StorefrontBacktalk » In-Store

The Backward World Of Loyalty: “I’d Like A VCR, A Wired Phone and a Plastic Card-Based Loyalty Card, Please”

Todd L. Michaud — Tue, 07 Feb 2012 17:14:42 +0000

When it comes to loyalty, many retailers are stuck in the 1990s. Does anyone else find it funny that in a world where you can very easily have a video conference with your kids from a $500 tablet over free Wi-Fi from a random hotel, we're expected to keep a 3.3- x 2.2-inch piece of plastic in our wallets to get benefits from some of our favorite retailers? All of this, pens Retail Columnist Todd Michaud, in an area—such as CRM—where the application of technology could directly impact a retailer's top and bottom lines.

MasterCard Pushing EMV PIN. Visa? Not So Much

Evan Schuman — Thu, 02 Feb 2012 06:33:25 +0000

MasterCard's Monday (Jan. 30) rollout of its roadmap for EMV in the U.S. set it on the opposite side of payment security from Visa, with MasterCard pushing for EMV with PIN and Visa arguing that PIN isn't necessary. MasterCard is backing up its preference with some serious fraud-dollar forgiveness. Oddly enough, the much-smaller MasterCard has trumped—or, more precisely, nullified—Visa's position, at least as far as retailers are concerned.

Given that greater-than-99-percent of Visa retailers in the U.S. also accept MasterCard, chains must go along with whichever brand has the more strict requirements. Typically, that's been Visa, but not this time. On EMV-related PCI relaxations, however, the two brands opted to adopt identical policies.

The Never-Ending Dance Of Contactless Security

Evan Schuman — Thu, 02 Feb 2012 04:05:41 +0000

For quite a few years now, the contactless payment world has enjoyed an endless-loop of defend-and-repel games when dealing with contactless security. The game starts with bank assurances that the data being transmitted wirelessly couldn't possibly be enough for a thief to perform a transaction. Next is some public demo of a security researcher wirelessly grabbing data and completing a transaction. This is followed by industry refutations that the system demoed was either out-of-date or some part of the test was unrealistic.

Interestingly enough, there's truth on both sides. But the dance of demo-and-explanation seems to never slow.

Thieves Stealing Poorly Protected EAS Keys: An Amazingly Serious Achilles Heel

Evan Schuman — Thu, 02 Feb 2012 03:03:43 +0000

It was just past 10:30 PM on January 15 when police say a shoplifter walked into the Murrieta, Calif., Wal-Mart. But as part of a growing trend, she didn't try and steal any merchandise. What she did was walk over to an unstaffed counter, pull out what seemed to be wire cutters and cut loose the store's keys to its safer security devices.

Other thieves have opted for grabbing EAS tag detachers, but the point is the same. Beyond protecting products, retailers need to reinforce protections around the devices that protect their products. How are keys and tag detachers handled when not in use? Is there an explicit policy about ignoring EAS alarms?

As PayPal’s Home Depot In-Store Trial Expands, Can Users’ Sloppy Security Habits Change?

Frank Hayes — Thu, 26 Jan 2012 05:32:08 +0000

PayPal's expansion of its in-store payments trial at Home Depot (up from 400 PayPal employees to all PayPal users) marks a huge jump in the trial's scope—and risk. On January 19, PayPal opened up the trial to include 51 stores (up from the initial 5) and said all PayPal users could now sign up for the system. That should give both PayPal and Home Depot much more useful information on who will use the system, and how.

But PayPal's approach—which essentially reverses 50 years of payment-card advances by eliminating any physical authentication device—still presents a big challenge when it comes to security. The ability to check out with just a mobile phone number and PIN—no plastic card, NFC-enabled phone or other authentication hardware required—means anyone who can acquire that phone number plus PIN has a free shot at the legitimate customer's account.

The Square Mobile Conundrum: Data Goes In, But It Doesn’t Come Out

Evan Schuman — Thu, 26 Jan 2012 03:51:38 +0000

When a customer walks into a store and gives a payment card to an associate, who charges it on a store-branded mobile device, is that customer interacting with that retailer? If that device is using Square, the answer is "no," but the customer won't know that. If an E-mail address is requested, is it for Square or that retailer?

