Evan Schuman's StorefrontBacktalk

ISIS has finally named retail names for its mobile-wallet trial this summer in Salt Lake City and Austin. On Tuesday (May 15), the mobile-operator consortium announced that some (but not necessarily all) area Macy’s, Dillard’s, Foot Locker, Champs Sports, Aeropostale and Jamba Juice stores will be accepting mobile payments during the ISIS trial, along with 19 local merchants in Austin and 29 more in Salt Lake City.

That’s not a bad turnout for a normal technology trial. But ISIS is promising just hundreds of locations in cities with a total population of nearly a million—and considering the weak consumer response so far to mobile wallets, anything less than an overwhelming assault may already be doomed.

Now it is IT’s turn to take the blame for JCPenney’s woes. On Tuesday (May 15), JCPenney COO Michael Kramer told analysts that problems during the chain’s terrible first few months under its new “Fair and Square” pricing approach (store traffic down 10 percent, sales down 20 percent) were compounded by out-of-control inventory management and legacy system maintenance that ate up 90 percent of the IT budget—both fundamentally IT problems.

The result: It costs JCPenney at least $600 million per year more than it should to run the chain—which explains a lot about the quarter’s $55 million operating loss. “I can think of no other thing to say about our systems and our IT infrastructure, and I have seen a lot of them: It’s a mess,” Kramer said.

Here’s one for the marketing ethicists out there (is “ethical marketing” an oxymoron?): 18-year-olds come into the retail CRM world as clean slates, even if they have been active E-Commerce and M-Commerce shoppers for eight or nine years. It is illegal to solicit or sell data about children younger than 13—and what can be collected and used about those aged 13 to 17 is highly restricted. When that veteran shopper turns 18, though, can all of his or her juvenile shopping history be sold or even used?

One online payment vendor is preparing to sell tons of youth purchase data—apparently, this is the first time anyone has tried—avoiding immediate legal problems by offering the data in aggregate.

Macy’s efforts to move online order fulfillment into almost 300 of its stores this year got a look from the Wall Street Journal on Monday (May 14), and the result wasn’t pretty: The Journal described the in-store Macy’s distribution center in a Paramus, N.J., mall as “a dimly-lit, makeshift packing area” and said workers struggled to find merchandise in the store that exactly matched orders specifying colors like “journey” and “magical.” Amazon this ain’t.

The irony is that Macy’s may already have the answer to its product-finding problem—by leveraging a completely different in-store IT initiative.

Right before the 2011 holiday season went into ultra-intense mode (in November), IKEA Canada made a key change to its mobile and E-Commerce product availability system. Like many warehouse operations, IKEA crams an awful lot of merchandise into its stores, with much of it dozens of feet in the air, accessible only via forklift.

Under the old system, the site would tell customers that an item was in-store when it was at that store, not differentiating between a product at a lower level and one at a higher level. The problem: Because IKEA safety procedures prohibit forklifts from being used when customers are in the store, customers would come in to purchase their reserved sofa or table, only to be told that it can’t be accessed and that they must return some other day.

Is online-versus-in-store a zero-sum game? Retailers with E-Commerce experience know the answer, but financial analysts have a different view. In a report this month on online retailing, Citi hits the points you’d expect: Showrooming is bad; “omnichannel” is good. But one of the report’s “questions that remain” will likely raise your blood pressure: If, say, 12 percent of your sales are now online, “does that mean that bricks and mortar retailers need 12 percent fewer stores?”

It’s a question that makes perfect sense to stock watchers—but it completely misunderstands how merged-channel retail works.

What if having wireless in-store access isn’t really that important? Retailers’ efforts to make sure customers have constant Wi-Fi access—to fuel mobile functions such as barcode scanning, demo watching and, potentially, even mobile wallet efforts—has certainly proven problematic, whether the reasons are wireless-unfriendly old buildings or young shoppers gulping all of the bandwidth with movies or games.

Beyond encouraging shoppers to use over-the-air access that chains need do nothing to facilitate, what if apps used the mobile device’s memory to play those demos and to look up those barcodes, and then waited to update until the device was reconnected? Shopkick is using one version of this modified store-and-forward mobile strategy, as of an update deployed last month.

Integrators and resellers seem to be resisting a program that would provide stronger enforcement over, well, integrators and resellers. PCI Council General Manager Bob Russo talked with PCI Columnist Walter Conway about the resistance (the program is “sorely needed”), the pricing and the nature of the training. And given the number of industry insiders Russo worked with to create the program, he bristled at the suggestion that the Council worked in a vacuum on this one.

Russo said the training will be an online course so nobody should have to travel, Conway writes.

Who cares about Big Data? You should. All of a sudden, Web logs that were kept simply for troubleshooting purposes can now be mined to determine valuable information about customers’ preferences, writes Retail Columnist Todd Michaud.

