You Really DID Read It Here First

StorefrontBacktalk has always prided itself on analysis and context, but the essence of our site is surprising our readers. Although we do that through depth, it’s also based on simply telling you what is going on long before other media outlets ever even hear about it. Whether it’s reporting first that was cut off due to expired security certificates or that American Eagle Outfitters’ site was crippled for eight days because of errors by IBM and Oracle, we bring you information that you’re simply not going to get elsewhere.

Some of our firsts and the media that acknowledged them as such include:

About Men’s Warehouse change in leadership. “It’s the difference between having many customers who want to be in the stores and who enjoy getting clothes that they like and customers who find shopping for clothes one-quarter notch more pleasant than dental surgery,” notes Evan Schuman, editor of”

“The Albertson’s supermarket chain is getting rid of self-checkout at all locations, and Kroger is experimenting with no-self-checkout stores as well, reports StorefrontBacktalk.”

“Kroger, the largest grocery chain in the U.S. (with some 2,500 outlets), is experimenting with removing all self-checkouts in at least one Texas store, reports StorefrontBacktalk, an industry publication.”

“Bill Bass, who used to run e-commerce operations for Sears and Lands End and now overseas the Charming Shoppes chain online initiatives, recently gave an interview with StorefrontBacktalk that describes perfectly the conundrum facing brands — or specifically retailers — that base a campaign around getting a Facebook Like.”

“And it has to make sure Target’s new website doesn’t crash, as it has several times since it rolled out in late August, including a five-hour malfunction in September when shoppers stormed online to buy Missoni clothes and housewares. ‘It’s a very cutting-edge site that wasn’t sufficiently tested and it can’t hold up to the strains of Target traffic,’ said Evan Schuman, who runs the retail technology blog StorefrontBackTalk.”

“StorefrontBacktalk notes that, during the company’s quarterly conference call, Johnson said that all JCPenney associates would be getting iPod Touches for point-of-sale operations.”

“Wal-Mart will allow the team from its tech arm, @WalmartLabs, to test innovations in four or five brick-and-mortar stores, StorefrontBacktalk reported. One idea is a concept called endless shelf, that connects an in-store shopper with her shopping history and lets her place her order from a computer at the front of the store. Workers would fill the order from store shelves and ship out-of-stock items directly to the customer.”

“The postmortems have been harsh, bashing (JCPenney CEO) Johnson for misunderstanding his customer base in axing in-store promotions and commissions for salespeople. ‘It was a terrible idea from the beginning,’ said Evan Schuman, a retail analyst who runs ‘To have made sense, you would’ve had to believe that the shopper base was almost identical to Apple’s.’”

And so you shrug at the odd little charge on your credit or debit card, maybe for an iTunes download you’re not sure you remember. ‘It’s a test transaction,’ warned Evan Schuman, editor for, a technology blog read by major retailers.

Walmart has confirmed that a software glitch caused nearly all of the chain’s self-checkout units for the past two weeks to display incorrect or confusing information, according to

“According to a StorefrontBacktalk report, Subway’s corporate IT and a credit card company discovered the data breach ‘almost simultaneously.’ In the case of Subway restaurants, those requirements were provided to franchisees. But according to StorefrontBacktalk, some of the franchisees “directly and blatantly disregarded” Subway’s security and POS configuration standards.”

“PayPal users who shop at Home Depot can pay for purchases at participating Home Depot locations by simply entering their mobile phone number and a PIN at the payment terminal. No wallet, identification or mobile device itself need to be present, which means that anyone who has access to the user’s phone number plus PIN can access the registered user’s account. This has potential security nightmare written all over it! StorefrontBacktalk has more details on this new way to pay and the risks associated with it.”

“In (eBay CEO John) Donahoe’s case, he bragged during last week’s conference call that Macy’s had turned to eBay to reach Australian consumers. But according to StorefrontBacktalk, was already selling to Australian customers using third-party vendor FiftyOne, and finding, in fact. The retail blog also found that Macy’s eBay Australia store currently has no products.”

“A QR code approach that will display different information—and initiate different actions—based on the purchase history of the person scanning it is being evaluated by Home Depot, Target and Macy’s, according to StorefrontBacktalk.”

“Last weekend was a great time to fill up the car, unless you used a Shell station to do it. According to StorefrontBacktalk, a confidential memo from payment processor First Data says that 401,120 consumers were double-billed to the tune of $12,135,608.19 January 29 after a system outage.”