If a marketing opt-in question is posed, who is posing it? And how will customers react when they later learn they weren't sharing with whom they thought they were sharing? Bad news: This is not hypothetical. There is a broader issue at play here. With any of the third-party mobile payment efforts—Google Wallet, PayPal, ISIS, maybe even Apple—there is the potential for this type of confusion.

Target’s Showrooming Futility: It Should Be Winning But It’s Not

Evan Schuman — Thu, 26 Jan 2012 01:37:36 +0000

In a futile attempt to fight showrooming, Target is pressuring its suppliers to make it more difficult for Target's customers to price compare. The most bizarre part is that Target is trying to game a system where it already has a huge competitive advantage.

The historic argument has been that E-tailers have a huge convenience advantage and that a retailer must combat that by leveraging its experience/ambiance advantage. But with showrooming, the customer has already driven to the store, parked, walked to the aisle and found the desired product. The physical store has the convenience advantage 10 times over.

Hy-Vee Using Twitter To Do An End Run Around Apathetic Associates

Evan Schuman — Wed, 25 Jan 2012 18:49:03 +0000

When the $7.3 billion Hy-Vee regional grocery chain on Monday (Jan. 23) rolled out its in-store mobile app, it encouraged customers to use Twitter to report out-of-stock items. It's a wonderful move, acknowledging—and addressing—a communication hole that exists because of an outdated management structure.

In a typical chain store, what happens when a customer discovers a problem, be it an incorrect price label or an out-of-stock or expired product? It's up to the customer to track down an associate. What happens then? Usually nothing, because it's quite unlikely it's the primary responsibility of that employee to deal with that problem.

Should CIOs Now Surrender To Marketing? (Oddly Enough, The Answer Is “Yes. With Limits.”)

Todd L. Michaud — Wed, 25 Jan 2012 02:28:04 +0000

In the power struggle between retail marketing and retail IT, IT is getting its server farms kicked. It started with E-Commerce and is now growing with mobile and social. What has to go? If it can go in the cloud, get rid of it. E-Mail? Gone. Web hosting? Out of here. CRM? Exit, stage right. If it can be easily outsourced by specialist firms or even done by people in the business unit, you need to let it go.

It's time to evict Web and mobile app development, and pretty much any marketing initiative that isn't core to your business. Heresy? Certainly, pens Retail Columnist Todd Michaud. But it's necessary.

The PayPal Problem: Will It Impact Retailers’ PCI Scope?

Walter Conway — Mon, 23 Jan 2012 20:19:49 +0000

Given that PCI only applies to payment transactions for the five major card brands, PayPal transactions would not normally be in scope. But recent pilot programs by at least one major retailer and an announcement by a POS device vendor has PCI Columnist Walter Conway questioning the conclusion that PayPal transactions will remain out of PCI scope.

If a PayPal card triggers a transaction on an underlying Visa or MasterCard, might that PayPal account be considered a "high-value token" and, therefore, be in scope for PCI? And if the PayPal account is in scope, is it a big deal?

Visa’s Chip-And-No-PIN Plans For The U.S. Making Some Nervous

Frank Hayes and Evan Schuman — Thu, 19 Jan 2012 05:57:25 +0000

With Visa's clarification on January 13 that its U.S. EMV deployments will include Chip-and-no-PIN, retailers are trying to decide if this is a good thing or a bad thing. On the bad side, this forces retailers to immediately trust the chip technology perhaps a bit more than they want to.

"When I think about secondary validation, that gives me more of a warm fuzzy even though we have people saying that I have a more sophisticated chip and that my smart device has got some protection sitting in it," said Bill Titus, the Loss Prevention VP at Sears.

Parsing Wal-Mart’s Web Plan: How Far To Push The Stores

Evan Schuman — Thu, 19 Jan 2012 04:25:12 +0000

Few statements are parsed as aggressively for hidden signals and clues as those from Wal-Mart corporate. And few topics have to be handled more delicately than how aggressively Wal-Mart senior management will push merged-channel strategies on its stores. Therefore, the statement issued Monday (Jan. 16) by Wal-Mart about its new E-Commerce chief and how he is expected to interact with stores is getting a lot of close inspection.

Wal-Mart has recently been trying to more closely align stores with various online, mobile and social efforts. But like all major chains, brick-and-mortar management resistance is non-trivial.

