Evan Schuman's StorefrontBacktalk

TJX has for years been the Poster Child for retail data breach. And to date, it is also the best example of how little material impact these breaches have. Read more...

But the idea is actually grounded in reality and boosts near-term revenue. Like it or not, mobile coupon redemption is not especially easy for most retailers. Read more...

Among the top changes, according to PCI officials, are: a requirement that retailers must perform extensive searches for cardholder data across all their networks and systems; clarification on strong one-way hashing of PANs; a move to a three-year PCI lifecycle; clarification on what constitutes acceptable network segmentation; new wording on what constitutes cardholder data; and the applicability of PCI for card issuers.Read more...

Each of the vendors is basically crossing its arms and pointing at the other two. The next person to tell him, "Hey, we did everything right; you need to talk to those other guys." is not going to like the conversation that follows.Read more...

We now have three years of data to examine—2007 through 2009—so, to the extent that Visa has used the same categories during that time, we can add a bit of context to this information.Read more...

It's for that reason that recent actions from a site specializing in consumer reviews are so baffling. The site, Yelp, has championed the power of customer reviews and it reports some 31 million consumers visiting its site last month. But Yelp then gave vendor advertisers the capability to select which reviews would lead certain pages and it also selectively—and secretly, in the sense that it didn't flag it to its visitors—removed various reviews.Read more...

For those who take a long view of short-range, a very interesting small proof of concept for Bluetooth was deployed at a Florida sporting event back in February. It was at a 6-hour-long Tampa Bay Rays baseball fan fest event.Read more...

Retailers are nervously watching from the sidelines, with one eye on their phones and another on the millions they're spending on interchange fees to payment processors.Read more...

Smartphones scanning barcodes is easy. The tricky part is accessing a frequently updated database that knows of the smallest ingredients—a recent CDC probe identified a food poisoning culprit as contaminated black pepper sprinkled on salami—and current non-obvious food triggers.Read more...

The initial favorable results from the October 2009 Starbucks trial may not prove to be that meaningful. Many of those sales may have been driven by the "gee whiz" novelty aspect, activity that would likely drop sharply over time. That skew is magnified by an order of magnitude because of the high-tech young consumer communities where the trials were conducted. Seattle, Cupertino, Mountain View, Sunnyvale and San Jose are hardly a diverse representation of American communities.Read more...

Michaud was on a conference call with a group of franchisees recently, providing a status update on several projects. When asked about the status of one particular project, he informed the group that it had not yet been started, primarily due to a lack of IT resources. This project is important, one that is expected to deliver significant savings to the franchisees' community. He wasn't surprised when they were unhappy with his answer.Read more...

But that is not necessarily true, pens PCI Columnist Walt Conway.Read more...

Consider, for example, arguments on both sides that JCPenney and Wet Seal would have their stock prices seriously hurt if word of their involvement leaked out. The federal judge overseeing that discussion said any stock impact would be from the retailers' own doing, but he neglected to point out that there is absolutely no reason to believe there will be any stock impact.Read more...

But just how deep they penetrated the $18 billion clothing chain is unclear, with the Justice Department, JCPenney and intercepted messages from Gonzalez IM conversations all painting very different pictures.Read more...

The idea behind the patent—see all of the Patent's glorious tech and logistical specs here—is for Amazon to video each package as it's being filled and link the clip to the order number. The video would show what goes in the box and then do a close-up of the address label as the box is sealed.Read more...

If this premise is true, asks PCI Columnist Walt Conway, doesn't it make sense for CIOs to budget for a serious data breach or similar contingency?Read more...

In further proof that consumers make very different transactions when they think they’re being observed by other shoppers, one regional convenience store chain is finding sharply increased revenue—and profits—from sandwich sales when orders are placed privately.

Taking things one step beyond the anecdotal evidence that E-Commerce can more easily sell items that are less environmentally friendly than can in-store, one regional convenience store chain has discovered that when consumers make sandwich orders privately at a kiosk (away from prying fellow shopper eyes and ears), they tend to be much more generous with calorically intense (and profit plentiful) add-ons and related sides, including extra meat and cheese. Instead of having customers order the sandwiches at the counter—out loud, to a clerk, in front of everyone—they now do it privately at a kiosk and then take a printout of their order to the cashier, who makes the customized item, bags it and hands it to the customer. This approach is faster for the associate, more private for the consumer and more profitable for the chain. Who said privacy can’t be profitable?…

But the $561 million chain Wet Seal, which has 504 stores in 47 states, Washington, D.C., and Puerto Rico, kept its identity secret. No more, though, and that’s the way Woodlock wanted it.Read more...

