web sites that serve teenagers," said NetChoice in explaining its decision to put the law at the top of the list. "At the very end of its session, the Maine legislature voted to require Web sites to obtain 'verifiable parental consent' before collecting personal information from teens. Lawmakers approved the measure despite the fact that Web sites have no means to confirm such consent, and would be effectively forced to stop providing valuable services like college information, test prep services, and class rings."Read more...

As we pointed out in a recent package of stories, retailers have been slow to deploy mobile sites that actually support purchases. However, the lure of potential holiday dollars seems to be inciting at least some of those foot-dragging merchants to lean on third-party mobile site developers to quickly create M-Commerce sites.

Representatives of several mobile commerce technology vendors have said they’re suddenly being pressed by retailers to develop mobile sites or applications before December. Folks from Usablenet, Digby and CardinalCommerce told the publication they’re working on rush-job M-Commerce sites or apps for economy-battered retailer clients that want to make sure they offer consumers every possible opportunity to buy something for the holidays. For example, Jason Taylor, vice president of mobile products at Usablenet was quoted as saying the company expects “to launch 10 mobile retail Web sites between September and November” and Digby CEO Dave Sikora said “there’s definitely a push right now to have some kind of mobile presence for the holiday season. There’s a sense of urgency right now to engage with customers in the mobile channel with the thinking that come January they’ll learn from the holidays and create a whole mobile strategy.”…

A jury in Delaware Tuesday (Aug. 18) concluded that mega e-tailer Amazon didn’t infringe two online-shopping patents and found that a third had been invalid. The case involved a company called Cordance suing Amazon for patent infringement. Cordance argued that they had described the one-click method back in 1993, some four years before Amazon launched its version.

” After 14 hours of deliberations, following a 10-day trial, the federal jury of four men and four women in Wilmington, Delaware, today rejected Cordance’s claims that Amazon infringed the patents. Cordance sought more than $84 million in damages,” said a Bloomberg report. “During the trial, Amazon lawyer Lynn H. Pasahow told jurors that one of the patents wasn’t infringed because Amazon uses one-click ordering, while the patent is for a system involving two clicks.”…

But the indictment revealed several key contradictions with 7-Eleven and Heartland and one major retailer's security executive found the government's specifics to be a convincing indictment against PCI.Read more...

With social networking becoming a critical tool in the E-Commerce director arsenal—whether that’s Facebook, MySpace, YouTube or Twitter—the power of a tiny piece of programming called a URL shortener is something that retailers would rather not leave to chance. Given how easily the tools can be used to secretly ship a customer to an unintended Web address, security is a factor, too.

With this in mind, Web site uptime firm Pingdom tested them against each other. For speed, the fastest to the slowest were ls.gd, Bit.ly, Ow.ly, Su.pr, TinyURL, Twurl, Tr.im, Cli.gs and the slowest—by a decent margin—was Snipurl. But the report also looked at reliability: “Perhaps even more important than how fast these services are (many would argue a few hundred milliseconds in load time won’t make a huge difference) is how reliable they are. Once a short URL has been created, how much can you trust that it will work and keep redirecting to your target site?” The reliable ranking, from most to least, was Ow.ly (the only tested service that suffered zero downtime), Bit.ly, Su.pr, TinyURL, ls.gd, Snipurl, Cli.gs, Twurl and Tr.im.…

For matters of credibility, we overwhelmingly avoid reporting on studies that are actually vendor marketing departments pushing studies whose results were likely determined before the first question was asked. This gets us into a thorny editorial debate. If the idea or results are valid, should the source matter? The answer is that it probably shouldn't, as long as the methodology seems valid and fair. The premise of the report—which is that retailers should use the data they have to push for more sales—is a valid one, but we just wish the messenger didn't have such an obvious incentive to come to that conclusion.Read more...

In so many ways, Australia is arguably the nation that most closely mirrors the U.S. retail scene, much more than the U.K. and even more than does Canada. For that reason, the latest social networking trends from Australia are especially intriguing, as they show that more than 70 percent of Internet users in Australia visited a social networking site in June. To put that into context, that figure last June was 29 percent, according to ComScore. The study also concluded that social networking users accounted for 90 percent of the audience for all of Australia’s top Internet properties.