” To combat this threat, Visa advises merchants to scan for Bluetooth signals, which could be evidence of a wireless skimming device transmitting stolen card numbers, according to a report from StorefrontBacktalk.”

“Retailers have been known to shut off contactless payments over interchange disputes. For example Storefront Backtalk reported early last year on BestBuy’s dispute with Visa over its contactless debit card payment interchange policies and fees, which led the mega-retailer to stop accepting Visa’s contactless transactions. StorefrontBacktalk, a rich and well-respected source for retail technology information, also disclosed issues other large retailers had with the contactless fee structure.”
– Avivah Litan, Gartner security analyst, in a report to clients.

“Libby tried out the new Hannaford to Go service at the North Windham store, filling out her order online Monday night and then picking up $77 worth of food Tuesday afternoon, all without getting out of her car. But the move does come with risks. StorefrontTalkback, a popular website on e-commerce and retail technology, said the effort could cost Hannaford some impulse purchases.”

“As StorefrontBacktalk has reported, that system could be used to jam up Walmart’s logistics system—allowing a competitor or other party to perform a ‘denial of inventory’ attack on items that may be in high demand and short supply, such as hot holiday gift items around Black Friday.”

“StorefrontBacktalk has been steadily covering trends in point-of-sale payment options. They point out the issues around the new payment offerings from PayPal, which are worrisome. Are a phone number and PIN really adequate security?”

“The reasons for American Eagle Outfitters’ four-day outage (and subsequent four more days of technical aftershocks) related to backup and disaster-recovery technologies and processes that failed, according to several articles on retail tech site”

“Wal-Mart’s plans were disclosed at a smartcard conference being held this week, and was first reported by StorefrontBacktalk earlier on Thursday.”

“The ability of Google’s cache capture to memorialize anything found on a Web site—including credit card information—is hardly new, but some Australian IT execs have been given a concrete reminder, as they found that data from some 19,000 credit cards—including including CVVs, expiration dates, names and addresses—in a routine Google search, according to a report in StorefrontBacktalk.”

“It was already suspected JCPenney was one of the retailers after the Web site StorefrontBacktalk was the first outlet to accurately report that fact in August.”

“According to StorefrontBacktalk, the data can be paired with other sources of data, including surveillance video and point-of-sale transaction information. If they went this route, retailers would get a very detailed profile of who’s carrying each phone.”

“Fraudsters have revealed flaws that make it easy to fake Shopkick check-ins at high-profile retail chains including Target, Macy’s and Crate & Barrel, without actually going to the stores, reports StorefrontBacktalk.”

“Another analyst of the retail scene, Evan Schuman, who runs a blog called StorefrontBacktalk, feels that for every impulse buy killed by smart phone use, another 10 will surface. He reminds us that when grocery stores added self-checkout lanes, they discovered that sales of impulse items such as gum and candy and batteries declined.”

“However, in a leaked memo, Visa says PCI certification has been withdrawn from two previously approved products from Ingenico as a “precaution,” retail industry site reports”

“StorefrontBacktalk thinks one patchwork device being used in California is really meant to help the state lobby the courts and Congress down the road for a federal initiative.”

“StorefrontBacktalk pointed out that eBay CEO John Donahoe scaled back on the number of national retail trials he said PayPal would initiate this year.”

“A report from the retail technology site StorefrontBacktalk suggests that Walmart’s recent acquisition of a Facebook calendar application with 16 million users is part of a plan to drive more sales through social networks.”

“In support of my entirely unscientific observation, my regular reading of Storefront Backtalk reveals to me that Kroger’s, another fine chain, is also experimenting with removing self-checkout lanes from one of their Texas stores.”

“Encrypting this data so that it is unreadable to any hacker who steals it is one way merchants are removing it from their systems. However, ‘encrypting all your data may actually make you more vulnerable to a data breach,’ Walter Conway warned in his column at the retail technology news website StorefrontBacktalk.”

“A bit more light was shed on the episode today in a behind-the-scenes story at This interesting story claims that it cost Target possibly as much as $5 million in extra labor costs to manually process coupons. That’s a pretty good incentive to speed up a computer fix. The story looks well-sourced, and it is worth a read. It has a nice explanation about why Target may not be able to easily account for any coupon/customer discrepancies, too.”

“The National Retail Federation confirmed a report that David Hogan, who has served as its chief information officer and senior vice president of retail operations since 2002, is leaving the association. His impending departure, which was not formally announced by the NRF, was reported last week in, which quoted him as saying he was leaving to find ‘a more traditional industry’ job.”

