Evan Schuman's StorefrontBacktalk

MasterCard’s Monday (Jan. 30) rollout of its roadmap for EMV in the U.S. set it on the opposite side of payment security from Visa, with MasterCard pushing for EMV with PIN and Visa arguing that PIN isn’t necessary. MasterCard is backing up its preference with some serious fraud-dollar forgiveness. Oddly enough, the much-smaller MasterCard has trumped—or, more precisely, nullified—Visa’s position, at least as far as retailers are concerned.

Given that greater-than-99-percent of Visa retailers in the U.S. also accept MasterCard, chains must go along with whichever brand has the more strict requirements. Typically, that’s been Visa, but not this time. On EMV-related PCI relaxations, however, the two brands opted to adopt identical policies.

For quite a few years now, the contactless payment world has enjoyed an endless-loop of defend-and-repel games when dealing with contactless security. The game starts with bank assurances that the data being transmitted wirelessly couldn’t possibly be enough for a thief to perform a transaction. Next is some public demo of a security researcher wirelessly grabbing data and completing a transaction. This is followed by industry refutations that the system demoed was either out-of-date or some part of the test was unrealistic.

Interestingly enough, there’s truth on both sides. But the dance of demo-and-explanation seems to never slow.

It was just past 10:30 PM on January 15 when police say a shoplifter walked into the Murrieta, Calif., Wal-Mart. But as part of a growing trend, she didn’t try and steal any merchandise. What she did was walk over to an unstaffed counter, pull out what seemed to be wire cutters and cut loose the store’s keys to its safer security devices.

Other thieves have opted for grabbing EAS tag detachers, but the point is the same. Beyond protecting products, retailers need to reinforce protections around the devices that protect their products. How are keys and tag detachers handled when not in use? Is there an explicit policy about ignoring EAS alarms?

In the power struggle between retail marketing and retail IT, IT is getting its server farms kicked. It started with E-Commerce and is now growing with mobile and social. What has to go? If it can go in the cloud, get rid of it. E-Mail? Gone. Web hosting? Out of here. CRM? Exit, stage right. If it can be easily outsourced by specialist firms or even done by people in the business unit, you need to let it go.

It’s time to evict Web and mobile app development, and pretty much any marketing initiative that isn’t core to your business. Heresy? Certainly, pens Retail Columnist Todd Michaud. But it’s necessary.

Mobile payment is going to change retail in an unknown number of unknown ways, and your lawyers will have healthy employment. Consider in-aisle checkout and shoplifting rules, pens Legal Columnist Mark Rasch. Today, customers who put products in a concealed place—a pocket, backpack, purse, etc.—while still in the store can be convicted of shoplifting even if they have yet to reach the POS checkout area.

The conceal part of that action is considered evidence of criminal intent. Now let’s see you try and enforce that rule when you have in-aisle mobile checkout.

As is our tradition, StorefrontBacktalk shuts down for the last two weeks in December, due to the fact that y’all are far too busy (a) supporting the biggest selling weeks of the year until December 25th, (b) supporting the biggest returns-and-exchanges week of the year after December 25th and (c) closing the quarterly books until December 31st on what everyone hopes will be a bigger year than 2010.

That means our next regular weekly issue will arrive on January 5th, 2012. In the meantime, everything else will still be live (the Web sites, our Kindle version, our Twitter tweets, our mobile sites, etc.). And we’ll, as always, send out breaking news alerts if circumstances merit.

A message from our beloved business side: As the NRF Big Show happens next month, StorefrontBacktalk has a couple of last-minute slots for anyone wanting to communicate with NRF attendees. In mid-January, as our readers leave their postmortem holiday shopping meetings with the list of everything that went wrong, every feature management wants to add and a wishlist of products to make it all, it’s a nice time message.

We will also be adding several content channels next year—including several new weekly podcast series, more monthlies, events in addition to our usual weekly and monthly newsletters, and Web sites—and if your marketing people have any interest in getting involved, we now have new opportunities. Some of these new channels were specifically created to enable smaller vendors, with much more limited resources, into our community. If your marketers want to get your brand in the middle of these discussions, please drop us a note.

The elves at JCPenney have come up with something rather clever: a mobile app that allows for gift recipients to hear custom voice messages from a gift-giver. And a program that packs a multi-layered CRM data-collection punch. The recipient scans a QR code that is taped to the gift and instantly hears the gift-giver’s voice relaying a holiday-friendly message. (In my family, it would something sweet like “Here are the ^#&! gloves you wanted. So where’s the $50 you borrowed from me?”)

The reason this idea has such potential is the chain is using the mobile device solely as a tool, where both JCPenney and the app quickly get out of the way and let the recipient and the gift-giver truly communicate. From a CRM perspective, it’s clever for JCPenney because they set it up to force the system to call the gift-giver back to record the message. Therefore, the chain can gather lots of mobile numbers for later messaging use and, depending on future tracking purposes, perhaps much more through in-store interactions. The first step, though, is to collect those numbers and this is a wonderfully innocuous way to start.

