Evan Schuman's StorefrontBacktalk

When Google on Tuesday (Nov. 29) announced a retail program for inside product tracking—with initial trials from Home Depot, Macy’s, Bloomingdale’s, IKE, Japan’s Mitsukoshi plus the Mall of America—it offered a relatively easy path for in-store navigation for retailers. But it also hasn’t licked the most daunting challenge: location precision. Google’s not even claiming location accuracy of better than “within several meters.”

The Google program, initially limited to Android phones, works by getting detailed floorplans from the retailer. Once the system detects the consumer has entered that address, it defaults to that map and then uses in-store tracking to show the customer’s location compared with product aisles. But “several meters” could be dozens of feet in either direction (the term “several” has deliciously vague. Merriam-Webster helpfully defines it as “more than two but fewer than many”). The altitude feature is supposed to know which floor you’re on and to display the correct floor map—that’s a nice touch—but without more finetuning, it will have trouble navigating someone to the right aisle, let alone within that aisle, as Meijer recently discovered.

The elves at JCPenney have come up with something rather clever: a mobile app that allows for gift recipients to hear custom voice messages from a gift-giver. And a program that packs a multi-layered CRM data-collection punch. The recipient scans a QR code that is taped to the gift and instantly hears the gift-giver’s voice relaying a holiday-friendly message. (In my family, it would something sweet like “Here are the ^#&! gloves you wanted. So where’s the $50 you borrowed from me?”)

The reason this idea has such potential is the chain is using the mobile device solely as a tool, where both JCPenney and the app quickly get out of the way and let the recipient and the gift-giver truly communicate. From a CRM perspective, it’s clever for JCPenney because they set it up to force the system to call the gift-giver back to record the message. Therefore, the chain can gather lots of mobile numbers for later messaging use and, depending on future tracking purposes, perhaps much more through in-store interactions. The first step, though, is to collect those numbers and this is a wonderfully innocuous way to start.

The mundane underappreciated customer kiosk has been undergoing some radical changes recently. Among the most far-reaching and/or strangest: one that serves live crabs, offers ice cream in exchange for a literally measurable smile, a porn kiosk that asks a lot of specific questions and promises privacy protections, a Pepsi social kiosk that allows you to buy soda for strangers, a convenience store sandwich machine that uses privacy to boost sales, a wine kiosk that detects if you’re already drunk and a machine that measures customers for custom suits.

But this new kiosk out of Europe may just take the record (although that live crab-dispensing kiosk is pretty hard to beat). It makes pizza—from scratch. This thing shows customers its realtime process of kneading dough, forming the round, adding tomato sauce and toppings and then baking it—all in three minutes. A kiosk that creates and delivers a fresh pizza may not play well in every retailer environment, but it’s worth a shot. Honestly, Nordstrom, would a pizza kiosk in your aisles really kill you?

Amidst all of the reports this week detailing record-breaking revenue for the start of the holiday shopping season, one critical point has been overshadowed. While E-Commerce sales have indeed been strong, the rate of increase has been essentially flat for the third year in a row. Indeed, the rate of increase of sales this year is projected to be lower than either of the other two most recent years. EMarketer’s comparison stats only go back to 2007, showing a 19.4 growth in 2007′s holiday season, an unusual drop in 2008 (-7.8 percent) and then three similar growth stats for 2009( 16.9 percent), 2010 (17.4 percent) and 2011 (16.8 percent). On the happy side, in this economy, a steady 16-17 percent annual growth rate is pretty nice. And given the steady (other than 2008) E-Commerce revenue increases through this year’s projected $46.7 billion online holiday season, the slight drop of growth percentage is certainly acceptable.

But with the revenue hype fest that has been going on the last few days, it’s worth remembering that this year is simply projected to have the same kind of season-over-season growth that it’s enjoyed the last couple of years.

PCI does not address skimming at your point-of-sale (POS) devices, especially those self-service areas that are not under constant control of a clerk or manager. PCI Columnist Walter Conway thinks it should and that now may be the perfect time to make a change in your POS practices and PCI itself. Although this may be the season of sharing, that should not include sharing your POS devices with the bad guys. The PCI Council recognizes the risk from card skimming. They have held information sessions highlighting the threat at the Community Meetings and they published in 2009 a document informing retailers of the risks of skimming.

However, as of today, there is nothing in the PCI DSS directly addressing how retailers should protect their POS devices from being compromised by a bad guy installing a skimmer. The timing for updating or clarifying PCI now is excellent. Each version of PCI DSS has a three-year lifecycle and we are now into the second year of PCI version 2.0. That means that as of November 1 we are in the formal period when Participating Organizations worldwide provide feedback on improving payment security and the PCI DSS itself.