Sears’ E-Receipt Fear: Buy Once, Return Many

Evan Schuman — Wed, 18 Jan 2012 22:57:01 +0000

As retail rapidly moves to integrate mobile into almost every aspect of its customer interactions, many in IT and Loss Prevention are wisely scared about the security holes that will crop up during the rush. One such exec, William Titus, LP VP at Sears, said on Tuesday (Jan. 17) that one of his biggest fears involves mobile electronic receipts.

"The E-receipt problem is that the customer now has a valid receipt. I can't bring it in. I'm not checking it off and signing off on it. So the ability to use that fraudulently increases unless you have a true returns management system," Titus said.

Wal-Mart’s Stealth Social Strategy: Pretend This Isn’t About Customers

Frank Hayes — Wed, 18 Jan 2012 22:14:31 +0000

Retail chains have been using Facebook and other social media to connect with customers for years, but now someone is trying to use it to acquire new suppliers—and, astonishingly, it's Wal-Mart. On Wednesday (Jan. 18), the retail giant launched a contest to let would-be suppliers pitch their products with YouTube videos, which customers can vote on to choose their favorite products. The winners get a chance to have Wal-Mart sell their wares online or in-store.

But what's really clever is how the contest uses social media as stealth customer engagement—an area where Wal-Mart hasn't been exactly brilliant in the past.

Mobile May Force You To Rewrite Your Shoplifting Definitions. And 100 Other Things You Haven’t Yet Thought Of

Mark Rasch — Mon, 16 Jan 2012 19:23:38 +0000

Mobile payment is going to change retail in an unknown number of unknown ways, and your lawyers will have healthy employment. Consider in-aisle checkout and shoplifting rules, pens Legal Columnist Mark Rasch. Today, customers who put products in a concealed place—a pocket, backpack, purse, etc.—while still in the store can be convicted of shoplifting even if they have yet to reach the POS checkout area.

The conceal part of that action is considered evidence of criminal intent. Now let's see you try and enforce that rule when you have in-aisle mobile checkout.

Android Is About To Truly Kill The POS Business Model

Todd L. Michaud — Fri, 13 Jan 2012 22:49:16 +0000

This year—2012—will be the beginning of the end for the traditional POS platform. Even though many analysts predicted that Apple, and its iPad, would be the David that finally took down the Goliaths, Retail Columnist Todd Michaud is arguing that Google will land the fatal blow.

The POS defense has been that chains need hardened systems. That argument worked when tablets were $500 and even $400. But now that Android tablets have fallen below $100, the argument falls apart. You could have four spares in the backroom and still be ahead.

Is Visa Making Up Compensation, Fine Calculations? Court Filings Raise Questions

Frank Hayes — Thu, 12 Jan 2012 06:19:24 +0000

No retailer likes being fined by Visa or MasterCard for letting thieves steal payment-card data, and most grumble privately about how that process is arbitrary and rigged against merchants. But a lawsuit now unfolding in Utah has uncovered a remarkable level of detail about how arbitrary card brands can be.

The lawsuit is challenging everything from issuing banks' contracts to Visa's claims for counting up card fraud and pinpointing who's to blame—in addition to $1.3 million in card fraud that Visa says the restaurant enabled via an alleged security breach for which there's no concrete evidence.

Home Depot’s In-Store PayPal: Mobile Without The Mobile

Evan Schuman — Thu, 12 Jan 2012 02:52:58 +0000

Home Depot's trial to let shoppers pay in-store with PayPal—a program confirmed late last week, which is loosely related to PayPal's wallet—is interesting more for what it doesn't do than what it does. It's a baby-step program in two ways.

On the mobile front, it's the first retail trial of PayPal's mobile payment program and it doesn't use a mobile device at all. (OK, that's more an embryo step than a baby step.) On the payment front, this is also a test of Home Depot accepting a rectangular magstripe card that doesn't say MasterCard, Visa, American Express, Discover or Home Depot on it.

Guess Google Wallet: Great GUI, Hardly Any Customers

Evan Schuman — Thu, 12 Jan 2012 02:49:22 +0000

Mobile wallets face a time-honored Catch-22: because very few stores support the technology, consumers have very little reason to bother getting it. Exactly how barren is this dial-tone desert for Google Wallet, currently the only actively being trialed game in mobile town?

