Evan Schuman's StorefrontBacktalk

How much do customers actually want to share? It’s a question that haunts retailers when it comes to social networks. On May 19, the CEO of Blippy, one of the most extreme shopping-sharing sites that has now given up on its much-vaunted share-my-purchases-with-the-world model, acknowledged that most shoppers just didn’t get excited about the idea of publicizing every purchase they made with a credit card. In social-network terms, Blippy failed because almost nobody “Liked” it—the result of a colossal miscalculation about what and why customers like to share.

Sharing on social networks could be a CRM bonanza—there’s a seemingly endless flood of data on what people are doing and buying. Retailers know how valuable that data can be and how hard it is to pry information loose from customers, which makes social tantalizing. But it’s easy to forget that helping retailers isn’t why customers are playing the social game. Neither is throwing away every shred of privacy. It may be that what social users really want is some attention—and their purposes don’t always align with those of retailers.

Last week, a Starbucks mobile director made a casual comment during a Seattle panel discussion: “There’s us to you and you to us and the third generation will be how do consumers interact with each other around our brand. That’s where the power will be,” said K.C. MacLaren. It goes beyond mere limitless discussions in a brand environment.

Envision an approach that merges geolocation, mobile communication, social sites and—critically—a trusted retail brand and in-store interactions. Put it all together and the future may not look so dim for in-store, after all. Starbucks, which did not want MacLaren elaborating on the concept, said he gave one example as Starbucks’ existing MyStarbucksIdea.com. For the sake of humanity, let’s hope his vision is light years beyond that site, which has a strangely narcissistic quality to it.

As companies start to make inroads into mining the vast social data fields, early strategies are emerging. For example, one company—Attensity—says the best course is not to take a customer database and try and match it with social profiles floating around. It’s better to do the reverse—find the data in Social Land, look for helpful datapoints and then try and match it with the customer list. Why is that approach better? It’s more efficient. The discovered useful datapoints are valuable on their own, even without a customer match.

Attensity hasn’t done this for a retailer directly, but it is working with two chains through Teradata. When Catherine van Zuylen, Attensity’s VP of global product management, was asked how she feels about the privacy ethics of doing these searches and associations, she paused and said wisely: “We just make the tools. It’s really up to the individual retailers to use those tools for good or evil.” Didn’t Maxwell Smart say that?

Mining tens of petabytes of data may sound like overkill for most retailers, but on May 20 IBM announced new tools for analyzing that level of data in less than a second. The move is really not too much overkill. As retailers start searching social-networking sites to flesh out their CRM data on customers, adding huge amounts of data from mobile on top of more facts being retained from M-Commerce, this capability could prove a lot more useful.

Unlike data on actual purchases, social-network data is literally out of anyone’s control. It ranges from static Facebook data to rapid-fire information in tweets. If a chain can track such data and react to it in real time, that could make huge-data analysis useful—even if it means merely spotting customer complaints bubbling up. But it would be especially useful if the analysis lets a retailer see almost everything customers are interested in. The fact that Big Blue is claiming to be able to tackle those mountains of data while it is still in its native format makes this announcement even more intriguing.

We don’t typically do stories about pornography—marketing claims within retail IT are usually obscene enough for anybody—but the inherent retail privacy contradictions in this porn kiosk announcement were too much to resist. There is already an imminent consumer privacy collision with kiosks, given their data-sharing and network connections nature.

While this porn kiosk touts privacy, which would seem to make sense, it also requires a driver’s license and a payment card. Those two documents certainly are good ideas, especially when arguing to retailers that the machines will not be usable by minors, but both also obliterate the claims of privacy. The issue speaks to all kiosks, but this case is a wonderfully extreme example.

Not a lot has changed in the shoe retail business for a very long time, with most still using the metal sliding Brannock shoe measuring device first patented in 1926. A New Jersey company has opened a single retail store in Englewood to try and show how advanced such a movement merchant could be. The store features an array of shoe-measuring devices that use digital scanners, pressure sensors and a Microsoft-powered table that displays pricing, availability and color/design options for any shoe placed on it.