Just a reminder that StorefrontBacktalk now has five free monthly newsletters, each one focusing on a different key area for us: E-Commerce, Mobile, PCI/Security, In-Store and CRM. The Monthlies—see the descriptions here—are available to anyone via a quick E-mail sign up.

The Monthlies publish the first few days of each month, and they are a great way to catch up on all of the news in a given area. So before you miss the December Monthlies, sign up for your free copy.

As mobile trials of all kinds kick into highgear next year, there’s almost certainly going to be a trend that will signal very bad security news: a soaring number of retail Wi-Fi trials, many of which will likely be quick-and-dirty efforts to be able to support customers who want to use mobile in-store. Wi-Fi security is bad enough as is, let alone what will happen with lot of slapdash rollouts.

Some of the security problems with Wi-Fi are well known and there isn’t a security consultant worth the paranoia they sell who can’t spout their list of the dumbest retail Wi-Fi deployments. There is a small ray of hope. Although Wi-Fi is often quite insecure, the newest Wi-Fi offerings today are a tad bit better. If we can assume that many of the new deployments will be using somewhat more robust approaches, it might be a somewhat smaller catastrophe. Remember that a Wi-Fi mobile disaster doesn’t have to be a security breach. Given how easy it is for a children’s toy or a wireless microphone to disrupt Wi-Fi and potentially halt mobile payments or, even worse, cause double billings, even a data-secure network could cause mobile nightmares. Ahhh, the joys of Wi-Fi.

The biggest practical challenge to in-aisle mobile checkout is verifying the receipt as the customer tries to leave. Verification is not foolproof, but it will dramatically slow traffic, which is counterproductive. What retailers need is a way to associate that phone with the customer and the purchase, and to track all three throughout the store, up to the exit. Fortunately—and simultaneously unfortunately—the very nature of a smartphone provides just such a wireless way.

By using the phone’s signals, the store could track that customer and could know exactly when that customer is approaching the exit and alert the greeter/loss-prevention associate to the approach. No need to verify the receipt, no need to stop the customer at all (unless the greeter sees something beyond the purchased items, but that’s always been the case). There are clearly hurdles to this approach. But it’s one of the few that addresses most of the current in-aisle mobile payment headaches.

Wal-Mart’s newest mobile acquisition may be a lot more than the world’s largest retailer is admitting. On November 10, the chain announced that it acquired Grabble, a tiny Australian mobile POS startup that can deliver receipts to customers’ phones. Wal-Mart also did a good job of scrubbing the Internet of information about what Grabble actually makes: hardware that attaches to POS systems to capture purchases and other customer data in real time, so that information can be used without having to change existing back-end POS software. Mobile receipts are just one obvious application.

It never really made much sense that Wal-Mart would go all the way to Australia for a mobile-receipts startup—that’s hardly a new idea. But a box that plugs into a POS, so it’s easy to experiment on a store-by-store basis with everything from mobile receipts and coupons to plug-and-play CRM, inventory and analytics systems, sounds like it’s worth the trip. And that could explain why Wal-Mart worked so hard to make most details about Grabble disappear.

What, if anything, should retailers do differently about tablet computers, in an M-Commerce context? Not much, it turns out. But it’s hard to glean that from the flood of stats out there. Consider some numbers IBM Coremetrics has been talking up recently. The company reported that “shoppers using an iPad will lead to more retail purchases more often per visit than other mobile devices,” with iPad conversion rates at 6.8 percent versus 3.6 percent for all mobile devices. That may be true, of course. But it’s also obvious that the larger screen of a tablet will enable more activity than the typical smartphone. What if IBM Coremetrics had said that shoppers using a laptop or a desktop computer will deliver more purchases than a smartphone? What if IBM Coremetrics had said that shoppers using a laptop or a desktop computer will deliver more purchases than a smartphone?

That said, tablets are becoming quite popular, and a migration of sales from PCs and laptops down to tablets is inevitable. From the chain’s perspective, though, that change may be barely felt, because the tablets will simply be accessing your regular Web site. At best, it might be a slightly tweaked version of your site. Most of the current tablets don’t really need much—if any—tweaking to deliver an acceptable experience.

Lord & Taylor recently tried an experiment where high-school girls were able to purchase a prom dress and then claim it for that event at that school, to theoretically make it less likely some other girl would show up at the prom wearing the same dress. The idea is interesting but limited, in the sense that the same dress is being sold at other retailers. It also suffers from the problem of only working when the customer bothers to go through the tagging process.