We have our early clues from the CIO of the $2.5-billion 481-store Guess chain, one of the first test sites for Google Wallet in "a couple of stores" in California since May. In total, how many customers have tried Google Wallet? Says CIO Michael Relich: "Five or six." Not 500 or 600 customers, mind you. Five or six.

Guess CIO On iPad Trial: “This Is The Consumerization Of IT.”

Evan Schuman — Thu, 12 Jan 2012 02:45:07 +0000

Walk into one of about 25 Guess stores this week and you'll see customer-accessible iPads in the men's, women's and accessories departments and even in the dressing rooms. "For the cost of a kiosk, I can put in four or five of these," said Guess CIO Michael Relich. "This is the consumerization of IT."

But the Guess iPad trial is hardly being done to save costs. The flexibility of the tablets and sharp, customer-friendly graphics make the devices a much more effective way to show demos and to locate merchandise, check inventory and do anything else that a kiosk would normally do.

CIO Panel At NRF: The Unanticipated Changes From In-Aisle Mobile Payment

Evan Schuman — Wed, 11 Jan 2012 03:57:52 +0000

In-aisle mobile payment isn’t merely a new payment method. It has the potential to force stores to rethink almost all aspects of operations—and few have seriously come to terms with how different environments are going to have to be. At the NRF show in New York City next week, a StorefrontBacktalk IT panel is going to map out the least-anticipated changes. And if you’re around on Tuesday 2–3 PM (1A 21/22 at the Javits Center), please drop by and tell us what we forgot to include. Ann Taylor CIO Mike Sajor, Sears VP/Loss Prevention Bill Titus and the NRF’s Joe Larocca—moderated by StorefrontBacktalk Editor Evan Schuman&mdashlwill look at the neglected items. As a Florida hobby shop discovered while serving as an NCR in-aisle mobile payment beta tester, this in-store mobile payment stuff is a lot harder than it looks.

“It’s really a change management problem,” Sajor said. “Literally everyone has to think through all of the possible change behaviors.” As Sears thinks through in-store mobile issues, it’s seeing how everything will need to change, from the supply chain to customer interactions to SKU-level integrity, inventory and dealing with new threats to the supply chain. “Some significant competitive advantages are going to be lost,” Titus said. The panel will be pure discussion, with no presentations and lots of audience interaction. So please argue with us there. Don’t make me come and find you.

Publix Buy-Online-Pick-Up-In-Store Trial Nixed: Grocery Shoppers Are Different

Evan Schuman — Wed, 11 Jan 2012 03:22:14 +0000

A trial for the Publix grocery chain to allow buy online/pick up right outside the store—similar to what Hannafords has been trialing—has ended with the service being killed. “While our Curbside associates have created many loyal Curbside customers, the number of consistent customers who chose to use this service was considerably less than required to meet our predetermined expectations,” Publix spokeswoman Shannon Patten was quoted as saying.

There is something about grocery chains—unlike almost any other retail segment—where trust is minimalized. For some perishable items—think meats, fruits, eggs or vegetables—where a customer wants to personally inspect items, looking for unripe, moldy items or cracked eggshells. The suspicion that employee-chosen items might inadvertently—or even deliberately—be less picky exists. There’s also a carryover effect, where even boxed or canned goods can suffer from the psychological association with those more delicate items. Grocery shoppers are not averse to tech improvements—see mobile shopping devices, electronic shelf labels or even some instances of self-checkout—but they really don’t want their ability to select to be diminished.

Want To Push Social Media? Have You Considered Using Your Stores?

Todd L. Michaud — Tue, 10 Jan 2012 17:29:20 +0000

How's this for ironic? Retailers complain about how difficult it is to get shoppers to explore their social media efforts. And yet these same retailers have the almost undivided attention of these shoppers, often for hours every month, in an environment where the retailer has complete control of the surroundings, the store layout and the staff.

Almost all retail marketing efforts are based on the not-so-simple premise of getting people to purchase from them, either online or in person. The problem, pens Retail Columnist Todd Michaud, is likely a mesh of old-mentality thinking with a heavy dose of channel conflict.

