SecureStore: A Bundle By Any Other Name Still Smells Of Marketing

Written by Evan Schuman
October 1st, 2008

Why do vendors—including some top-notch vendors—insist on taking something very good and trying to make it into something it’s not? Why bother? It’s as though the need to hype was some prenatal attribute their genes absorbed when their mothers saw too many used car commercials.

We’re used to these sorts of stunts from Oracle and SAP, but this week it was IBM with its SecureStore rollout. IBM has for years done excellent work with security products and consulting. And product bundling—especially when part of the bundle is services such as consulting and custom integration—is a perfectly respectable strategy that can be quite useful to end-users.

But IBM on Wednesday (Oct. 1) announced a very nice bundle of its security offerings while going out of its way to deny that it was a bundle, as though a bundle was somehow tainted and beneath the company. An E-mail blast sent to reporters said: "IBM this week is announcing an ambitious new technology offering called ‘SecureStore,’ which is designed to protect consumers and retailers from these crime groups this holiday season and beyond. This first-of-a-kind offering marries physical and electronic security technology—everything from surveillance cameras to product-tracking technology to database protection systems—to lock down all aspects of the retail ecosystem."

*Sigh.* As Sahir Anand, a senior retail analyst with the Aberdeen Group, said bluntly: "There’s nothing new there. They already have a complete security package."

Josh Corman, the principle security strategist at IBM ISS, said SecureStore was more than a bundle, but he couldn’t name any element of it that couldn’t have been purchased from IBM many months ago. He also said that a key advantage was lower cost for retailers, but he declined to give any pricing or even pricing ranges. It’s hard to make a compelling argument on price if you won’t talk dollars.

That all said, someone at IBM has got the right idea. Despite this silly hype that marketing has imposed on it, IBM is right in trying to combine its tons of disconnected security elements—from protection, assessment, compliance and repairs—into one package.

But as Oracle is discovering with Fusion, a bundle is little more than a convenience until programming can truly get all of the pieces to talk to each so efficiently that true new functionality and capabilities emerge. This is what I was hoping IBM would argue for SecureStore; alas, it didn’t happen.

Multiple systems—especially in security—that sit next to each other but share little other than a billing address are recipes for creating security cracks, where forbidden data can slip in and so too can a crafty cyberthief.

But generating a seamless tapestry with no gaps is not merely more secure. Sometimes creative combinations can yield new capabilities. One major retailer, for example, has fully integrated its video surveillance system with its POS.

What’s the point? The retailer can now search POS transactions and see synched security video of that transaction. It can search, for example, for all transactions of fewer than $5 and see if the video shows a customer buying a lot of merchandise and apparently giving the cashier a lot more than $5. (For this particular chain, many of the items are not barcoded.) It also works in reverse, with someone scanning video always seeing—low on the screen—the associated POS transaction details, where such a transaction happened.

That chain isn’t alone, but it illustrates how creativity can move integration from a mere convenience to a true advantage. It’s sort of like moving from a mere product bundle to something truly different.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.