The study limited its visitor base to those older than 14 years and included visits from both home and work, but—for reasons not explained in the report—it excluded visits “from public computers such as Internet cafes” and libraries and it also—oddly enough—excluded visits from mobile phones/PDAs. That last exclusion is enough to raise some serious questions about meaningfulness, especially for Twitter activity, which reported an intense 6,122 percent increase. The report saw Facebook on top, enjoying an impressive 95 percent year-to-year boost, while MySpace came in a distant second, with a mere 5 percent comparable growth. All of the social sites examined had increases, other than Windows Live Profile (which hadn’t been seen the prior year) and Bebo, which dropped 9 percent. After Facebook and MySpace, the next in order from the June rankings were Windows Live Profile, Bebo, Twitter, Deviantart (+95 percent), Digg (+50 percent), Tagged (+93 percent), Buzznet (+52 percent) and Orkut (+607 percent).…

At the end of last month, Best Buy had a POS price glitch for the Palm Pre and chose to let those who made the inadvertently good deals keep them. When an even more severe price glitch happened this month, the chain was less generous.

On Wednesday (Aug. 12), a Web glitch had a $3,400 52-inch flat-screen television selling for $9.99 and the online system sold quite a few. This time, though, Best Buy corrected the price and said that it would not honor those orders, instead opting to cancel them and refund the money. The details on how such an error wasn’t detected before sales were processed were not–amazingly–released.…

At a practical level, there were various specific capabilities that Target wanted to add that Amazon either couldn't deliver (unlikely) or wouldn't deliver (more likely) or (most likely) that Amazon could deliver but at an unacceptable price. Target spokesperson Kelly Basgen said areas that Target wanted to improve once the Amazon divorce is final in August 2011 were search, checkout, cart features, better branding control and differentiated experiences within different categories. She gave an example—while stressing that it was only a hypothetical example—that Target might want a consumer's experience within apparel pages to be very different than within home goods.Read more...

Instead, the U.S. M-Commerce space is floundering as merchants drag their feet deploying purchase-capable mobile sites or find their mobile initiatives stalled by an avalanche of obstacles beyond the anticipated mountain of incompatible platforms and mobile browsers. The problems encountered are legion. They include a vacuum of standardization for everything from design, programming, payment processing and even URL naming to fears about carrier conflicts over the types of permitted content and a Catch-22 business strategy about how much, and when, they should embrace M-Commerce.Read more...

In an attempt to bring some sanity to the Mobile Web mess, the World Wide Web Consortium (W3C), in 2005, formed a Mobile Web Best Practices Working Group. In 2008, the group released a Mobile Web Best Practices guide that lists 60 recommendations. Apparently, there isn't even standardization among those hoping to create standards and even M-Commerce experts aren't all abreast of the situation. For example, Impact Mobile CEO and President Barry Schwartz said he was unaware of the W3C effort but noted the Mobile Marketing Association (MMA) was busy crafting its own M-Commerce site design guidelines. Read more...

Going through the ritual of filling out shipping and payment forms on a regular E-Commerce site is annoying enough, but being forced to do that same dance on a mobile device can be downright cruel. But a true M-Commerce site must allow visitors to not only find products with their mobile devices but to also buy them. That forces retailers to choose from among four not-especially-attractive checkout options.Read more...

This begs the question: How does an IT department successfully deliver retail technology that meets the needs of both a franchisor and the chain? Both sides need to change the way they think about large-scale IT projects. StorefrontBacktalk's new Franchise IT Columnist Todd Michaud contends that this is a lesson that shouldn't be ignored by non-franchise chains, too, as today's reality of Web-enabled, mobile-fueled, social-network-infested high-turnover low-margin is forcing everyone to play by very different rules or to die not trying.Read more...

A year into the job as Home Depot’s VP for specialty channels, Michael Cooper said that his chain is just starting to realize how mammoth a true E-Commerce rollout is and that it’s a price it’s willing to pay. “We’re going to come into the ‘90s, allow returns in the stores, and allow store gift cards to be used as tender online,” Cooper was quoted as saying in this wonderful story from Multichannel Merchant. “It will require modification of 15 legacy systems and that goes all the way down to the store’s POS systems. But the more we can convince the powers that be that the multichannel shopper is more valuable than the store shopper, the easier it will be to get the job done.”