Logs that are created by physical machines can now be analyzed en masse to look for information to help advance a business. Data from social networks can now be mined for customer sentiment. These problems were too big and too complex before. But now, answers are within reach.

With more than 3,000 stories, columns and GuestViews in the content database here at StorefrontBacktalk, we thought it was time to do a little upgrading. Starting this week, readers (both free and Premium) can search for stories by limiting the search to just the story’s headline—as opposed to the headline and the full text. (Note: Right below the search bar, readers can choose HED Only or Story And Hed.)

The ability to isolate a search to the headline can be useful in two ways. If you happen to remember that the headline mentioned Target, for example, you need not see every story that mentioned Target (or even used the word “target”). The second way is practical. If you want a story that is primarily about tokens—and not a story that merely mentions the word somewhere—the headline-only search can be helpful.

As JCPenney continues to recover from its self-inflicted nice-price-all-the-time effort, the chain’s latest cost-cutting move came this week when it quietly killed associate commissions and cut back many of their hours. Cost-cutting is fine, but killing commissions right now—as it desperately tries to fight off E-tail incursions in its stores—seems stunningly ill-advised.

As retailers complain about showrooming—and its posterchild, Amazon—the only meaningful way to fight back is to make the store experience so pleasant, efficient and fun that consumers would much prefer to shop than click away on a phone, tablet or laptop.

What Google, PayPal and ISIS are trying to assemble in mobile payments, MasterCard wants to dismember. On Monday (May 7), the number-two payment-card brand unveiled a mobile wallet and an E-Commerce payment system that are designed to cut out any middlemen horning in between customers and retailers and payment networks.

Ironically, while MasterCard’s PayPass Wallet for NFC-equipped phones got most of the attention, that’s still largely a pipe dream—MasterCard hasn’t even talked any mobile operators into giving it access to the NFC chip. But the online payments effort will offer tokenization to reduce PCI scope for E-Commerce. The bad news: You can probably forget about any interchange relief.

In a series of mobile trials in subway and train stations in Philadelphia and Chicago, online grocer Peapod has been trying to drive sales of milk, diapers and dog food to commuters with a few minutes on—and a smartphone in—their hands. The trials had to deal with mobile technologies with a very uncertain future—such as QR codes—and the frustrating logistics of demoing in cramped public transportation centers.

Peapod got the idea from a wildly successful mobile QR trial that Tesco did in South Korean subways. Peapod’s attempt is apparently the first to try and replicate the Tesco efforts in the U.S.

As E-tailers continue their incursions into rivals’ physical stores, the only viable defense is to radically upgrade customer service and the overall store experience. Two of the retailers most known for this are Apple and Walt Disney World Resort. Have you ever heard of an E-Commerce site cutting into the revenue at Disney? What specific tactics can brick-and-mortars steal? Here’s a good one: Disney this month is experimenting with an RFID/iPad combo to upgrade its famous FastPass system—for letting people reserve tickets/times and thereby get much faster access to rides and events. As Disney employees carry iPads, customers’ RFID bracelets will interact with CRM and ride information.

It’s fair to argue that Disney has always been the retail exception. It pushed contactless payment by offering deep discounts, and Disney even successfully got customers to use digital biometrics (fingerprints) for park access. But that’s just the point. With a heavy enough emphasis on experience and customer service, shoppers are willing to do almost anything, including—just perhaps—forgetting all about Amazon.

Sometimes, we have to wonder how any customers medically survive grocery trips. We’ve reported on germ-laden shopping carts and paper POS receipts loaded with the carcinogen BPA. Late on Wednesday (May 9) came word that one of the nastiest bugs around—the norovirus—infected an Oregon girls’ soccer team and that it was traced to a reusable grocery bag the girls passed around as they shared cookies.

“The latest outbreak of norovirus reinforces the research we have conducted about the propensity of reusable grocery bags to act as hosts for dangerous foodborne bacteria and viruses,” said Dr. Charles Gerba, a microbiologist and professor in the Departments of Soil, Water and Environmental Science at the University of Arizona. “This incident should serve as a warning bell: permitting shoppers to bring unwashed reusable bags into grocery and retail stores not only poses a health risk to baggers but also to the next shoppers in the checkout line.” The scenario isn’t so far-fetched. All it takes is a bag with raw chicken that leaks—or an egg that cracks—and the bag becomes highly contaminated. It then leaves those contaminants on the conveyor belt, which it shares with the bananas being purchased by the next customer. A good hot water washing with a lot of bleach should remove the hazard, but how many shoppers even think to try?

Corporate data security policies have always been a challenge. In recent years, thumbdrives, corporate telecommuting and smartphones have made such controls problematic. But the assumption has always been that the data being protected was on the hard-disks or RAM of various systems.

A Best Buy incident this month, however, is a grim reminder that saved passwords or tokens can expose employees to sensitive data—and capabilities—far beyond the bits and bytes of that device.

