Evan Schuman's StorefrontBacktalk

As retail rapidly moves to integrate mobile into almost every aspect of its customer interactions, many in IT and Loss Prevention are wisely scared about the security holes that will crop up during the rush. One such exec, William Titus, LP VP at Sears, said on Tuesday (Jan. 17) that one of his biggest fears involves mobile electronic receipts.

“The E-receipt problem is that the customer now has a valid receipt. I can’t bring it in. I’m not checking it off and signing off on it. So the ability to use that fraudulently increases unless you have a true returns management system,” Titus said.

Mobile payment is going to change retail in an unknown number of unknown ways, and your lawyers will have healthy employment. Consider in-aisle checkout and shoplifting rules, pens Legal Columnist Mark Rasch. Today, customers who put products in a concealed place—a pocket, backpack, purse, etc.—while still in the store can be convicted of shoplifting even if they have yet to reach the POS checkout area.

The conceal part of that action is considered evidence of criminal intent. Now let’s see you try and enforce that rule when you have in-aisle mobile checkout.

This year—2012—will be the beginning of the end for the traditional POS platform. Even though many analysts predicted that Apple, and its iPad, would be the David that finally took down the Goliaths, Retail Columnist Todd Michaud is arguing that Google will land the fatal blow.

The POS defense has been that chains need hardened systems. That argument worked when tablets were $500 and even $400. But now that Android tablets have fallen below $100, the argument falls apart. You could have four spares in the backroom and still be ahead.

Home Depot’s trial to let shoppers pay in-store with PayPal—a program confirmed late last week, which is loosely related to PayPal’s wallet—is interesting more for what it doesn’t do than what it does. It’s a baby-step program in two ways.

On the mobile front, it’s the first retail trial of PayPal’s mobile payment program and it doesn’t use a mobile device at all. (OK, that’s more an embryo step than a baby step.) On the payment front, this is also a test of Home Depot accepting a rectangular magstripe card that doesn’t say MasterCard, Visa, American Express, Discover or Home Depot on it.

Mobile wallets face a time-honored Catch-22: because very few stores support the technology, consumers have very little reason to bother getting it. Exactly how barren is this dial-tone desert for Google Wallet, currently the only actively being trialed game in mobile town?

We have our early clues from the CIO of the $2.5-billion 481-store Guess chain, one of the first test sites for Google Wallet in “a couple of stores” in California since May. In total, how many customers have tried Google Wallet? Says CIO Michael Relich: “Five or six.” Not 500 or 600 customers, mind you. Five or six.

Walk into one of about 25 Guess stores this week and you’ll see customer-accessible iPads in the men’s, women’s and accessories departments and even in the dressing rooms. “For the cost of a kiosk, I can put in four or five of these,” said Guess CIO Michael Relich. “This is the consumerization of IT.”

But the Guess iPad trial is hardly being done to save costs. The flexibility of the tablets and sharp, customer-friendly graphics make the devices a much more effective way to show demos and to locate merchandise, check inventory and do anything else that a kiosk would normally do.

In-aisle mobile payment isn’t merely a new payment method. It has the potential to force stores to rethink almost all aspects of operations—and few have seriously come to terms with how different environments are going to have to be. At the NRF show in New York City next week, a StorefrontBacktalk IT panel is going to map out the least-anticipated changes. And if you’re around on Tuesday 2–3 PM (1A 21/22 at the Javits Center), please drop by and tell us what we forgot to include. Ann Taylor CIO Mike Sajor, Sears VP/Loss Prevention Bill Titus and the NRF’s Joe Larocca—moderated by StorefrontBacktalk Editor Evan Schuman&mdashlwill look at the neglected items. As a Florida hobby shop discovered while serving as an NCR in-aisle mobile payment beta tester, this in-store mobile payment stuff is a lot harder than it looks.

“It’s really a change management problem,” Sajor said. “Literally everyone has to think through all of the possible change behaviors.” As Sears thinks through in-store mobile issues, it’s seeing how everything will need to change, from the supply chain to customer interactions to SKU-level integrity, inventory and dealing with new threats to the supply chain. “Some significant competitive advantages are going to be lost,” Titus said. The panel will be pure discussion, with no presentations and lots of audience interaction. So please argue with us there. Don’t make me come and find you.

How’s this for ironic? Retailers complain about how difficult it is to get shoppers to explore their social media efforts. And yet these same retailers have the almost undivided attention of these shoppers, often for hours every month, in an environment where the retailer has complete control of the surroundings, the store layout and the staff.

Almost all retail marketing efforts are based on the not-so-simple premise of getting people to purchase from them, either online or in person. The problem, pens Retail Columnist Todd Michaud, is likely a mesh of old-mentality thinking with a heavy dose of channel conflict.

