Evan Schuman's StorefrontBacktalk

If a customer slips and falls in a large box store and then decides to sue the store, it would certainly be appropriate for the retailer to examine the videotapes relating to the slip and fall, see whether the customer did—in fact—fall, observe how that person was behaving before the fall and afterward, and determine what the condition of the floor was at the time of the incident.

But when Vons customer Robert Rivera sued the grocery store after he allegedly slipped on spilled yogurt, the supermarket in litigation called up Rivera’s purchasing habits, determined he had purchased “a lot” of alcohol and questioned his sobriety at the time of the accident, pens Legal Columnist Mark Rasch.

For many years, Microsoft top brass entertained Silicon Valley by predicting when it would release an important application and never getting the date right. Microsoft played Lucy to the media’s Charlie Brown. eBay CEO John Donahoe is trying to bring back some of that old Microsoft humor.

In Donahoe’s case, he has been trying to predict what major retail chains will do. Back in July 2011, he confidently told investors that eBay would have 20 national retail trials in 2012. Last week, Donahoe slashed that figure almost in half, now saying that 10 to 15 retailers will be offering PayPal in-store this year.

Due to the (strange? pyschotic? drug-induced?) unusual policies at Amazon, publishers have no idea who their Kindle subscribers are. That puts us here at StorefrontBacktalk in the awkward position of having to make a plea to our Kindle subscribers: Please reveal yourselves, and tell us how you find the Kindle subscriptions. We’re considering some changes to the service and any customer feedback goes to Amazon—and it’s not sharing. Therefore, we’re begging for whatever feedback you want to share to please share it with us directly.

For you Kindle people who have not yet subscribed to our Kindle feed, it’s not bad for convenience when traveling, when you’d like the latest on retail tech and E-Commerce beamed into your Kindle when you’re not looking.

Is Visa unbundling the mobile wallet? On Monday (Feb. 27), Visa announced an over-the-air service for putting payment-card information into smartphones, so the cards can be used for NFC-based mobile payments. The obvious advantage of Visa’s scheme: It’s from Visa, so presumably PCI problems will disappear.

But Visa is offering its new service for any issuing bank, mobile carrier and card brand. That means any payment card could go on a phone without the say-so of Google, ISIS or any other mobile-wallet vendor. At that point, will consumers see any reason for a mobile wallet other than the phone itself?

A shopping cart prototype—which follows customers around the store, scans products and flags shopping list discrepancies, completes payment in-aisle, includes voice-recognition and, heaven help us, talks—is being touted by Microsoft as under development for the Whole Foods chain. Whole Foods, however, has a very different take.

The Jetsons-friendly cart was demoed Monday (Feb. 27) at a Microsoft event called TechForum, where various cutting-edge projects were showcased. The cart certainly has some interesting potential—and drawbacks—but one key player that is not buying into the short-term need for the cart is Whole Foods, despite the Whole Foods logo having been prominently displayed on the cart at the Microsoft demo.

One of the worst parts about managing retail businesses is dealing with unknown future returns. Is that booked revenue all real? You can certainly know that, statistically, XX percent will be lost to returns. But is it possible to know more specifically?

What if your system could look for hints about specific purchases that could be flagged for likely returns? Perhaps a customer who purchases three of the identical shoe, but each one in a slightly different size?

One of the oldest adages in IT is that corporate tends to issue edicts without checking how they will play in the stores, without asking the foot soldiers and store managers whether it’s a good idea. A consultant this week offered a deliciously illustrative example, and it involves Bloomingdale’s and a CRM project.

The coincidental number that was the program’s weak spot? The required information-gathering with a customer took about 10 minutes, which is also roughly the same amount of time it takes most associates to make a new sale. They receive commission for those new sales and nothing for filling out the forms. Wonder why the program didn’t work well?

PCI compliance covers merchants, their service providers and the software applications both use. However, application resellers and system integrators—each of which plays a critical role in many retailers’ security and PCI compliance—seem to have slipped through the cracks.

PA-DSS requires software providers to educate “customers, resellers and integrators on how to install and configure the payment applications in a PCI DSS-compliant manner.” PA-DSS requirements also address actions resellers and integrators must take to ensure the implementation is PCI compliant. The questions, poses PCI Columnist Walter Conway, are: Who is checking? And assuming the training is sound, who is checking that the actual tech rep fixing your POS system knows what she/he is doing?

Sometimes you just have to listen to what people are really saying. Home improvement chain Lowe’s just spent more money on IT in 2011 than in any other year in its history, an aggressive investment that was spelled out in the company’s earnings call on Monday (Feb. 27). But we were still taken aback when we saw a transcript of the call from investment site SeekingAlpha.com, which quoted Lowe’s CEO Robert Niblock citing network and Wi-Fi upgrades, and then saying, “And it meant rolling out offense to replace existing functionality and to enable the ability to tender a sale at any place in the store.”