Questions To Ask Your System Vendor Or Reseller

Walter Conway — Mon, 09 Jan 2012 15:25:34 +0000

The National Retail Federation's Big Show is next week, and the exhibition floor will be crowded with vendors offering retailers all types of software applications. As a public service, following is a list of questions all merchants should ask their POS system supplier or reseller based on one QSA's experience—namely the experience of PCI Columnist Walt Conway.

The good vendors will be able to address all these questions. The not-so-good ones will hand you a carrier bag or a pen instead.

Wi-Fi Jamming: Your Stores Might Be The Problem, Not The Victim

Frank Hayes — Thu, 05 Jan 2012 01:51:57 +0000

With so many consumer devices using the same wireless frequencies, it was bound to happen: Just before Christmas, a U.K. family in a village 50 miles southwest of London lost the use of all wireless devices—everything from key fobs for unlocking vehicles to a wireless thermostat and a digital shower—until the problem cleared up without explanation several days later. The BBC reported that faulty wireless equipment had caused similar incidents in the past, including a street in northern England of homes whose wireless was jammed in 2010 by handheld wireless devices used to take orders at a nearby restaurant.

Retailers get understandably worried about customers who might intentionally or unintentionally block store Wi-Fi that’s used for POS, associates’ handheld devices or free customer wireless service. But there’s a risk the other way, too—the newest Wi-Fi access points have a range of more than 200 feet indoors and 800 feet outdoors. That’s easily enough to jam neighboring stores’ Wi-Fi in a mall or interfere with homes near a standalone store. Unfortunately, there’s no easy way to know whether a store’s Wi-Fi is causing problems in the neighborhood—at least not until the FCC shows up to investigate a complaint.

Best Buy’s Black Friday Cancellations Were “Bait-and-Switch Breach Of Contracts”

Mark Rasch — Thu, 05 Jan 2012 01:29:11 +0000

Twas the night before Christmas, and up in the sky, was a jolly old Santa, sans gifts from Best Buy. Consumers who had bought particularly popular items on the Best Buy Web site on Black Friday expecting a visit from Santa instead received a virtual lump of coal from the retailer in the form of an E-mail informing them that no gift was coming.

Legal Columnist Mark Rasch wants to call it a bait-and-switch coupled with a breach of contract. The Uniform Commercial Code Article 2 for the sale of goods says that if there is an offer (PlayStation for $150!), an acceptance (click here!) and consideration (here's my credit card), then voila! A contract is formed.

Strange eBay Holiday Promotion Forced Shoppers To Engage In Unnatural Merged Channel Gymnastics

Evan Schuman — Wed, 04 Jan 2012 20:57:44 +0000

A very bizarre eBay holiday promotion—which appears to have been in response to an almost-as-bizarre holiday promotion from Amazon—seemed to reverse conventional thinking about merged channel retailing. Instead of offering an incentive to shop online or in-store, the eBay incentive inexplicably required consumers to shop in both channels.

What started this holiday dogfight was an Amazon promotion, where it was offering a tiny discount (5 percent, with a ceiling of $5) for people who scanned barcodes and then purchased the item on Amazon. eBay's response was what it billed as a $10 in-store coupon, with three retailers: Toys "R" Us, Dick's Sporting Goods and Aéropostale.

Jell-O’s Dessert-Dispensing Age-Checking Kiosk Has Much Age-Restricted Potential

Evan Schuman — Wed, 04 Jan 2012 16:06:58 +0000

When Kraft and Intel recently started showing off their age-detecting kiosk—a vending machine that dispenses Jell-O pudding and other desserts only to consumers it calculates are old enough to appreciate them—it was yet another in a long line of age-guessing systems. This one, though, has the potential to help retailers at least minimize some hassles from selling age-restricted products.

The age-detection part uses an optical sensor to consider the customer's face shape, along with distance measurements between the eyes, nose and ears.

P&G Backs Mobile Barcode Scan Approach, But Few Retailers Can Afford To Wait

Evan Schuman — Wed, 04 Jan 2012 15:24:55 +0000

As the quantity of mobile POS interactions continues to soar—whether they're payments, coupons, CRM or something else—it's a rare retailer who has avoided the maddening inability of laser scanners to reliably grab data off a smartphone. P&G has moved into this argument, pushing a mobile scan approach based on using functionality within handset hardware or mobile operating systems.