Cooper also said that Home Depot CEO Frank Blake candidly concedes E-Commerce errors. Blake “says that if there’s anything we screwed up in 2007, it’s our e-commerce channel. He says that, 10 years from now, experts are going to look back and hope we figured out how to fix it. That gives me a clear understanding that he knows the importance of the channel.”…

"The noncompliance assessment structure now contains escalating assessments per violation within a calendar year," said the document sent to members earlier this summer. "Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program noncompliance has been discontinued."Read more...

Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

For example, the breach costs of just the second quarter came to $19.4 million and it said that the “majority” of those costs was for the settlement offer, suggesting that the settlement was more than $9.7 million. Legal fees make that precise calculation tricky as well as the lack of a percentage of that majority. “The remainder of the expenses and accruals related to the Processing System Intrusion recorded in the three and six months ended June 30, 2009 were primarily for legal fees and costs the Company incurred for investigations, remedial actions and crisis management services,” Heartland said.…

At the end of July, Network Solutions revealed a massive breach, impacting some 574,000 consumers and more than 4,300 retailers. So to their marketing department, what a better time to proclaim a new commitment to quality?

In a note sent July 29—just days after the breach was disclosed—the marketing team was positively ecstatic: “On or around August 1, 2009, much of the hard work we’ve been doing to improve your overall Network Solutions experience will be on full display.” Probably a bit more candid than anticipated. An equally good line from the letter: “We‘ve received an overwhelming amount of valuable feedback which is driving a reinvention of our company.” That has got to be the world’s best marketing phrasing to describe an angry mob.…

The online battle between the nation’s top pharmaceutical E-Commerce players—including CVS, Walgreens and Rite Aid, along with Wal-Mart and Costco—had its latest volley Monday (Aug. 3) when Rite Aid announced its ability to now handle prescription refills online. How significant this move is, however, is unclear as almost all of the major pharma e-tail sites already had such capability. Rite-Aid spokesperson Cheryl Slavinsky wouldn’t say if the Number 3 drugstore chain is playing online catch. “We can’t really compare. Some of our competitors have courtesy refills and some don’t. We all offer something a little bit different,” she said.

But Forrester Retail Analyst Sucharita Mulpuru wasn’t quite as circumspect. “This does seem to be very established with the other retailers so I’m not sure why this is a big deal,” Mulpuru said. “The bigger issue is why people don’t use this feature that much. I think it has a lot to do with the fact that doctors aren’t particularly efficient either and still hand write prescriptions often.”…

Apple and Google hadn't been seeing exactly eye-to-eye for many months, but was pushed this out in the public was the FCC confirmation on July 31 that it was investigating. The bigger picture here, though, is that Mobile Commerce is the next "big thing" in retail and Apple and Google are well-positioned to become two very key—if not the key—players. And they won't be playing on the same side.Read more...

CVS , the nation's largest pharmacy chain with more than 6,900 stores, is installing tactile POS devices in all of its United States stores and upgrading its Web site to bring it in compliance with the Web Content Accessibility Guidelines (WCAG) promulgated by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium. Adhering to the accessibility guidelines can be time-consuming and expensive for retailers and there is debate in the industry about whether those costs can be justified given the limited number of people benefitted.Read more...

EBay's PayPal group went dark worldwide for all users for an hour Monday, starting at about 1:30 PM (New York time). Many users were unable to make purchases for a much longer period, until the final users were restored by about 6:30 PM. Ebay said the cause of the outage was an "internal network hardware issue" and that EBay was "looking into how to address our affected merchants." If EBay wants to compensate—or, more precisely, console—merchants who were scared POSless on Monday, forget about compensation checks. Instead, do two things. Read more...

Actually, the need for this emerging payment “channel” and the specific payment platforms, software and services to be PCI compliant should be obvious, Taylor said. After all, the PCI standards have been around for about 5 years, so one would assume that PCI compliance would be “built in” to mobile payment products and services.Read more...