The National Retail Federation’s Big Show is next week, and the exhibition floor will be crowded with vendors offering retailers all types of software applications. As a public service, following is a list of questions all merchants should ask their POS system supplier or reseller based on one QSA’s experience—namely the experience of PCI Columnist Walt Conway.

The good vendors will be able to address all these questions. The not-so-good ones will hand you a carrier bag or a pen instead.

Amazon is floating the idea—via a patent filing—of launching a social service. Whether it would be a dating site or a potential business partner finder or just a more intelligent way of choosing who to hang with online, that’s not clear.

But it is clear that Amazon is drooling over its vast CRM files and trying to figure out how much money it can make off them.

With so many consumer devices using the same wireless frequencies, it was bound to happen: Just before Christmas, a U.K. family in a village 50 miles southwest of London lost the use of all wireless devices—everything from key fobs for unlocking vehicles to a wireless thermostat and a digital shower—until the problem cleared up without explanation several days later. The BBC reported that faulty wireless equipment had caused similar incidents in the past, including a street in northern England of homes whose wireless was jammed in 2010 by handheld wireless devices used to take orders at a nearby restaurant.

Retailers get understandably worried about customers who might intentionally or unintentionally block store Wi-Fi that’s used for POS, associates’ handheld devices or free customer wireless service. But there’s a risk the other way, too—the newest Wi-Fi access points have a range of more than 200 feet indoors and 800 feet outdoors. That’s easily enough to jam neighboring stores’ Wi-Fi in a mall or interfere with homes near a standalone store. Unfortunately, there’s no easy way to know whether a store’s Wi-Fi is causing problems in the neighborhood—at least not until the FCC shows up to investigate a complaint.

A very bizarre eBay holiday promotion—which appears to have been in response to an almost-as-bizarre holiday promotion from Amazon—seemed to reverse conventional thinking about merged channel retailing. Instead of offering an incentive to shop online or in-store, the eBay incentive inexplicably required consumers to shop in both channels.

What started this holiday dogfight was an Amazon promotion, where it was offering a tiny discount (5 percent, with a ceiling of $5) for people who scanned barcodes and then purchased the item on Amazon. eBay’s response was what it billed as a $10 in-store coupon, with three retailers: Toys “R” Us, Dick’s Sporting Goods and Aéropostale.

As the quantity of mobile POS interactions continues to soar—whether they’re payments, coupons, CRM or something else—it’s a rare retailer who has avoided the maddening inability of laser scanners to reliably grab data off a smartphone. P&G has moved into this argument, pushing a mobile scan approach based on using functionality within handset hardware or mobile operating systems.

The good news is that this approach, in theory, will be free to retailers, because it will not necessitate any store IT changes at all. The problem—and it’s a deal-killer—is timing. With the mobile onslaught, quick is almost certainly going to trump free.

For many shoppers, the thief non-interference policy of many chains—especially when it involves firing a security guard who confronted a shoplifter—is baffling, even though it’s truly—albeit non-intuitively—the right thing to do. Apple’s approach to non-interference with thefts took on an especially surreal twist in Toronto late last month.

The store does have a policy: Don’t take sides. If the customer wants to call police, let the police handle it. If police aren’t called, treat everyone as a legitimate customer.

The PCI Council used its December 2011 newsletter to remind merchants and service providers to control physical access to their call centers with video cameras or other devices. This recommendation is both sound security and good advice, and merchants everywhere should take it to heart. But as a QSA, PCI Columnist Walt Conway wishes the Council had done more than highlight just one particular sub-requirement.

There is more to protecting sensitive areas than installing video cameras. The second, and possibly thornier, concern for small and midsize merchants is how effective the reminder is likely to be when many of them mistakenly think they won’t need to follow the advice.

Microsoft has effectively thrown in the towel for Microsoft Tag. On Tuesday (December 13), Microsoft announced that its Tag Reader smartphone app will now support QR codes and NFC. Officially that’s to make Tag Reader a one-stop app so users won’t have to worry about what reader to use with various tags. In practice, it’s curtains for Tag, the multicolored 2D barcode that Microsoft rolled out in January 2009 but that never really caught on (not that the more successful QR code has been a barn-burning success).

In a blog post, Microsoft said it now recommends NFC for retailers to “blend in beautifully,” QR to “grab their attention” and Tag to “raise curiosity”—presumably as in, “curiosity about who’s still interested in Microsoft Tag.”

The Amazon price-check promotion is getting mercilessly blasted by authors, a U.S. Senator, a retail trade group and various others. The strangest part is that so many are getting the actual specifics of the Amazon program wrong.