StorefrontBacktalk has a Wal-Mart insider’s account of the retailer’s text-messaging trial that produced a couple of counter-intuitive results.”

“Walmart is conducting a 90-day trial of ‘virtual makeup mirrors’ at 10 stores around the United States, retail-technology blog StoreFrontBacktalk reported.”

“Web sites for the Gap, J. Crew, Sephora and Williams-Sonoma all experienced Cyber Monday slowdowns or crashes, according to, an e-commerce news site.”

StorefrontBacktalk‘s reporters plan to Twitter the season away, using the microblogging site to give shoppers ‘traffic reports’ of a sort, letting them know what technical slowdowns or meltdowns are happening on retail sites.”

“The security hole, which StorefrontBacktalk verified by recreating it in a Target store on Wednesday (May 12), is the result of the gift cards publicly displaying enough information for someone to create a copy that can trick the POS’s barcode scan.”

StoreFrontBacktalk, an industry blog, identified the other retailers as JCPenny and Target.”

“Retail giant Walmart Stores Inc. is reportedly planning on making all its payment terminals in the U.S. compliant with a smartcard-based credit card technology that is widely used around the world but is not common in the U.S. Walmart’s plans were first reported by StorefrontBacktalk.”

“The feds have zeroed in on a foreigner as Suspect No. 1 in the Heartland breach caper, according to Evan Schuman, retail security expert and resident pundit at”

“Many companies have been slow to improve security because customers haven’t stopped shopping. ‘Consumers, regardless of what they tell surveys, do not take this seriously,’ said retail technology blog ‘As long as they do not punish retailers that get breached, how can they cost-justify spending to prevent it?'”

“One of the companies has been confirmed as JCPenney, by the blog StorefrontBacktalk, which reported last year that the company was believed to be among the targets. Last August, StorefrontBacktalk was the first to report that Target was among Gonzalez’s victims.”

“Mobile devices create new types of impulse purchases. At the same time, the in-store research capabilities that phones present will wipe out many time-honored impulse buys, according to StorefrontBacktalk.”

“On Friday, the StorefrontBacktalk blog identified JCPenney and Wet Seal as two victims of the hacking ring.”

“Leaving online shoppers out in the cold with no warnings or explanations (or coats, if that’s what they wanted to buy), Burlington Coat Factory took its Web site offline all day Wednesday (Nov. 18)–plus at least four hours–for a planned outage as the $3.5 billion clothing retailer performed an extensive hardware and database upgrade, reports StorefrontBacktalk.”

“Macy’s now admits that it was an in-house software glitch that caused them to charge in-store debit card users twice on the Saturday before Christmas, reports StorefrontBacktalk.”

“The court said the plaintiffs had not proved their allegations that Heartland executives knew the company had inadequate security and misled the public about it, according to a report on StorefrontBacktalk.”

“Visa refused to change their policy, so Best Buy says it will no longer allow customers to pay that way, reports StorefrontBacktalk.”

“Citing a source ‘close to the investigation,’ the trade publication StorefrontBacktalk is reporting that law enforcement is closing in on the Heartland data thieves.”

“‘It’s time for chip-and-PIN in the U.S.,’ Jamie Henry, Wal-Mart’s director of payment services, told the online publication StorefrontBacktalk.”

“Retail technology Web site StorefrontBacktalk reports that visitors to the Dairy Queen in Rochester, Ind., recently were ‘offered something beyond ice cream and hamburgers: A pile of identical tiny RFID tags, each with peel-off adhesive strips, sitting right next to the waffle cones.'”

“StorefrontBacktalk reports that a recent Caltech experiment found that customers are willing to pay about 50 percent more for products they can actually touch while shopping, compared with purchases based on just a text description or picture.”

“When the new version of PCI becomes the law of the card-processing land in October, it will include new rules and clarifications on a wide range of key retail payment complaints, according to StorefrontBacktalk.”

“ writes that Visa’s announcement is an ‘unusual twist in the ongoing saga of Visa versus the retailers,’ noting that merchant groups, such as NACS, have maintained for years that retailers should not be forced to retain primary account number (PAN) data—to which Visa typically responded: ‘We don’t require that.”

