Evan Schuman's StorefrontBacktalk

Really? We've seen lawmakers take their best shot at data security and privacy before. This time, it's a task force of bureaucrats trying to balance the demands of competing interests. But at this point, we don't need balance. We need clear rules for protecting customer data, and regulations with teeth so there's a meaningful penalty when data isn't kept safe. As it is, the Commerce task force has some nice ideas about voluntary privacy principles that won't go anywhere in Congress—and wouldn't help even if they did.Read more...

In the last few days, some have posted that this Patent is inherently rude and disrespectful and warned of the dangers of a computer glitch revealing that a gift was swapped. In this instance, those concerns are misplaced. Consumers have faced that risk for a millennium, when friends or relatives visit and ask where that sculpture of their dog—a birthday gift from last year—is hiding.Read more...

In theory, that puts merchants using tens of thousands of TSYS POS terminals at risk—their payment-card data could be hijacked! Or leaked! Or lost! In practice, that's not going to happen. For now TSYS still controls those phone lines while it mulls an appeal of the judge's order. But the case is a reminder that all third-party services depend on how well someone else is running another company. When a card processor gets sloppy and just a bit too arrogant with one customer, that can have effects that ripple out to many other retailers.Read more...

That's great for PayPal users. For PayPal, it's a problem. The success of its iPhone app means there are millions of users at risk. And PayPal's promise to reimburse any fraud loss related to that risk means there's nothing to motivate users to upgrade from the old version that, to users, seems to be working just fine. Result: All the risk is on PayPal—and the only way to get out from under that risk is to irritate its customers.Read more...

In a settlement with Amazon, the anti-dog folk said that Amazon had ripped them off for about three years, from January 2006 through January 2009. The takeaway for retailers is clear, though. The Post Office is in a bad place these days, with E-mail attachments killing much revenue and FedEx and other carriers nibbling away at what's left. E-Commerce shipments are one of the last hopes, so the Postal Service wants to be explicit that it will enforce its rules strictly. But will it backfire?Read more...

In a look at how many of Visa's fraud reports came from its top five franchisee verticals (restaurants, apparel, direct marketing, sporting goods and lodging) over three years (2008 to 2010), the biggest short-term change was with restaurants, which plunged from 24 percent in 2008 to 9 percent in 2009.Read more...

Starbucks' up-and-down history on CRM, mobile and the Web makes these latest stats historically interesting. Whether it is up or down, this chain is hard to count out. That's especially true when a $10.7 billion coffee house is reporting a loyalty program growing at 20 percent.Read more...

That may seem unlikely. After all, who would want to disrupt customers just trying to buy a book, a pair of shoes or a gadget online? Probably not professional thieves—it's not easy to steal money through an E-tail site. But among the 700,000-plus people who have downloaded Firesheep, some are likely to have vendettas against certain retailers (and no, not just Wal-Mart). The clock may be ticking on how long E-tailers have before they either provide full-session security for all shoppers or risk losing business.Read more...

PCI Columnist Walt Conway has to ask, though, whether it is possible that Visa's effort might have the unintended and clearly undesired consequence of actually reducing franchisee security—at least in some situations. That might happen if corporate franchisors segment their networks in an effort to bypass the new program and its increased costs. The decisions corporate franchisors make in the coming months could determine the ultimate effectiveness of Visa's well-intentioned effort to reduce data compromises and increase PCI compliance among franchise locations.Read more...

As part of the ordered manual review, Target shut down its POS Cashier Speed-O-Meter devices to accommodate the additional time for the manual reviews. That review will cost the chain between $2 million and $5 million in additional labor costs, said IHL President Greg Buzek, who calculated that fee based on an additional minute for every transaction and the number of stores and checkout aisles that Target is using, plus Target's efforts to add more people to keep the lines moving.Read more...

The problem? Barely two percent of them have scanners today that can do the job. "There's going to be a massive replacement of optical scanners," said IHL President Greg Buzek.Read more...

Cyberthief Extraordinaire Albert Gonzalez’s crew targeted at least one of the retail chain victims they hit partially because they didn’t like the chain. Forever 21 was targeted because “the clothes were poorly made and the employees were poorly paid,” Gonzalez Co-Conspirator Patrick Toey is quoted as saying in a profile of Gonzalez by The New York Times Magazine. In the Times piece, Toey described how the Forever 21 attack began with a flaw in the chain’s shopping cart software.

He also spoke about some of the other many retail victims of the Gonzalez crew. Another member of the gang walked into an Office Max near Los Angeles and simply “loosened a terminal at a checkout counter and walked out of the store with it” for intelligence gathering. Once in, Toey said, the system was foolproof: “Every time a card was swiped, it would be logged into our file. There was nothing anyone could do about it.” More intriguingly, Toey said the crew had attacked “major chains and [orchestrated] big hacks that would dwarf TJX,” none of which were ever the subject of the federal probe. “I’m just waiting for them to indict us for the rest of them,” he said. So, the saga isn’t over yet. As if it we didn’t already suspect that.…

Litan spoke of additional security measures being better than the alternative of "having the customer account drained." But that's just it. These thieves are not stupid enough to kill the goose that laid the golden mag-stripe. Just as the typical consumer needs to see enough fraud to make a phone call to a bank—and endure the inevitable series of hold music performances—worthwhile (for some, that's more than $5, and for others, it can be more than $20), the typical bank needs to see enough of its customers get hit to make a call to its fraud department worthwhile.Read more...