Why not use ZIP codes (IP address locations are typically too inaccurate and/or cover too wide an area to be practical for a prom no-duplicates strategy) and a high school pull-down menu (with a behind-the-scenes list of each school’s primary ZIP codes) to flag likely repeats? This approach pushes this idea beyond high-school proms and could be used to flag apparel conflicts at any type of event or formal function. Weddings? Theater? This could even be helpful beyond events. What about giving an option to indicate the name of an employer? Depending on the size of the employer, it might be nice to know if that business suit you’ve been eyeing has already been purchased by anyone else within that company.

Given the dominance of the key U.S. holiday next week (we mean Thanksgiving, not Black Friday), StorefrontBacktalk‘s weekly newsletter won’t publish on November 24. Everything else will still be live (the Web sites, our Kindle version, our Twitter tweets, our mobile sites, etc.), but we need a little time off to burn some turkey and over-season some stuffing.

Speaking of which, we want to tap into the knowledge of our audience with a question that has nothing to do with retail technology. One of us here at StorefrontBacktalk is going to try something new for Thanksgiving: Cooking the turkey on a gas grill. The problem is that, well, it’s me. And my Weber grill seems to have two temperature settings: 750 degrees Fahrenheit and OFF. To be precise, it has tons of settings, but those two numbers seem to be the only heat levels the beast is capable of delivering and maintaining. In a short duration grilling (say 5 to 8 minutes), it’s easy to compensate. But when dinner for a dozen people needs to cook for five hours, I’m open to any tricks to get the temperature to get down to 325 degrees and to stay there. Any suggestions? If you do have any suggestions, please E-mail me at Help Evan To Not Turn His Entree Into Sawdust Held Together By Static Electricity.

When we told you recently about the Australian shopping mall that tracked customer movement through mobile phone signals, it presented a very compelling CRM opportunity. It would also almost certainly be illegal in the U.S.

Here, it is illegal to intercept the contents of a cell phone call or to force a cell phone provider to pony up information about a user without—at a minimum—a court order based upon a certification by a law enforcement or other official that the information is relevant to an ongoing criminal (or sometimes intelligence) case, writes Legal Columnist—and former federal prosecutor—Mark Rasch. The federal pen register law makes it a crime to “install or use a pen register or trap and trace device” without such a court order, unless you are a “provider of electronic or wire communication service” and your use of the pen register is for certain limited purposes. There is little doubt that neither a mobile nor a mall operator would be considered a “provider of electronic communication services.”

Ever since Visa reversed itself and embraced EMV this summer, GuestView Columnist Trinette Huber—who by day is information privacy and security manager for the 2,700-store Sinclair Oil company—has been wondering why. She has concluded it’s not for the security. For the last five years, Huber pens, she has been advising, cajoling, arguing and sometimes arm-twisting when it comes to PCI compliance for Sinclair’s distributors and c-store operators. “We’ve been waiting for technology that protects credit-card data. Stop coming back to the trough to get retailers to pay for something that doesn’t remove PCI compliance requirements and protect online transactions.”

Huber adds: “Chip-and-PIN doesn’t eliminate your requirement to be PCI compliant. You still have to do that. If we adopt Europe’s old technology, the card data will still pass in the clear. You still need to spend all of that money securing your point-of-sales, auditing your network and reporting on your compliance status. Well, maybe not reporting to Visa—if you meet its requirements—but there’s still MasterCard, American Express and Discover.”

As the various mobile-payment vendors—including Google, ISIS and PayPal—try and woo retailers, they are finding the conversation repeatedly veering away from flashy functionality and into issues of standards compliance and providing specs that match what retailers are using today. Those are points of resistance, though, when the vendors desperately need to differentiate their offerings and to argue for critical time sensitivities (“you must trial this right now”).

The retail chains, which hold most of the important cards in this game, are quite content to sit back and let the process take time. Cutting deals with whoever remains standing makes it slightly less risky anyway. We spoke with a few senior retail IT execs about their mobile-payment vendor discussions and the comments from two were the most illuminating. Dollar Tree CIO Ray Hamilton said he sees the tech limitations issues as already resolved (“I would prefer to pay with my smartphone than with a magstripe card—a crude, historic technology invented during my youth. Smartphones will have more than sufficient processing capabilities to encrypt data during the NFC transaction.”). No, it’s the standards issues that are his greatest concern, especially given that there are really hardly any significant mobile standards yet.