Rolling out offense? Now that’s aggressive language. But a quick review of the actual earnings call recording reveals what Niblock actually said in his North Carolina accent: “And it meant rolling out iPhones to replace existing functionality.” That makes more sense. But we still like the idea of a retail CEO bragging about going on offense with IT better.

You took the progressive approach and switched to a cloud POS. You love the reduced costs and that most of the support comes from someone else’s datacenter. Things go well for a few months, until your retail processes change slightly, thereby requiring a POS change. Your new cloud POS provider regretfully informs you that the change is too specific to your needs and will not benefit its other customers, so the request is rejected.

The same operations partners who were singing your praises for such a great move just a few short months ago, pens Retail Columnist Todd Michaud, are now calling for your head, because they are unable to operate their business the way they want to.

In our attempts to battle the never-ending assaults by Spammers, StorefrontBacktalk had to do something this week for which we need to apologize. Our direct discussion forum—Go Beyond The Story—was recently overrun by Spammers. To make the forum useful, we had to wipe out existing users. We then put in place much better security. Now, we are asking our readers who had signed up for accounts in the forum to please sign up again.

We have also cleaned up our discussion forum on LinkedIn. If you want to jump into a discussion on our LinkedIn page, you simply need to first join the StorefrontBacktalk group forum. For you Facebook fans, we have also reactivated the StorefrontBacktalk‘s Facebook page. We love when people comment on the stories, but we need to insist that only comments relating to a story be posted to that story. For comments that do not directly relate to a story or column, the Go Beyond The Story forum is home. And we want it to be a noisy home, with lots of loud arguments and shouting. That’s how retail discussions are supposed to be.

Most retailers have yet to dip a toe into merged-channel inventory, but Macy’s is already starting to tweak the model. The Macy’s “Store to Door” pilot (if a store is out of a product, it can be shipped to the customer’s home from another store) is set to expand from 23 to 290 of the chain’s 810 stores this year, but with a twist: Items will ship not from the closest store, but from the store where they’re most likely to be remaindered.

That improves Macy’s revenue, but also sets it up to take on its most threatening rival—Amazon—where the online giant should be at its strongest.

Given that mobile is almost certainly going to drive a lot more virtual stored value offerings throughout retail, it might be a good time to rethink how retail handles payment pre-auth holds.

Consider today’s situation: A shopper is driving to the mall to use a new giftcard she’s been sent and she pulls into a gas station en route. She says “fill ‘er up” and hands the attendant the giftcard. Given that it’s an unknown amount, the attendant keys in $100 and starts pumping. The final bill is $35 and the customer gets her receipt and drives off to the mall. When she tries to buy something, she discovers the card has been emptied and it won’t be restored for 2 to 3 days.

As Home Depot prepares to make its in-store PayPal payment system a chain-wide feature next month, security and who-pays-the-fraud-bill issues are making the differences between Visa/MasterCard/American Express and PayPal more glaring. Say what you will about the old guard payment brands, PCI and fraud responsibility, but at least retailers know the payment ground rules with the treasury troika.

This is proving to be an especially key point with Home Depot as the trial’s convenience factor—no phone needed, no card, no chip, nothing beyond a phone number and a short PIN—is trumping its security.

When a Best Buy store in South Carolina this week found itself dealing with the fallout from showing pornographic images on its large-screen TVs three times in 24 hours—one time the images were displayed to children in the store for a full 30 minutes—it forced the chain to wrestle with issues of Wi-Fi security, the problematic nature of wirelessly accessible smart TVs and how to control what images customers choose to use to test the TVs.

And ever-changing explanations of the incident didn’t help.

Google Wallet’s security problems that surfaced last week—two different ways for a thief who has stolen a phone to get access to payment cards in the digital wallet—prompted Google to block new Google Wallet provisioning for several days until the company pushed out a fix. But the vulnerabilities also highlighted a major pain point: Shifting payments from plastic card to smartphone isn’t just about technology, it’s also about getting partners to cooperate—in this case, card issuer Citi.

The big problem: The most logical and secure technology fix—moving PINs to secure hardware—is something Citi seems unwilling to do.

Hewlett-Packard announced a new open-source Web browser for mobile devices on Tuesday (Feb. 14). It’s name? Isis. That’s the latest slap for ISIS, the mobile payment initiative backed by Verizon, AT&T and T-Mobile—apparently HP didn’t even wonder if anyone had trademarked “Isis” as the name for a mobile app (yes, ISIS has). It’s especially worrisome with ISIS now slipping into third place in the mobile payment horse race behind Google and PayPal, which are both already taking payments.

Even more confounding: Starting this month, Google now offers Google Wallet on some AT&T mobile phones and, unlike Verizon, AT&T is apparently officially allowing it. To be fair, ISIS still plans to start trials of its payments system this summer in Salt Lake City and Austin. But to be realistic, if ISIS can’t keep its founding members on board or even defend its brand name, you have to wonder whether these telcos still think they can win the mobile payment game—or if ISIS is about to change directions again.