The columnist took the vendor up on its offer and tried the machine, working with company owners. At the end of the process, the machine is supposed to cough up a list of jeans that will fit that consumer perfectly and where to get them. In this case, though, the machine found zero. Zilch. But this is not merely a case of a vendor proudly doing a demo before the technology is ready. It's the latest example of a vendor focusing on the majority of consumers, when the gold actually lies in the minority.Read more...

PayPal's outage again spotlights the problem of backup strategies that simply don't. It's painfully reminiscent of recent datacenter fiascos at American Eagle Outfitters and Wal-Mart. And while some major retailers were kept apprised of the progress of PayPal's outage and disabled PayPal payment functionality on their E-Commerce sites to minimize problems, most of PayPal's customers got the word late or not at all. Apparently there was no effective plan for dealing with that side of the outage, either.Read more...

For example, Whitman was quoted as telling The New York Times: "I led a community at eBay that, you know, was 80 million unique visitors a month strong, and so I think I understand what California needs to turn itself around." This statement isn't political. It's quintessential Silicon Valley. When was the last time a Washington insider made an argument by rattling off a unique visitor stat?Read more...

On the surface, the differences between the two versions do not appear significant. So why would you not want to validate using the latest and greatest? Looking deeper, however, shows that one change in Version 2.0 could have an impact on your decision. And that change, says PCI Columnist Walt Conway, is the new guidance on scoping.Read more...

Amazon has dressed up that court ruling as a big victory for customer privacy. But now Amazon will have to cough up the customer data, and North Carolina will begin to go after Amazon's North Carolina customers to collect the taxes due—and you can bet that the revenuers will mention Amazon's name when the tax bills go out. Amazon is already collecting sales taxes in five states where it has physical operations. Therefore, a few more court victories like this one, and Amazon might be better off just collecting all state sales taxes itself.Read more...

The story behind the numbers also gets into some definitional questions. Consider a 19-year-old who poses a question to a Facebook forum about which car to buy. Does that consumer think of such an inquiry as mobile research or merely talking with friends? Retailers are likely to see it as quintessential M-Commerce research, but the consumer—who is answering these survey questions—is more likely to see it as hanging with friends and say "no," said Pam Goodfellow, a senior analyst with Big Research, which managed the NRF survey.Read more...

The short version: You can expect to spend more time at the beginning of your assessment, and some of the approaches and technologies you may recently have put in place may no longer make the grade. Read more...

That's why the announcement from Kindle that it will, "later this year," introduce "lending for Kindle" is so potentially significant. The concept is a direct steal from the physical world. A person who purchases an e-book can loan someone a copy of that book, with restrictions. If a consumer today buys a book from a physical store, that consumer owns that book and is therefore free to sell it to someone else, for whatever price the market will bear. Instead of prohibiting that in the digital world, why not encourage it, albeit for a cut.Read more...

Let's look at what the world's largest E-tailer said. Amazon—and tons of retailers—has made lots of ports to new platforms. You create a dedicated app and it has your brand on it. Or you craft a version of your product to run on the new platform. But Amazon, owner of one of the strongest brands in retail today, opted to give its iPad version an entirely new name: Windowshop.Read more...

We're coming to an inflection point that will have some scary repercussions for the mobile industry. Until recently, criminals have had very little incentive to attack the mobile channel. But this is changing, and fast. There are three reasons for this shift.Read more...

Background in "store systems would also be interesting" for this position, said DSW CIO Carlos Cherubin. "This is a new position, born of the fact that our organization is growing," he said, referring to its current 210-person IT operation (internal IT staff of 170 plus about 40 IT contractors). "We're a 200-person shop day-to-day," Cherubin said.Read more...

Starbucks, which is one of the very few national retailers running any kind of a mobile payment trial, has sharply expanded its initial West Coast run, announcing this week a planned move into its almost 300 stores in New York City and parts of Long Island. (Target, another M-Commerce-interested retailer, has already been accepting the mobile payments at the Starbucks in their stores.)

One of the reasons for the urban move is a discovery from the 16-store test in Seattle and Northern California that “dense office building environments” worked out much better than “more neighborhoody environments,” said Chuck Davidson, the category manager for innovation on the Starbucks Card team. He theorized that word of mouth in those office parks was the cause (and the lunch crowd, as opposed to the suburban tendency to solely do morning coffee). And even though the barcode scans are taken directly from the mobile device screens, Davidson said testers found few problems with glare that other chains have experienced. He credited high-end 2D imagers and asking that customers turn their phones’ brightness to full. He added that the chain has yet to experience any fraud in the trial. True, but the Big Apple may test how long that will be the case.…