Macy’s is testing a merged version of its brick-and-mortar and online inventory systems chain-wide, and it expects to go live with the new system early in 2012. On Wednesday (Nov. 9), Macy’s CFO Karen Hoguet told an earnings call that “we’re going to be able to do [chain-wide merged inventory] very soon. We’re testing it right now. And early next year, I think we’re going to start doing it more and more, with the systems we have today. Having said that, we are going to invest over time in better systems that allow us to maximize the inventory easier without as much manual intervention, but it’s not going to prevent us from doing the site to store to door.”

That merged inventory will presumably be the base for Macy’s item-level RFID efforts, which are slated to go chain-wide by 2013. Merged inventory could also smooth out some of the kinks in Macy’s Search-and-Send program, which lets one store access inventory from another store and have items shipped directly to a customer. That’s currently in only a few dozen stores, but it should be easy to roll out chain-wide once the merged-channel inventory is in place.

Toys “R” Us is backing into in-store mobile payments by serving as the guinea pig for an interesting eBay trial. Smartphone-equipped toy shoppers will be able to purchase any Toys “R” Us product by scanning the barcode with RedLaser, now owned by eBay, with the mobile app fully processing the transaction. There’s a huge catch, though: Any payment form other than eBay’s PayPal need not apply.

The shortsighted payment limitations aside, this Toys “R” Us trial is quite clever and it showcases what eBay can do in the mobile space. Consistent with the mobile wallet pitch PayPal itself is making to retailers, parent company eBay’s trial showcases the strength of being platform-agnostic. This trial can work just as well on an iPhone or an Android. (Note: eBay’s information seems contradictory on how multi-platform it will initially be, however.) On the flip side, Google Wallet can work just as well on Visa and MasterCard. Therein lies the frustration of the Toys “R” Us trial.

Bringing Mobile Commerce in-store—for everything from mobile payments to mobile checkout—just hit another snag. Researchers have developed a way by which thieves could capture video of users typing on a smartphone screen from as much as 14 feet away inside a store, and then automatically extract passwords, PINs, payment-card numbers or other sensitive data from the video, which can be captured over the phone user’s shoulder or even in the reflection of a user’s sunglasses.

Shoulder surfing is an unavoidable problem with smartphones in a crowd, but 14 feet away feels like enough distance to be safe from video eavesdropping. And although there are workarounds to block the attack—turn down the screen brightness or turn off the pop-up keypress confirmation that makes the iPhone’s virtual keyboard so much easier to use—it’s unlikely that customers will be willing to do that. Store associates, on the other hand, might want to do both those things, along with being careful to guard their screens and watch for customers who happen to be using video cameras nearby. The biggest question is whether they can be convinced to do anything.

Is item-level RFID a surveillance technology? Of course it is, if you’re a thief—particularly a sticky-fingered employee. When missing product can be routinely discovered within hours instead of weeks, it’s much easier to scan store security recordings to spot the theft. RFID wasn’t designed for surveillance—that’s just a side effect. Another side effect: item-level RFID’s ability to let executives track exactly how well stock is moving in and out of stores on a daily basis. If you’re the manager of a store with problems, that might feel like surveillance, too.

For many retail IT execs, it’s more than a little uncomfortable. Store managers are on the same side as IT. Setting up systems to see who’s underperforming—and exactly how, in near-real-time—can feel, well, a little dirty. Maybe that’s why so few chains are doing it—and why most of the systems offered by vendors for using RFID data aren’t built for that type of visibility. “Our number-one fight with software vendors is, your software doesn’t do enough,” said American Apparel VP of Technology Stacey Shulman. “‘Well, it’s what everybody else uses.’ Well, it’s not enough.”

While U.S. grocery chains are struggling with whether they’re better or worse off with self-checkout and express lanes, a supermarket in Espoo, Finland, is experimenting in the opposite direction: intentionally slow checkout. Dubbed the “don’t panic” lane, the slow-track checkout at a store in the K-citymarket chain offers armchairs for people waiting to pay, help putting products on the checkout belt and a generally relaxed approach to paying for merchandise.

The pilot project is being done in conjunction with researchers at Aalto University, who thought mentally disabled customers would prefer a less hectic, more helpful checkout process. But it seems elderly customers and even parents with small children in tow also like the slow lane (those armchairs seem to be a big draw in both groups). Running customers through checkout at top speed may be the most efficient way to do it, but an extra-slow checkout offers plenty of opportunities to hit those armchair-bound customers with digital signage and potential impulse items—keeping some customers happier and potentially paying for itself with increased sales. For chains that have already given up on one-size-fits-all checkout, that slow lane might actually make good retail sense.