A new cryptographic hole revealed this week will impact one in 500 encryption keys, will be fairly hard for cyberthieves to find and will almost certainly be patched quickly. Still, it raises fundamental questions about encryption reliance. The group of cryptography researchers described an encryption hole that hits RSA especially hard, and at least one major chain is taking this very seriously.

“The bigger concern is internal keys, ones they couldn’t survey. Without their data of ‘weak keys,’ we can’t be sure we aren’t using any,” the retail exec said. “All owners of certificates do not know today if their keys are weak or not, and have no way of finding out just by examining them.”

Every time we hear one of these shipping company nightmare stories—with packages lost or recklessly damaged—it’s a painful reminder of how much retailers are at the mercy of these shipping partners. When a consumer makes an E-Commerce purchase and something happens to the product en route, who does the consumer blame?

There may be a way to flip this problem into an advantage. What if chains viewed every store as a local distribution center? And used local talent to deliver not only to customers but on the same day? This approach enables the merged-channel retailer to extend that experience right back into the customer’s front yard and maybe through the front door.

The whole concept of showrooming bothers Retail Columnist Todd Michaud. He keeps thinking about how retailers need to turn their retail locations into a strategic asset, rather than a burden. There is no reason retail organizations cannot duplicate (or even improve upon) the online purchase experience of their E-tailer counterparts.

If traditional retailers really want to win the war against their online counterparts, they need to shift the battlefield from price to convenience. And nothing says “convenience” like “drive-thru,” right?

Yes, customers really will pay attention to in-store electronic signs—especially if they’re not supposed to. In a Reuters news story this week, Kroger CFO Mike Schlotman said 2,200 of the grocery chain’s 3,600 stores have installed video screens to alert associates when more checkout lanes should be opened up. The screens, which display three numbered balls, are supposed to use a secret code to show how many checkstands should be open. But some shoppers have cracked the code, Schlotman said, and now complain to associates that, for example, there should be 11 lanes open because the screens say so.

But did anyone really think customers wouldn’t catch on? There’s a long tradition of retailers trying to slip secrets-in-plain-sight past customers on coupons, receipts or in-store displays. It never worked before, and with fanatical shoppers now constantly comparing notes on the Internet, a cracked code is practically guaranteed to become widely known very quickly. Then again, maybe treating this stuff like a treasure hunt can actually make customers feel like they have more control over their shopping. In that case, it’s fine for retailers to play the secrets game—so long as no one seriously thinks the “secret” can be kept.

Are you legally liable for what customers do over your store’s free Wi-Fi? A Massachusetts lawsuit is backing into that question with a novel legal theory: If illegal activity uses someone else’s unsecured Wi-Fi, then the Wi-Fi owner can be sued for negligence for allowing it to happen.

To be clear, the Massachusetts plaintiff is not going after any retailers—in fact, the plaintiff’s lawyer says he’d hate to try winning a case like that against a retailer. Unfortunately, that doesn’t mean some other lawyer won’t chase the same theory, with results that could put a chain in court.

One of the historic problems with RFID has been its difficulty in being read on metal or near liquids. A creative research team at North Dakota State University announced last week (February 2) an approach to turn the metal of the product into a functional antenna. It doesn’t avoid the metal problem. But it is judo-like in turning the problem around. The big downside for retail, though, is that each of these passive tags will cost 50 cents to one dollar.

The tags are 2 to 2.5 millimeters each, but Research Engineer Cherish Bauer-Reich said her group thinks they can get it down to 1 millimeter. “The tags we’ve developed actually use the metal container as an antenna, rather than having to make and place another antenna on top of the container,” said Bauer-Reich. “Many types of tags have to be spaced away from metal, since it changes the electromagnetic fields around the tags and destroys their ability to communicate. These tags, however, use the metal container as the antenna to transmit information. Because of this unique property, these tags can be used to tag anything from coffee cans at a grocery store to barrels of oil or metal cargo containers, with minimal concern about losing or damaging the tag.” She added that their tag’s high-permeability materials divert current into the tag’s integrated circuit.

A woman walks into her local Wal-Mart and immediately turns to an area near the front of the store with a bank of screens. This customer is rushed today, so she tells the system to forget the recommendations and she selects 24 items from her shopping list.

The items that are on the shelf elsewhere or in the backroom? An employee goes to fetch them. Those that are not in-stock at that store? They’ll be shipped to her home. This is where Venky Harinarayan, Wal-Mart’s Senior VP for Global E-Commerce, head of @WalmartLabs and venture capitalist extraordinaire, sees the world’s largest chain headed.

MasterCard has clarified its EMV push policies, saying its campaign will be focused solely on direct data breaches (as in a wide-scale attack on servers stealing millions of card numbers). Its second campaign will deal with individual fraud (as in consumers losing their cards and someone finding them and then running up charges).

But the number-two card brand also spoke of a near-term future where E-Commerce will be able to use the EMV chip to authenticate and process E-Commerce and M-Commerce transactions. However, will consumers pay more for laptops that can handle such security? And will tablets and smartphones—which can more easily and more cost-effectively handle such technologies—grow quickly enough to make desktop/laptop enhancements irrelevant?