Just a reminder that StorefrontBacktalk now has five free monthly newsletters, each one focusing on a different key area for us: E-Commerce, Mobile, PCI/Security, In-Store and CRM. The Monthlies—see the descriptions here—are available to anyone via a quick E-mail sign up.

The Monthlies publish the first few days of each month, and they are a great way to catch up on all of the news in a given area. So before you miss the December Monthlies, sign up for your free copy.

Given the dominance of the key U.S. holiday next week (we mean Thanksgiving, not Black Friday), StorefrontBacktalk‘s weekly newsletter won’t publish on November 24. Everything else will still be live (the Web sites, our Kindle version, our Twitter tweets, our mobile sites, etc.), but we need a little time off to burn some turkey and over-season some stuffing.

Speaking of which, we want to tap into the knowledge of our audience with a question that has nothing to do with retail technology. One of us here at StorefrontBacktalk is going to try something new for Thanksgiving: Cooking the turkey on a gas grill. The problem is that, well, it’s me. And my Weber grill seems to have two temperature settings: 750 degrees Fahrenheit and OFF. To be precise, it has tons of settings, but those two numbers seem to be the only heat levels the beast is capable of delivering and maintaining. In a short duration grilling (say 5 to 8 minutes), it’s easy to compensate. But when dinner for a dozen people needs to cook for five hours, I’m open to any tricks to get the temperature to get down to 325 degrees and to stay there. Any suggestions? If you do have any suggestions, please E-mail me at Help Evan To Not Turn His Entree Into Sawdust Held Together By Static Electricity.

Is item-level RFID a surveillance technology? Of course it is, if you’re a thief—particularly a sticky-fingered employee. When missing product can be routinely discovered within hours instead of weeks, it’s much easier to scan store security recordings to spot the theft. RFID wasn’t designed for surveillance—that’s just a side effect. Another side effect: item-level RFID’s ability to let executives track exactly how well stock is moving in and out of stores on a daily basis. If you’re the manager of a store with problems, that might feel like surveillance, too.

For many retail IT execs, it’s more than a little uncomfortable. Store managers are on the same side as IT. Setting up systems to see who’s underperforming—and exactly how, in near-real-time—can feel, well, a little dirty. Maybe that’s why so few chains are doing it—and why most of the systems offered by vendors for using RFID data aren’t built for that type of visibility. “Our number-one fight with software vendors is, your software doesn’t do enough,” said American Apparel VP of Technology Stacey Shulman. “‘Well, it’s what everybody else uses.’ Well, it’s not enough.”

In a five-store trial—slated to expand chain-wide in the next two weeks—the Meijer grocery chain has gotten creative about letting customers locate products on the shelves using their phones. Given that GPS won’t work in-store and that in-store hardware sensors are expensive and labor-intensive, the chain is using a combination of Wi-Fi signal strength and product-barcode scanning to zero in on the customer’s location.

The potential of this microlocation mobile approach is compelling, because it provides a relatively easy—and somewhat accurate—way to help customers find product. Of course, that’s not the goal of all chains. Some chains—such as Costco—depend heavily on the customer stumbling on impulse buys as he/she wanders the aisles in search of the elusive clothes pins or peanuts.

A Japanese department store, 109 Men’s in Shibuya, has begun experiments with RFID chips embedded in clothes hangers. The idea is that a customer who takes clothing off the rack would trigger associated video, lighting and music, along with a log of the action. But will such a system be worth the non-trivial amount of extra labor involved?

When customers bring clothes to a dressing room—or even when those apparel items are purchased—there would seem to be a strong chance that the wrong hangers could get associated with the wrong piece of clothing. Attentive associates could painstakingly note the numbers of each identical hanger to make sure one item doesn’t get confused with another, but that would seem to demand a sharp labor increase.

According to American Apparel, item-level RFID can pay for itself by cutting employee theft. The 285-store chain’s VP of Technology, Stacey Shulman, told RFID Journal that in stores using RFID for inventory accuracy, internal shrinkage has dropped by an average of 55 percent. (The chain started by putting RFID in 50 of its stores with the highest shrinkage rates.) As a result, the savings covers the deployment cost. Of course, that’s something of an accounting trick. Deploy any surveillance technology in a store with lots of employee theft and some thieves will get nervous and stop stealing—for a while.

Shrinkage drops, and IT can declare that RFID’s ROI is 100 percent. Then, by the time the thieves start stealing again, it’s hard to argue with item-level RFID’s other benefits in better accuracy and faster replenishment, which is why Macy’s is pushing item-level RFID hard. Besides, the theft rate might never return to its original levels, right? It’s also wise to remember that the only retail people who care about ROI are the people can say “no”: your CFO’s team. And for IT projects, they check ROI once. So if it looks like thefts have been avoided, you get the credit. And given that the team won’t check again in four months, you’ll likely never get dinged if the reductions were short-lived. Short attention spans can be your friends.