If you want a perfect snapshot of how dominant Apple has become for in-store mobile POS devices—and why—look no further than Hewlett Packard’s mobile POS announcement on Thursday (Nov. 3): a payment-card sled that attaches to HP’s new Slate 2 tablet. This is bound to be a tough sell—remember, HP has just killed off a tablet line in a very public fashion (even though that wasn’t the Windows-based Slate line). The HP tablet-and-sled combo together will be a hefty $1,200. Competing with Apple means HP will need to nail this product perfectly—right?

Yes, that’s what HP needed. But instead of offering the tablet and sled as a general-purpose in-store mobile POS, HP is positioning it largely as an add-on to HP’s own POS systems. OK, that limits the market. So does the lack of a clear advantage over an iPad (HP says being Windows-based will make it “easy for retailers to integrate,” though a product manager acknowledged that iPads probably work fine with most retailers’ systems too). Then there’s the mag-stripe reader, which can work right out of the box in unencrypted mode. Wait, isn’t that exactly what retailers don’t want?

Apple is about to complete its conversion to a merged-channel retailer—and maybe put its first stake in the ground for mobile payments, too. Most critically, Apple is changing how it doles out bonuses and commissions, which is the only way to get anyone’s attention. Sales will no longer be credited to the division (online or in-store) that collects the money, but to whoever actually delivers the product. On November 3, Apple is expected to roll out a new system that will merge its in-store and mobile-commerce channels, offer a 12-minute turnaround time for M-Commerce orders and reward brick-and-mortar stores for pushing customers to shop online and pick up in-store. And—as you may have heard—it’s letting customers do self-checkout, too.

If that sounds like an afterthought, it very nearly is, even though self-checkout alone would be a big deal for most chains. What Apple is primarily trying to do is demolish the wall between stores and M-Commerce. It may not work—that 12-minute turnaround promise may just be impossible, and some of Apple’s plans for prioritizing customers can collapse when things get busy. But if it does work, it may also represent Apple’s demonstration of how it plans to offer mobile payments to other retailers—without either NFC or mimicking a plastic card.

In the battle to woo retail partners, PayPal this week put out its best digital wallet presentations in a pop-up store in the Tribeca section of New York City. With presentations done by PayPal staffers and professional actors, PayPal is preparing to run retailers through five scenarios of mobile wallet retail usage. Unfortunately, PayPal’s demonstrations look eerily like those from Google and ISIS.

The problem is that the digital wallet concept—a place where you can cram in every payment method, CRM card and discount reminder—is the same, with trivial differences in partners and technology. PayPal did showcase some differentiators—such as the ability to pay with airline miles or other points programs, in addition to changing the payment method days after the purchase has been finalized—but it also conceded that there’s nothing preventing Google or ISIS (or Apple or others) from offering identical services.

In unrelated trials this week, Debenhams—the UK’s second-largest department store—and eBay are trying to push the mobile limits of creating stores with no physical infrastructure. But unlike Web sites, these virtual stores exist in a specific place to which customers must travel. In Debenhams’ case, a human being at that location would see nothing, except other human beings oddly pointing their phones around the sky.

The virtual store is not new. In a much publicized trial this summer, Tesco re-created almost all of the merchandise from one of its stores as a series of high-res photographs with QR codes on the walls of a South Korean subway. But the Debenhams’ effort takes it farther than any other retailer. At least consumers arriving at that subway would see pictures of products and could guess what to do. In the Debenhams’ trial, consumers were directed to very prominent street corners in London (Trafalgar Square), Manchester (Albert Square), Birmingham (Centenary Square), Cardiff (Cardiff Castle) and Glasgow (George Square). They then loaded a mobile app onto their phones. If the geolocation of the phones matched what the app had been programmed to look for, it would display a ghostly image of a dress.

Macy’s, Target and Kohl’s this week all announced they’ll be opening brick-and-mortar stores at midnight on Black Friday, as the start of holiday shopping keeps carving farther into Turkey Day. That presents a tricky E-Commerce issue, though: When does Black Friday start online? If those door-buster deals show up for E-Commerce shoppers at midnight in New York, that means they’ll be available in San Francisco at 9:00 PM on Thanksgiving night. After all, it seems silly to try to block Web shoppers from buying online before their local stores have opened. (Really, this year you’re going to refuse to take their money?)

But there’s certainly a difference between a marketing event that begins at midnight and one that starts in the middle of prime time on the West Coast. Last year, Kohl’s started its Black Friday sales at 3:00 AM New York time, midnight Pacific time, with Macy’s and Target an hour later. That didn’t make much of a difference online—it was still late-night across the U.S. But wind those times back a few hours, and suddenly it won’t just be night owls who are hammering on E-tail sites.