Evan Schuman's StorefrontBacktalk

As a few supermarkets trial customer held scanners to check out items as they shop–sort of a wand approach to a smartcart–the Baltimore Sun caught up with some consumers to get their reactions.

“I wish every store had this,” said White, 39, who recently moved to Sykesville from Baltimore. “This has made my shopping more efficient. As I see my bags getting full, it makes me think about what I’m buying, rather than just piling stuff into the cart.” Not a lot of new information, but an interesting look at how consumers are reacting to the technology.…

Quite a few state attorney generals are investigating how TJX handled its data, but are they trying to prevent another disaster or take the easy way out?

Negotiating a settlement to help consumers check their credit reports and fix any problems is one thing. Getting at the security procedures and what should have been done and punishing a company for reckless acts, that's very different. To read the full column,

The Rhode Island Attorney General’s office is launching a formal investigation of TJX’s data breach, including what caused it, why it wasn’t detected more quickly and why the announcement of it was delayed, the AG’s office announced on Monday.

The investigation—technically, a Civil Investigative Demand (CID) on the authority of both Rhode Island’s Deceptive Trade Practices Act and its Identity Theft Protection Act of 2005—is expected to officially begin with its first meeting with TJX officials on Feb. 12 at the Attorney General’s office in Providence, said Edmund Murray Jr., a special assistant attorney general who is in charge of the probe. To read the full story, please click here.…

When Overstock.com reported a weak earnings fourth-quarter earnings report on Monday (revenue down 6 percent, gross profits down 16 percent, a $97 million loss for the year), top management pointed the finger squarely at IT. It's unusual for a company to blame a loss on technology management, but Overstock has done it before.

"We lost $41 million for the quarter and $97 million for the year," Patrick Byrne, Overstock's Chairman/CEO, said in a statement. "We paid the price for hastily implemented system upgrades of 2005 and the subsequent troubles caused by them." Byrne said the system upgrades—involving the integration of an Oracle database and a Vcommerce database—were partly cursed by bad forecasting. To read the full story,

Financial analyst firm CL King & Associates has downgraded TJX (to neutral from strong buy) as fallout from the security data breach and the company’s vague answers continues. “Based on our diminished EPS outlook for FY07, we believe an investment in TJX Cos. is likely to be dead money at this point,” said the firm’s research advisory.

Much of the firm’s concerns are about when the next shoes may drop, especially anything involving the cost of paying for all of these unknowns. “Regarding FY07 expenses related to the data breach, the company stated it is not yet able to reasonably estimate the losses it may incur. Management stated it is unlikely to be able to reasonably estimate such losses at the time earnings are released in FY07,” the advisory said. “The ongoing expense issue includes legal costs, exposure to credit and debit card companies and banks, related fees and expenses, and other possible liabilities.”…

The attribution in this Chosun Ilbo (a major Korean newspaper) story is a bit thin--as in "The credit card industry announced Sunday," which suggests the image of a stunningly crowded podium--but the essence of the story is still an interesting way to start the week. It reports that the "private data of around 10,000 Koreans who use credit cards associated with Visa, MasterCard and American Express was stolen" in the TJX incident.

"The credit card industry announced Sunday that an intruder had gained access to the databases of TJX Companies and stole sensitive information of about 40 million card users including 10,000 Koreans," said the newspaper's online story. To read the rest of the story, .

With a $450 million three-year plan. Nordstrom is pushing to truly achieve a single view of all inventory across all of their channels, said Jamie Nordstrom, the company’s executive vice president.

The high-end retailer is in the middle of the second year of its three-year project, with the goal of full integration of customer and product data across Web, store and catalog channels, according to an Internet Retailer story. “It’s useful internally to manage inventory, but it also gives inventory visibility to our customers as well as our salespeople on the floor,” Nordstrom said, according to the story.

The system now enables store associates at the point-of-sale counter to special order products from online inventory. As the project continues, Nordstrom will extend access to integrated inventory records to front-line employees and customers so that a store associate can view on a computer screen real-time updates of available inventory across all channels and online customers can view real-time updates of inventory available in stores. The latter will support Nordstrom’s plan to offer in-store pick-up of online orders. Nordstrom’s goal for the web channel is sales of $1 billion a year within the next four to six years.…

Some of the nation's top retailers—including Rite Aid, Harry & David, Ikea, KB Toys, Disney, Regal Cinemas and AMC Theaters—are named as defendants in a lawsuit stemming from inconsistent Point-of-Sale (POS) deployment.

The class-action lawsuits accuse about 50 retail chains of violating a provision of the Fair and Accurate Credit Transactions Act (FACTA) that makes it illegal for a retailer to print more than the last five digits or a credit/debit card number and it also forbids printing the card's expiration data on that receipt. The rule took effect in phases, but by December 2006, the latest of its phases kicked in. There is little dispute that the overwhelming majority of retailers are in full compliance and there's little incentive for a retailer to resist complying. And yet, attorneys say they have found many examples of receipts that still contain the forbidden data.Read more...