The good news is that this approach, in theory, will be free to retailers, because it will not necessitate any store IT changes at all. The problem—and it's a deal-killer—is timing. With the mobile onslaught, quick is almost certainly going to trump free.

Apple Retail Mission: To Not Catch A Thief

Evan Schuman — Wed, 04 Jan 2012 15:19:45 +0000

For many shoppers, the thief non-interference policy of many chains—especially when it involves firing a security guard who confronted a shoplifter—is baffling, even though it's truly—albeit non-intuitively—the right thing to do. Apple's approach to non-interference with thefts took on an especially surreal twist in Toronto late last month.

The store does have a policy: Don't take sides. If the customer wants to call police, let the police handle it. If police aren't called, treat everyone as a legitimate customer.

Protecting Call Centers, The PCI Way

Walter Conway — Tue, 03 Jan 2012 16:21:34 +0000

The PCI Council used its December 2011 newsletter to remind merchants and service providers to control physical access to their call centers with video cameras or other devices. This recommendation is both sound security and good advice, and merchants everywhere should take it to heart. But as a QSA, PCI Columnist Walt Conway wishes the Council had done more than highlight just one particular sub-requirement.

There is more to protecting sensitive areas than installing video cameras. The second, and possibly thornier, concern for small and midsize merchants is how effective the reminder is likely to be when many of them mistakenly think they won't need to follow the advice.

Massive Subway Cyber Attack Ripped Into Weak Remote Access, Unencrypted Card Swipes

Evan Schuman — Thu, 15 Dec 2011 05:22:35 +0000

The latest major retail data breach—involving 150 Subway locations and more than 50 other retailers, payment-card data from more than 80,000 shoppers and more than $3 million in bogus, but completed, transactions—is different than its predecessors for several reasons. Most notably, it appears to be the first major breach that was initially detected by a chain's own IT team.

The essence of the attacks' success leveraged two weaknesses: different unsecured remote-access packages used by various franchisees of Subway, which enabled easy Internet access to POS systems; and card swipes with minimal encryption. That meant key-capture software installed by the cyberthieves was able to grab data in the clear, as it was being swiped.

Microsoft Gives Up On Tag

Frank Hayes — Thu, 15 Dec 2011 03:02:59 +0000

Microsoft has effectively thrown in the towel for Microsoft Tag. On Tuesday (December 13), Microsoft announced that its Tag Reader smartphone app will now support QR codes and NFC. Officially that’s to make Tag Reader a one-stop app so users won’t have to worry about what reader to use with various tags. In practice, it’s curtains for Tag, the multicolored 2D barcode that Microsoft rolled out in January 2009 but that never really caught on (not that the more successful QR code has been a barn-burning success).

In a blog post, Microsoft said it now recommends NFC for retailers to “blend in beautifully,” QR to “grab their attention” and Tag to “raise curiosity”—presumably as in, “curiosity about who’s still interested in Microsoft Tag.”

Amazon Price-Check Program’s Critics Have The Wrong Facts And The Wrong Attitude

Evan Schuman — Thu, 15 Dec 2011 02:47:00 +0000

The Amazon price-check promotion is getting mercilessly blasted by authors, a U.S. Senator, a retail trade group and various others. The strangest part is that so many are getting the actual specifics of the Amazon program wrong.

Booksellers were up in arms about Amazon encouraging people to go into their local stores to buy on Amazon, despite the fact that consumers have been doing the same thing for as long as Amazon has been around and the fact that—to be nitpicky—books were excluded from the program. U.S. Senator Olympia J. Snowe (R.-Me.) issued a statement that "incentivizing consumers to spy on local shops is a bridge too far." That may be true, but the price-sharing part—the spying the senator is referencing—was excluded from any incentives.

Amazon Chutzpa: Do Unto Others What You Block

Mark Rasch — Thu, 15 Dec 2011 01:57:22 +0000

When Amazon launched a one-day promotion this month aimed at getting its customers to go into brick-and-mortars and select items they wanted to buy at Amazon for a 5 percent discount, it was engaging in a deliciously ironic act.

Why? Because although what it was doing to those physical stores was likely legal, had those stores tried doing the same to Amazon, it would have been illegal, thanks to Amazon's posted policies. That policy phrasing is not even universal—or even common— among major E-tailers, pens Legal Columnist Mark Rasch.