The centerpiece, from a company called Aetrex, is something the store calls iStep Wave and its claim is that it can go beyond measuring shoe size to examine arch type and pressure points—and do it all in half-a-minute. The store says the device uses “3,744 gold-plated barometric sensors that measure the pressure exerted by your foot every 0.25 cm squared and 1,326 infrared LEDs and receptors that are aligned every half millimeter.”

Finding and analyzing the collective thoughts in all the conversations happening in social media today has been a retail goal for several years now. Not coincidentally, that’s exactly how long retail has failed in doing anything meaningful with that data. This week, though, an ISV and Microsoft’s Bing search engine are at least making noises as though they are making a little progress. Bing on Monday (May 16) said it is working with Facebook to use a small portion of those social site discussions—limited to the ones on Facebook and further limited to the people in the friends list of that Web searcher—to help provide more valuable results to consumers.

The idea of aggregating the shopping and other experiences of a closed community is a good one, with lots of potential to boost the meaningfulness of such results. There’s also a downside with this aggregation approach, namely that most consumers trust different friends to very different degrees.

In what is likely the most complex mobile POS rollout yet in retail, Nordstrom this summer will deploy thousands of iPod Touches and other mobile mechanisms. The IT twist, though, is that the rollout is not tied to a single type of device. That means the chain’s software developers have already nailed down an architecture where the heavy POS lifting is done on the back end, not on the mobile device itself.

As a result, it should be easier for Nordstrom to quickly add new devices and new functions to the mobile POS system. Features that the iPod doesn’t support, such as contactless payment, might be available on other devices. In theory, with a well-structured architecture, new devices could be swapped in on an as-needed basis. Unlike mobile POS pioneers Home Depot (which uses a highly customized handheld for its mobile POS) and Apple (which can only use Apple, naturally), Nordstrom can exercise its option to do small-scale experiments with devices from multiple vendors in the midst of its big rollout. That will also discourage developers from tying code too tightly to one device—giving Nordstrom the chance to do even more quick-hit experiments in the future.

In a brief filed with the U.S. Supreme Court last month, the Department of Justice suggests that there is no expectation of privacy in location data and that the only limitations relate to the manner in which such data is collected—specifically, if it is collected from a phone company or by other means. “Look,” the DOJ essentially argues, “you are on a public street/sidewalk/office building. Anyone can see you. How can you expect that to be private?”

Even if the Supreme Court rules that customers don’t have a right to privacy in their location, retailers still face a dilemma, writes Legal Columnist Mark D. Rasch. For example, smartphone apps can leverage GPS or other location data and enable new sales and marketing opportunities. But consumer backlash may result in new regulation to restrict the collection and use of this information. If you fail to have clear and unambiguous privacy policies that state what you are collecting and why and then follow these policies, either the consuming public or the government will make you do it.

Europe is coming down on the mishandling of mobile-phone location data—even if it’s not coming down very hard. On Friday (May 20), a European Commission group is expected to recommend that mobile location data be treated as personal data, The New York Times. That would theoretically give location data much better legal protection. But the recommendation is nonbinding, and Apple and Google are likely to be much more concerned about individual EU countries investigating their practices than this toothless advisory opinion.

Beefing up security for more than payment-card data isn’t a new idea, but it’s unfortunate for retailers that Apple got so sloppy with its users’ location data. Spotting customers as they’re headed for a store is the holy grail of retail mobile-location technology, whether via GPS, Wi-Fi, cell-tower triangulation or POS tracking, and right now that’s all getting a slightly creepy reputation. But in practice, it’s going to become the norm—retailers will just need to get their best customers to opt in.

As kiosks have been getting more sophisticated, retailers have been relying on them to handle more functions. When it comes to sensitive issues, such as body type for an apparel chain or paying for groceries with foodstamps, chains have discovered that consumers are often more comfortable interacting with a machine.