Booksellers were up in arms about Amazon encouraging people to go into their local stores to buy on Amazon, despite the fact that consumers have been doing the same thing for as long as Amazon has been around and the fact that—to be nitpicky—books were excluded from the program. U.S. Senator Olympia J. Snowe (R.-Me.) issued a statement that “incentivizing consumers to spy on local shops is a bridge too far.” That may be true, but the price-sharing part—the spying the senator is referencing—was excluded from any incentives.

When Amazon launched a one-day promotion this month aimed at getting its customers to go into brick-and-mortars and select items they wanted to buy at Amazon for a 5 percent discount, it was engaging in a deliciously ironic act.

Why? Because although what it was doing to those physical stores was likely legal, had those stores tried doing the same to Amazon, it would have been illegal, thanks to Amazon’s posted policies. That policy phrasing is not even universal—or even common— among major E-tailers, pens Legal Columnist Mark Rasch.

As is our tradition, StorefrontBacktalk shuts down for the last two weeks in December, due to the fact that y’all are far too busy (a) supporting the biggest selling weeks of the year until December 25th, (b) supporting the biggest returns-and-exchanges week of the year after December 25th and (c) closing the quarterly books until December 31st on what everyone hopes will be a bigger year than 2010.

That means our next regular weekly issue will arrive on January 5th, 2012. In the meantime, everything else will still be live (the Web sites, our Kindle version, our Twitter tweets, our mobile sites, etc.). And we’ll, as always, send out breaking news alerts if circumstances merit.

It’s now been four months since the PCI Council’s guidance on tokenization, and people are still mixing up tokenization and encryption. They are also drawing incorrect parallels/inferences. Tokenization is not encryption. Trying to compare the two is not appropriate (or like comparing quarks to streetcars or your other favorite silly similes), and doing so can lead to mistakes in scoping PCI.

By the way, after much effort, PCI Columnist Walt Conway thinks he has finally found a real-world example of what a high-value token should be. Let’s say shoppers want to use a payment card at a merchant, but they do not want that merchant to have their PAN, for whatever reason.

Google Wallet isn’t safe, at least not on the consumer end. That’s the conclusion from security firm viaForensic’s analysis released on Monday (Dec. 12). Yes, Google does a good job of blocking man-in-the-middle attacks. And having a PIN to open the wallet restores some security that Visa stripped out when it brought Chip-and-PIN to the U.S.

But Google also stores far too much customer information unencrypted on the phone—and if the phone is malware-infected or stolen, that data becomes far too easy for a thief to get at.

A message from our beloved business side: As the NRF Big Show happens next month, StorefrontBacktalk has a couple of last-minute slots for anyone wanting to communicate with NRF attendees. In mid-January, as our readers leave their postmortem holiday shopping meetings with the list of everything that went wrong, every feature management wants to add and a wishlist of products to make it all, it’s a nice time message.

We will also be adding several content channels next year—including several new weekly podcast series, more monthlies, events in addition to our usual weekly and monthly newsletters, and Web sites—and if your marketing people have any interest in getting involved, we now have new opportunities. Some of these new channels were specifically created to enable smaller vendors, with much more limited resources, into our community. If your marketers want to get your brand in the middle of these discussions, please drop us a note.

Why won’t Verizon let users install Google Wallet on its soon-to-be-released Galaxy Nexus phone? It might be that Verizon is defending its ISIS partnership and the mobile wallet it will roll out sometime next year. But there’s a simpler explanation: Only one mobile wallet can control the NFC Secure Element that stores payment-card data. If that’s Google Wallet, then it can’t be ISIS or any mobile-payments scheme that Verizon controls directly.

And although there’s nothing to stop Verizon from adding the necessary hardware for lots of mobile wallets, that’s not likely to happen unless Google opens its own corporate wallet.

A mobile vendor who was testing out the in-store Google Maps application this week at a Home Depot store in Florida discovered an unexpected result. While standing inside a Home Depot—which is one of a handful of Google partners on this project—and just feet away from the store’s paint aisle, the tester called up the store’s inside layout and asked the app where the paint aisle was.

The Home Depot partner app quickly responded: At the Lowe’s store three blocks away. It’s becoming clear that retailers need to be thinking about—and asking—a lot more questions about in-store maps and mobile navigation.

A 26-hour (minus one minute) Amazon in-store mobile price-comparison experiment starting Friday (Dec. 9) is scaring a lot of retailers, who fear that allowing consumers to scan barcodes, compare prices and buy from within the store will hurt them. One retail lobbying group objects to Amazon taking advantage of its sales-tax-free status to make in-store sales.

Much of the concern may have little foundation, because Amazon has low-balled the incentives to such an extent that it’s unclear if many consumers will even bother to try it.