When it comes to the places that e-retailers fear as the most fraud-friendly, Nigeria, Russia, the UK, Indonesia and Mexico are the top countries, while the North American cities that are seen as the most felony-favoring are New York, Miami, Los Angeles and Montreal.

Those datapoints come courtesy of the annual online fraud survey from security vendor CyberSource. The survey of 351 company executives “of companies involved in E-Commerce” was conducted Sept. 14 through Oct. 6, the company said.

The results are entirely perceptions—as opposed to an examination of where frauds have actually happened—but those are the perceptions that drive where retailers choose to focus extra scrutiny. The survey showed more retailers focusing on where transactions are coming from.…

Irish supermarket chain Superquinn, which for years has had a global reputation of pushing the eggplant envelope on grocery customer service, has finally decided to give self-checkout a try.

By March, the chain will be putting NCR FastLane self-checkout units into its core 19 stores in and near Dublin. NCR agreed to deliver the units “with a custom jet-black finish to match the supermarket’s interior walls,” according to an NCR statement.

Thus far, the initial deployments have fared well, said Superquinn Chief Information Officer John Farrelly, who claimed that roughly one out of every three customers tried self-checkout during its first trial week.…

The Massachusetts Bankers Association has now confirmed TJX-related fraudulent credit/debit card purchases in Florida, Georgia and Lousisiana plus in Hong Kong and Sweden. “Thus far, nearly 60 banks have reported into the MBA that they have been contacted by the card companies about compromised cards, and these banks are notifying customers and in many cases reissuing new cards,” the association said.

The ABA has been lobbying for rules that would require the disclosure of a retailer’s name when they “caused a data breach,” as a way of both discouraging retailers from being cavalier about security as well as protecting their member banks from being blamed for something they didn’t do. They also are trying to force retailers to pay for the damage if its’ caused by that retailer’s reckless security procedures.…

The online ad business is heating up and is putting Google in a decidedly defensive posture. Yahoo’s moves this week to add significant functionality to its search is just one issue. Ebay’s much anticipated AdContext program appears to be having difficulties launching.

AdContext was initially supposed to launch by the end of last year. In early November, Ebay started to step back from that date, saying that a January launch was likely and at least a first quarter launch.

On Wednesday (Jan. 24), the same spokesperson who had indicated the January target stepped back from any targets. “I don’t have an update at this time,” said eBay spokesperson Ali Croft. “AdContext is still in beta and when we are confident that it is ready to roll out to the Community, we will roll it out.” …

Multi-channel ISV Junction Solutions purchased a $4 million POS vendor called ISS Retail this week. Junction CEO Brian Carpizo wouldn’t say precisely how much the company paid to purchase ISS, but he said that the company recently received $7.5 million in financing and that it’s reasonable to conclude that the purchase—consisting of cash, stock and non-cash items such as seller notes–was funded with that money.

The two firms were initially preparing an OEM relationship but concerns developed that Junction would “invest millions” into ISS and ISS could then fall into the hands of a competitor, Carpizo said. The OEM talks then quickly morphed into an acquisition negotiation.

Next week, Junction will announce that it is also acquiring a California E-Commerce software company called ThePage.com, for an undisclosed amount. …

Staples, the $16 billion 1,800-store chain of office supply stores, is deploying about 8,000 Fujitsu POS terminals plus an unspecified wireless handhelds for inventory and line-busting, according to a joint statement issued on Wednesday.

The 3-year technology and services deal includes TeamPoS 2000 and TeamPoS 3000 POS terminals plus iPAD handheld wireless terminals and is part of a particularly long relationship (more than 20 years) between Staples and Fujitsu.

Fujitsu will also continue to stage, manage and install all in-store computer configurations, including hardware upgrades and replacement, as well as product procurement, the statement said. Fujitsu also will maintain multi-vendor technology devices, provide tactical help desk support and include services such as wiring, refurbishment and disposal.The terms of the deal were not disclosed. …

TJX is learning that the trickling out of bad news is a great way to keep a negative story alive and to send distrust as high as possible. Remember that mid-December unauthorized access that it didn’t report until mid-January? Turns out it had taken place almost seven months earlier, back in May 2006. I guess they wanted to make sure the thieves had plenty of time before the public was alerted.

“We had said in our press release that we had discovered the breach in mid-December but we did not put in when it occurred,” TJX spokeswoman Debra McConnell was quoted as saying in a Computerworld story.

Meanwhile, in Pennsylvania, regulators there have decided that the credit card theft was, ironically, too big to require consumer disclosure. “Under a new state law that took effect in June, businesses are required to notify Pennsylvania consumers by letter, telephone or e-mail if sensitive personal data is lost or stolen, exposing them to the risk of identity theft,” reported the Pittsburgh Post-Gazette. “But the AG’s office, which enforces the statute, said yesterday that personal notice is not required if more than 175,000 consumers are involved or if the cost of notification would exceed $100,000.”…

Technology and customization are wonderful things and when a grocery chain can use the Web to professionally pipe out personalized messages in cake frosting and then have it shipped–all without any human effort–it’s a potentially incredible thing.