It’s you versus the sales guy in an epic battle over your IT career. The sales guy has a polished presentation about the features and benefits of his products and services. You have a status report. The sales guy has access to unlimited resources to make your business partners’ wildest dreams come true. You have one really great guy who you’ve overworked to the point that you carry a ton of personal shame.

The sales guy says, “Yes. Yes. Yes.” You say, “No. No. No.” In this surreal world, pens Retail Columnist Todd Michaud, you are watching your hard-fought IT career be dismantled by an onslaught of companies that shake your hand and look you in the eye as they pitch your demise one product and service at a time. And you had better buckle-up, Buttercup; it’s only going to get worse.

When the PCI Council released version 1.1 of its Point-to-Point Encryption (P2PE) Testing Procedures late last month (April 27), it forced an interesting question: Will P2PE be the only way to remove encrypted data from a merchant’s PCI scope?

Writes PCI Columnist Walter Conway: Current PCI Council guidance (FAQ 10359) holds that encrypted data can be out of a merchant’s PCI scope “if, and only if, it has been validated that the entity that possesses encrypted cardholder data does not have the means to decrypt it.” The important word here is “entity.” That is, the ability to decrypt the data must rest with some unrelated third party. With the emergence of P2PE, could this scoping guidance be revised to where the only appropriate “entity” is an approved P2PE provider?

Retailers spend an awful lot of time and money gathering and analyzing online and in-store stats about customer behavior. But what most seem to not do is try and connect the dots.

What did the shopper do right after scanning that barcode? If the answer can be found in mobile analytics data, you’re fine. But if the answer can only be found by overlaying that mobile data with in-store CRM data, most won’t see it. What about synching E-Commerce activity with calls to the call center two minutes later? Or linking an E-Commerce search to an in-store POS action 20 minutes later? How about social activity matched with any of the above?

For a half-dozen years, retailers have been struggling to find a way to make mirrors work as an in-store-to-Web sales device. Bloomingdale’s was one of the first. Its idea was to let a shopper model prospective new outfits to the mirror, which would then transmit the images live to the Web and allow comments from total strangers or a smaller group of logged in friends.

Seems that it missed the fun social elements of physically shopping together. This week, it was British department store chain John Lewis’ turn.

Here’s your wacky legal strategy idea of the month: Settling a mostly frivolous multimillion-dollar lawsuit can be such a great CRM data generation mechanism that companies might consider filing such class-action suits against themselves. One recent class-action settlement delivered more marketing value to the defendant than it could have ever hoped for, pens Legal Columnist Mark Rasch.

That defendant is using the litigation to collect consumer information. It is learning the names, addresses, E-mail addresses and some purchasing habits of not only actual consumers but, presumably, about people who never bought the product and yet are interested enough (in either the product or the $20) to lie about having bought the product. There doesn’t appear to be any limitation on how that information can later be used for marketing.

Mistakes made by careless or incompetent payment application installers or system integrators have led to far too many data breaches over the years. In each case, even though the reseller or integrator made the mistake, the merchant bore the ultimate responsibility.

Unfortunately, system resellers and integrators formerly fell in a governance gap in PCI, and their actions were outside the PCI Council’s jurisdiction. PCI Columnist Walter Conway says “were,” because that situation is about to change.

Operations often complains that the IT team is too disconnected from the business to perform at the highest levels. Business leaders clamor for IT staff who can talk about retail operations and back-office management, not just about information security and system availability, pens Retail Columnist Todd Michaud.

Every so often, an opportunity arises to fill an open IT role with someone from Operations who has “technical aptitude.” In an effort to keep the peace, a lot of IT leaders make the mistake of accepting a transfer from the Operations team rather than hiring an outside IT resource. Although it sounds almost “romantic” in design, in my experience, it almost never works out.

When Walmart launched its E-Commerce cash program on April 26, did it open the door to evil-minded rivals by giving them the means to falsely lock up merchandise? That is just one example of the many implications behind Walmart’s move to enable people to use cash to make online purchases.

Beyond new security holes on the risk side, the reward side is equally huge. While everyone seems to have focused on the general unbanked audience, a much more interesting prospect for this program is teenagers. Plus, this is sort of an anti-showrooming move, where online shoppers are being lured into the stores. Revenue sharing between Walmart channels is also a point of nervousness with this program. And a store’s inability to cancel such online orders—even if the customer then finds the item on the shelf—is problematic, too. This is a rare example of the kinds of compromises—between online and in-store operations—chains must make these days.

The challenge of giftcards has always been getting customers to remember them when they’re actually near the store where they can be used. With that goal in mind, a giftcard service—working with Gap and Sephora—is trying for a marketing triple play: mobile geolocation on top of Facebook data on top of customized giftcards. When a customer is near a retailer whose giftcard they have, it will loudly flag that fact to the customer.

The geolocation opt-in alerts are an interesting twist, especially when a consumer is walking in a city (locally or when traveling) and has no idea that a particular retailer has a store three blocks to the right.