One convenience chain found that level of anonymity sharply boosted profits when selling triple-sized sandwiches and Pennsylvania is hoping that having a machine tell customers they’re too drunk to buy wine will be less humiliating. But with data breaches an almost daily news story and data-sharing presumed to be everywhere, will customers continue to stay comfortable with sharing intimacies with kiosks? That question is being raised now with the latest push on clothing kiosks that use radio waves to take hundreds of thousands of measurements to deliver what the machine promises will be the perfect clothing fit.

When Visa rolled out its location-based mobile coupons service—with apparel chain Gap as its first client—it did so with a twist. Visa uses POS transactions to track a customer’s location, so it doesn’t have to cooperate with mobile operators or merchants. It doesn’t have to deal with geolocation challenges like the inaccuracy of triangulating cell towers. It can even collect location information from stores that have nothing to do with its coupon program—including competitors of the retailers that do. It doesn’t need customers to have smartphones, Wi-Fi or GPS, nor do those capabilities have to be turned on.

Most current mobile-payment approaches—including the mobile wallet Visa announced this week—are still based on the payment-card accounts Visa currently makes its money from. But eventually someone will come up with a better way and leapfrog over the card companies. Then Visa will be stuck with a large, expensive network for real-time transaction processing. That could explain why Visa wants to use its new service to follow cardholders around from one retailer to another.

On Monday (May 9), a U.S. Senator introduced a bill to limit or prevent E-tailers from capturing information about their customers without asking. Like prior Senate technology efforts, the exemptions to the bill make it unable to execute its core purpose. Even if the bill—called the Do Not Track Online Act Of 2011 and introduced by Sen. Jay Rockefeller—didn’t suffer from those rather generous exemptions, it’s unclear how much of an impact it would have. Its telephone solicitation predecessor is the Do Not Call list. Quick show of hands: How many reading this article have signed up for that list? Of those who did, how many have continued to get lots of phone solicitations, with no practical way to make them stop? ‘Nuff said.

To further minimize worries, as of Wednesday (May 11), the bill had zero cosponsors. As such, it certainly doesn’t look like the Senate will pass the bill anytime soon. Is it possibly a news release bill, one designed to justify a news release but never be actively pursued? Just in case it does go anywhere, here’s what the bill actually mandates.

Sony’s gigantic data breach last month was triggered by a two-pronged attack: a denial-of-service attack thieves used as cover to make a retail ‘purchase’ from Sony’s E-Commerce site, an effort that was really a ploy to exploit an unpatched vulnerability that in turn gave thieves access to an application server and huge quantities of personal customer information. (Yes, it was a ploy within a ploy.)

Details of the attack were spelled out by Sony executives at a Tokyo news conference on May 1 and in written testimony to a U.S. Congressional committee on Wednesday (May 4). As with most attacks, plenty of things went wrong to give thieves their opportunity. But the timeline makes two things very clear: Sony’s online store provided the opening that allowed thieves collect huge quantities of personal information on customers—including names, addresses, birth dates and E-mail accounts—and the attack depended on an unpatched hole in the E-Commerce system.

Some mighty strange things have happened to vending machines lately, with machines offering iPhones and live crabs and accepting smiles for payment (really) and contactless payment (although some would argue that smiles are more viable).

But Pepsi has now rolled out a touchscreen vending machine that isn’t primarily designed to actually give you anything to drink. It’s an interesting intersection between social media, vending machines and CRM. In a “tis better to give than receive” mode, consumers walk up to the machine and can only use it to gift a drink to a friend or colleague (or, for that matter, a bitter enemy) by “selecting a beverage and entering the recipient’s name, mobile number and a personalized text message.” This creative idea actually has some fascinating CRM potential. It exposes Pepsi to friends/associates lists and flags new people who might be open to receiving promotional contacts.

It’s bad enough when one of a retailer’s current outside vendors suffers a breach that lets thieves steal customer information. But on April 22, Best Buy learned that a former vendor had held onto Best Buy customer E-mail addresses, which were subsequently “accessed without authorization”—presumably to use for phishing expeditions.