Apple's approach is interesting in and of itself, but how might iGroups apply to retail? What if this approach was applied to a very large shopping mall? Or perhaps even a large, freestanding department store? What practical benefit could it have for consumers? The true advantage of the approach is in the discovery of online contacts who just happen to be there when you are. If a consumer goes to the mall with nine of her friends and they want to split up to divide and conquer the shopping, there are so many easier ways to communicate wirelessly. The iGroup idea only moves from mildly interesting to truly powerful when you factor in the discovery.Read more...

Describing the smartphone as a "cord to my soul" and a consumer's "most personal device," Tracy Benson, senior director of Best Buy U.S. marketing, said the trial is promising some contextual relevance to know precisely where a customer is standing and what direction they're looking when they have their phone. Today's mobile technology "doesn't tell me where the customer is looking. This uses different sound waves to detect precisely where they are."Read more...

Another bizarre note: the psychiatrist—without comment—quoted Gonzalez about how fit he appeared. "At one point, [Gonzalez] explained that he could no longer do the 5,000 pushups he once did regularly and probably could do only 600." Hold on a second. Didn't the good doctor detect even a faint whiff of BS? Presumably, the claim meant "in one continuous session" or it doesn't mean much. The Guinness world record for pushups in an hour is 3,877; it was set in Indonesia in 1988.Read more...

A new filing on Wednesday (March 24) from TJX had the chain refusing to offer the specifics behind its loss claims in an attempt to fight a federal subpoena. Attorneys on both sides raise some legitimate questions about how to fairly calculate the cost of a breach. Is it limited to what is taken or to what the thief attempts to take? Should the loss include what was actually—and successfully—accessed, or should it assume that when a card with a $10,000 limit is taken, a $10,000 loss—regardless of what the thief did—should be recorded? If class-action lawsuits are filed (and they will be filed), should the cost of lawyers and courthouse travel be included? What about payment for additional security? And perhaps a new POS system that includes that better security?Read more...

PCI Columnist Walter Conway opines that he hates to do a bunch of work and get nothing for it. "That's too much like paying for dinner and then not sticking around to finish dessert. Often, merchants prepare a thoughtful risk assessment and then file it away (a.k.a., 'shelfware') until their QSA returns the next year, at which time it gets dusted off, reviewed and, hopefully, updated. If that describes your situation, you could be missing a golden opportunity to reduce your PCI scope, lower your risk and cut your cost of PCI compliance."Read more...

First, Procter & Gamble and other major manufacturers started direct selling, undermining their longtime retail partners. Now comes word that Visa is setting up its own virtual shop to move products. What, Brutus, the sharp, 8-inch interchange dagger wasn’t enough? You had to go for the jugular?

Visa’s E-Commerce move, called Rightcliq, is actually a rather clever CRM move to collect more data on consumers directly. “Rightcliq will enable consumers to track their purchases in one convenient location. This removes the hassle of remembering tracking numbers, digging through confirmation E-mails or having to double-check delivery dates,” a Visa statement said. “The information will all be stored in Rightcliq, giving consumers more control over their online shopping experience.” And here’s the unexpected kicker: The service will accept “other payment options, including competing brands.” Visa is setting up an E-Commerce arena in which people can make purchases on their Amex card? That says everything that needs to be said about how much Visa values those extra CRM tidbits.…

Strong mobile applications today understand the need for extreme efficiency of movements to allow for actions with as little effort as possible. That’s been the problem with mobile payment trials; they simply haven’t proven to be any faster than swiping a credit card. A new PayPal iPhone app—dubbed Send Monday—grasps this ultra-convenient attitude and attacks the nightmare of splitting checks.

By simply banging two iPhones together (gently, please. Those things are mostly glass), payment data is shared. “With bump, users can put two iPhones together and funds are quickly transferred between their PayPal accounts,” a PayPal statement said. “The Split Check feature lets users conveniently divide and quickly reimburse each other for the cost of a meal, including tip and tax, for up to 20 people. Collect Money allows users to request money from multiple people for a joint gift, team dues, concert tickets and more.” …