Let’s stress the word potentially, as this picture of a cake that was delivered by the Wegman’s grocery chain makes deliciously clear.

Automation is good, but common sense is nice, too. The computer system decided the bracketed HTML commands were part of the message. Some of those instructions were proprietary to Microsoft, but it doesn’t look like vanilla HTML would have sliced any easier. Guess when it comes to saving personnel costs with automation and improving customer service, retailers can’t have their cake and eat it, too.…

Two days after confirming that driver’s license data was intercepted during a major intrusion last month, TJX officials have been directly accused of retaining “unnecessary” personal data, possibly in violation of PCI rules.

“We think it’s a little odd that (TJX) would characterize themselves as victims when it appears that they may have been capturing data that is unnecessary,” said Daniel J. Forte, president of the Massachusetts Bankers Association. Forte’s group is lobbying for a state law change that would force retailers who are recklessly lax in their security procedures to pay for the cost of repairs.

“When a bank must issue new cards due to a retailer’s data breach, it can add up to a significant expense considering that thousands of cards could be involved. MasterCard, and now Visa, has in place a process for banks to make claims for the cost of re-issuing cards. However, there is no guarantee that the full amount will be reimbursed,” Forte said. “Additionally, there is the fraud issue. If a fraud does take place, MasterCard and Visa have a zero liability policy in place for the benefit of consumers, which is good. However, the cost is borne by the bank even if the retailer is responsible for a major violation of the card association rules resulting in fraud. Does this make sense?”…

When TJX Companies Inc.—the $16 billion global retail chain that owns T.J. Maxx and Marshall's, among many other brands—disclosed this week that it had "suffered an unauthorized intrusion into its computer systems" in December, it seemed to be forthcoming.

After all, the chain issued what appeared to be . But a closer reading of the statement raises quite a few questions.Read more...

The retail technology world of 2007 is absolutely in transition and nowhere is that more clear than here at the industry's largest gathering, the National Retail Federation's tradeshow and conference.

There are primarily two transitions. The first is an in-store transition, from a world where technology was virtually all behind-the-scenes as far as consumers were concerned to one where the bits-and-bytes are what the industry coyle dubs customer-facing.Read more...

While working the NRF show this week, a theme that emerged in almost every conversation was the online/offline struggle and I usually asked how much of that CIO's chain's revenue was virtual as opposed to physical.

That's where one particular CIO—who put his own chain's online revenue significantly south of the industry standard of about 5-6 percent—offered a wonderful insight. When asked what the percent would likely be when his company would take online-offline integration seriously, he said, "The day that neither myself nor my CFO has a clue what the percent breakdowns are, that will be the day we've got it right. As long as my numbers are sufficiently segregated that I can easily identify what's online and what isn't, we'll still have a long way to go."Read more...

The world of retail technology has learned to always take notice when the Metro Group–a massive German retailer–starts to take anything seriously. So when Metro this week confirmed that it had invited Checkpoint Systems to join its ambituous 36-dock door trial of Gen2 RFID, it raised some eyebrows. Checkpoint’s official role is hardware integrator for the trial.

Each of 36 adjacent dock doors at the Metro distribution center was equipped with a Gen2 RFID reader, according to a story in RFID Update. At the same time, pallet loaded with about 60 tagged Procter & Gamble goods was passed through each portal and onto a docked truck at full operational speed, meaning each pallet was in the RFID read field for between one and one and a half seconds, the story said. A joint statement put the accuracy at a “98.6-percent-plus read rate simultaneously from multiple pallets as they were wheeled through the dock doors.”

“The results represent a significant milestone in European RFID operational deployment,” said Dr. Gerd Wolfram, Managing Director of Metro’s Information Technology Group.…

The National Retail Federation’s CIO Council has appointed a new chairperson and vice-chairperson and tapped CIOs from Adidas and Kohl’s for the gigs.

Peter Burrows, Senior Vice President and CIO, Adidas America, was elected chairperson of the panel and Jeff Marshall, Senior Vice President and CIO, Kohl’s, was named the panel’s chief vice. (One can never have too many vices.)

Burrows, who had been serving as the panel’s first vice chair, joined Reebok in 1992. Prior to joining Kohl’s in 2005, Marshall was Senior Vice President and CIO of The Men’s Warehouse.…

A new restaurant product identification standard for POS and commercial kitchen equipment integration has been introduced by an international group of standards groups, lead by the National Retail Federation.

The groups–including the Association for Retail Technology Standards (ARTS), the National Council of Chain Restaurants, the North American Association of Food Equipment Manufacturers (NAFEM) and a Japanese not for profit foodservice support corporation called OFSC–say that they hope the improved product identification will help lower IT costs and improve food safety.

“As restaurants continue to diversify and expand their menus, it becomes more difficult for managers to keep track of information,” said Jack Whipple, President of the National Council of Chain Restaurants. The POSLog for Foodservice Technical Specification provides a set of consistent data messaging standards that enables POS data to easily flow to back-end financial systems for better sales reporting and inventory management. The standards also incorporate commercial kitchen equipment standards that monitor proper operations, maintenance and up-time, as well as food safety protocols.…