Best Buy won’t say who the vendor is (except that it’s not Epsilon or Best Buy’s current lead E-mail marketing provider, ExactTarget), how many customers were exposed in the breach or how long ago the vendor was fired—just that the chain is taking legal action. But the situation is one that should make every retailer nervous. It’s almost impossible to know for sure that an outside vendor has destroyed all copies of customer data once a business relationship ends. After all, that’s extra work to put in for a client who’s not going to be paying for it.

eBay is pushing ahead with its local inventory search efforts. These include a deal with Intuit’s QuickBooks POS package to feed SMB retail inventory data directly into eBay’s engine with a plug-in, through eBay’s Milo acquisition. eBay seems to have opted to attack the easiest part of the local inventory problem, hoping that the exponentially harder part—getting tens of millions of small retailers to computerize their inventory in at least a semi-rational form—will somehow work itself out.

This is both good news and mediocre news. It’s good news in that major players are at least trying to tackle some of the toughest issues facing retailing today. (The other most challenging retail tech issue today—mastering social media content and marrying it with CRM data—is also being tackled this month, by Wal-Mart. Not unlike eBay’s pragmatic challenges with local inventory, Wal-Mart is discovering that there’s a reason social media data efforts are feared by so many in IT. It’s genuinely difficult stuff.)

When Wal-Mart spent more than $300 million to buy social media firm Kosmix last week, much of the discussion and analysis focused on whether Wal-Mart would properly use its social media gem. But how sparkly is that gem? The premise has been that Kosmix has mastered this amorphous creature called social media. Searches on Kosmix itself, however, suggest that Kosmix is not quite an ideal guide.

We did some Kosmix searching and didn’t conclude we were in the presence of social media gods. We searched for “refrigerators,” which is a fairly well-understood term. Indeed, Kosmix quickly offered that “A refrigerator is a large box-like appliance, usually ranging from 200 to 400 pounds in weight, used to cool and store fresh foods and beverages.” So far, so good. But then it listed a wide range of tweets that used the word “refrigerator” but clearly were not referencing the cooling device.

A blind call-center worker on April 12 sued a Maryland county government over a job downgrade and pay cut after the county merged its non-emergency call centers but didn’t preserve screen-reading technology. Yasmin Reyazuddin, a multilingual information specialist, said she researched the necessary configuration changes after the county bought Oracle’s Seibel CRM system, but when she raised questions about the switchover she was demoted, moved to a non-call center job and told her pay would be reduced. She wasn’t even allowed to try the system to see if she could use it anyway.

Wait—there’s a call-center employee who’s already using assistive technology, is capable of researching whether the new system can be made accessible (according to Oracle’s documentation, it can) and is willing to look for a workaround for any problems. And that’s the employee IT can’t figure out how to accommodate in the project plan? That isn’t an employee you bury. You loan her to IT to figure out the cheapest way to get a screen reader working and then end up collecting good publicity instead of a federal lawsuit.

When Wal-Mart dropped some $300 million on Monday (April 18) buying a Silicon Valley social media startup, the very act showed an appreciation for social media that few retailers have demonstrated. But what the world’s largest retailer does with that investment over the next 6 to 12 months will reveal whether Bentonville has truly figured out social media or just sees it as fashionable fad to dump cash into.

Retailers can deal with social media in three ways. The first choice is that they can create their own area where they try and attract shoppers and say tons of great stuff about themselves. Let’s call that the Commercial approach. Second, they can get lots of people to visit big, established social sites (Twitter, Facebook, YouTube, etc.), where they can casually say lots of nice stuff about the retailer. This would be the Viral approach. The third way is to shut-up and studiously watch what everyone is saying, from every corner of social media. That’s the Winning approach—and it’s what Wal-Mart seems to be doing with its acquisition—because the first chain that masters hearing what those folk are all saying will have the keys to the most profitable merchandising and marketing decisions ever.