“While convenience store chain 7-Eleven Inc. is most of the way through a two-month trial of mobile coupons in approximately 200 7-Elevens in San Diego, company officials could be preparing to extend the mobile marketing trial, according to a report on”

“A team of researchers at North Carolina State University says it has discovered a method for stores to beef up cell reception as they seek to increase the use of mobile marketing and RFID technology. Ducts created for heating and air-conditioning systems can be set up to work as conduits between cellular towers and in-store mobile devices, the researchers say, according to StorefrontBacktalk.”

“Costco’s e-commerce site came to a crashing halt for three hours in the midst of its Labor Day sales earlier this month, the result of a network problem rather than an overload of shoppers, according to StorefrontBacktalk.”

“Tucked away in forgotten corners of your network sits a wide range of old, forlorn applications. Beyond collecting electronic cobwebs, these apps potentially pose one of the most serious threats to your data security. Visa routinely compiles a list of applications that, it believes, store sensitive authentication data after a payment has been authorized, according to a StorefrontBacktalk report.”

“StorefrontBacktalk‘s write-up on the 7-Eleven trial has brought the issue to light, saying that since the trial doesn’t ask for ages, it would be best to ‘treat all participants with kid gloves. That approach certainly seems safer than assuming they are all adults and risking parental wrath for marketing to a 14 year-old.'”

“Visa Revokes PCI Approval From Ingenico PIN Pads Following Breach–according to StorefrontBacktalk.”

“News of the development came last week from the StorefrontBacktalk online newsletter, which reported that Best Buy was unhappy with its contactless card initiative because Visa wouldn’t allow PIN-based authorizations on payWave transactions.”

StorefrontBacktalk: Staples’ Canadian operation is undergoing one if its largest pilots ever, testing two-way live-video kiosks at 34 of its locations.”

“Dell will introduce a multi-function kiosk next month that is designed to change functions throughout the day, being used perhaps in the morning to check items in at the loading dock before spending the afternoon as a customer-facing pharmacy information booth, according to StorefrontBacktalk.”

StorefrontBacktalk profiles a pilot by Home Depot in which 150 top customers at certain stores will be given RFID-enabled loyalty cards. RFID readers are positioned above the store entrance and in aisles. When a reader detects the presence of a VIP customer (from her RFID card), it notifies all store associates by text message which aisle she is in.”

“According to the StorefrontBacktalk blog, Forever 21 said its PCI assessor missed some credit card files that were accidentally being retained within other files–yet the merchant was still certified.”

“According to StorefrontBacktalk, ‘the almost 100,000 credit and debit cards accessed from the chain in a breach included transactions from 2003 through 2005, which was stored on a corporate data center, apparently in violation of PCI rules.'”

“While Home Depot and its 1,974 stores is preparing to roll out a contactless payment infrastructure, another major electronics retailer, Best Buy, may be abandoning the technology, according to StorefrontBacktalk‘s online newsletter.”

“The trade publication StorefrontBacktalk is reporting that law enforcement is closing in on the Heartland data thieves”

“Visa agreed to back off its earlier PIN pad compliance deadline originally set for July 1, 2010, to the new date of Aug. 1, 2012, following retailer concerns, particularly from the gas station and convenience store industry, according to a story first reported by”

“Wal-Mart recently said Chip-and-PIN cards were the preferred, secure way to handle debit and credit card transactions. Now there is some discussion that Congress (or the Fed) should impose that requirement. What would that cost your bank? For more on this possibility, read the StorefrontBacktalk blog.”

“Walmart is conducting a 90-day trial of ‘virtual makeup mirrors’ at 10 stores around the United States, retail-technology blog StoreFrontBacktalk, reported.”

StorefrontBacktalk reports that the software glitch that caused a drive-thru screen to display details of the store’s point-of-sale system affected many other
fast-food chains as well.”

“From retail tech blog StoreFrontBackTalk: The latest retailer to report credit card data theft, Advance Auto Parts, admits that stolen info dating back three to seven years was not encrypted, violating basic security practices.”

“MasterCard has apparently reversed its decision earlier this year that required Level 2 merchants to hire a PCI-approved auditor to complete an annual on-site data security assessment. StorefrontBacktalk writes about the company’s quiet change in plans.”

“As of July 1st, Bill Homa, who had served as CIO for 12 years, stepped down from that position. Shortly after his departure, Homa was interviewed by’s Evan Schuman. In a StorefrontBacktalk article, Homa shares some interesting comments regarding Microsoft, the PCI Data Security Standard, and the approach other CIOs should take towards security.”


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.