How could JCPenney forget about its stores? That’s essentially what the 1,100-store retailer did while developing its new 7-foot-tall in-store kiosks, according to CIO Ed Robben. In his first interview as JCPenney’s CIO, Robben acknowledged that the 106-year-old chain, which for years did nothing but in-store and wasn’t quick to get into E-Commerce, so completely embraced the idea of a Web site kiosk for customers to check online for products that no one thought to include in-store information customers expected—such as store maps and where to find a restroom.

That disconnect between what developers built and what customers expected would have been unthinkable as recently as five years ago, when JCPenney’s strategy was to use its Web site to drive customers to stores. But when a skunkworks team began work on the kiosk in the summer of 2009, the goal was to flip that, so in-store customers who couldn’t find exactly what they needed could check the expanded assortment online—in Robben’s words, “to extend the aisle to the online assortment.”

Reports were plentiful this weekend that Best Buy was having self-inflicted inventory issues concerning the iPad2, with some suggestions that the chain was deliberately lying to customers to hold units for an upcoming promotion. These rumors can happen easily, with individual stores (or groups of stores) sending local memos that are phrased ambiguously.

The first reaction I had was, “This is one problem that will go away when real-time inventory is universal and available on mobile devices.” Then the cynical side of me took over (that’s the side with an historically much better batting average). If a chain’s management decides that it wants to fool customers about inventory levels—for a wide range of nefarious reasons—wouldn’t real-time inventory be the most marvelous and efficient way to do it?

The thus-far unidentified Epsilon cyberthieves may have a surprise in their systems: It may be a cross-connected database with the most sophisticated and comprehensive CRM profiles ever, profiles that a retail chain would kill for. Most observers have looked at the stolen data as little more than a huge list of E-mail addresses. But this breach may be the quintessential example of the whole being far more than the sum of its parts. Combining the list of customer E-mails from Amazon, Best Buy, New York & Co, LL Bean, Target and Kroger (and quite a few more chains and banks and hotels) is nice, but what if you could cross-connect those files? How detailed a profile could you piece together on individual consumers?

Contractual obligations would have almost certainly prohibited Epsilon from trying such an effort, unless you think that Best Buy would have had no objection to letting Amazon and Target know which customers they share. But the thieves, however, have no such obligation—not that they would likely care about legal niceties such as contracts and criminal laws.

StorefrontBacktalk will launch its Premium Edition on April 18, just four days from now, on Monday. The reason we’re mentioning this again is to remind everyone that we are offering special 50 percent off pre-launch pricing. In other words, the exact same Premium service on April 18 will cost half as much on April 17. If you want to still have full access to all of our top stories (and all of the other goodies that come with the Premium subscription), doing it now is the cost-effective move.

Our site license options are also half-off during the pre-launch period (which has barely four days left). Our fear is that many readers will not focus on this until April 18, when they start running into firewalls when they try to read key stories and columns. And when they then subscribe, they won’t be able to take advantage of the pre-launch deals. The pre-launch deals were created specifically to give our long-time readers a break, so we want to make sure we do everything we can to remind everyone before it’s too late. To take advantage of our pre-launch deal, please click here.

The muddled mobile-payments scheme from Verizon, AT&T and T-Mobile, dubbed ISIS, just keeps getting more puzzling. On Tuesday (April 4), the group announced a pilot project to let mobile phones be used to pay for rides on Salt Lake City’s buses and local trains, in addition to purchases at local retailers. But the big announcement is for a project that won’t go live for more than a year—and for a public transit system that already allows customers to use contactless credit and debit cards to pay for rides. This will take a year?

Meanwhile, Sprint—which was left out of ISIS’ announcement of its formation in November—now says it was originally part of the group, but left. Although ISIS member Discover was originally presented as the only payments network ISIS needed, it now appears that Discover may not have an exclusive deal with ISIS after all. All this confusion comes in the face of one clear fact: Mobile operators should have the easiest time doing true mobile payments. When will they get their collective act together?