Macy’s on Wednesday (Sept. 28) pledged an aggressive chain-wide RFID rollout, promising to item-level tag some 700,000 UPCs in every Macy’s and Bloomingdale’s by the end of 2013. That will represent about a third of all of the $25 billion chain’s products and one of the most aggressive retail item-level deployments yet. Macy’s won’t be tagging any of the replenishment goods directly, leaving that task to its suppliers, who will ship products to Macy’s already tagged.

This massive item-level selling-floor-to-the-stockroom project began as a pilot at the Bloomingdale’s New York SoHo, which is a pilot-friendly place apparently—the chain is now using Bloomingdale’s SoHo to test Google Wallet. As a practical matter, this rollout will give Macy’s a wide range of technology options as the potential of full item-level RFID gets closer. But Macy’s is officially focused fully on just one RFID function: faster and more accurate inventory.

Early this month, The New York Times R&D Lab started talking up some work it is doing to create an interactive mirror. The idea is that consumers would replace their regular mirrors with this souped-up, voice-recognizing networked version. It responds to the command “Mirror?” You can place a bottle of antacid on the ledge and it will identify it, offer instructions and perhaps a coupon. It will also create a digital tie and “place” it on your neck to try and match your shirt.

This is a very clever project, but I have to wonder whether it has any practical value. There is something ultra-sensitive about a bathroom mirror. Yeah, there’s that naked thing and the video-streaming thing that may not play well together. When I think of all of the potentially creepy implementations of RFID, mobile geolocations and facial recognition, I think an interactive video-capable mirror using Microsoft Kinect has got to rank right up there.

Starting today (Sept. 14), we are making our monthly topic-specific newsletters available for all of our readers, for free. These five newsletters—each one covering solely E-Commerce, Mobile, PCI/Security, In-Store or CRM issues—have until now only been available to Premium subscribers.

For readers focused on any of those areas, the Monthlies provide an easy way to keep up-to-date and to make sure you don’t miss any story important to your operation. The Monthlies also have two other helpful features.

What does the “price” of an item mean? If you pick up a can of corn at the Piggly Wiggly and the electronic shelf label (ESL) says it is $1, but the price changes when you walk up to the register, what price is the merchant legally required to deliver? Although any reasonable merchants would likely honor the lower price, must they do so? What about an online store, where the price of an item might easily be changed between the time a customer puts it in his shopping cart and the time he checks out?

There are two different legal precedents for these situations, writes Legal Columnist Mark Rasch—and in fact, they go in exactly opposite directions. That creates an inherent problem, for both consumer relations and the law. Customers could feel cheated if price changes don’t work the way the customer expects. And as ESLs make in-store pricing work more like online pricing, that could change the way courts see it.

While U.S. retailers—including Macy’s and JCPenney—are just starting to get comfortable with item-level RFID, a pair of German supermarket chains is already taking the next step—tagging associates, too. By using active tags, the chains are able to not only handle access to sensitive areas but flag when an employee has been in a freezer too long and may need help.

The grocers, ALDI and Lidl, wanted to offer hands-free access to security areas, said this report from RFID Journal. “Lidl installed a reader inside the freezer near its entrance. When a person with a transponder arrives, the ID number is recognized, unlocks the door and allows him entrance,” the story said. “As he remains in the freezer, the reader continues to read the tag once each second. If it is still reading the tag in 15 minutes, it triggers a loud siren that can be heard outside the freezer.” It’s long been argued that RFID can deliver retail ROI, but only if retailers forget what vendors have promised and start getting creative about discovering their own ways to profitably use the tags to do what can’t easily be done any other way. Looks like ALDI and Lidl have already started thinking outside the box—and inside the freezer.

It’s a time-honored retail tradition to identify—and try and pamper—the group of best (most profitable) customers. But social media has provided a new way to define VIP shoppers, with “most influential” having the potential to trump “spends the most.” Consider: Who do you want to take care of first and in the most boot-lick fashion? The person who personally spends $100 thousand a year with your store or someone whose friends and followers spend a total of $25 million? Is someone with a huge number of Twitter followers, Facebook friends or a popular shopping blog more worthy of the royal treatment than someone who personally spends a lot?

Granted, there are shopping carts full of complexities and nuances in analyzing such profiles—generating a meaningful influence rate, if you will—but that’s where the fun comes in. Even worse, beyond those analytical complexities, there’s the issue of how to get this data in front of the eyes of store associates and also how to do it in a timely matter. Of course, to start things off, there needs to be a reliable way to identify these influencers as they enter your store.

A comment from a reader on an E-Commerce Web site caught my eye. Forget about improving POS terminals for mobile, he said. It should work like this: I see something I want to buy. I scan the tag with my phone. I type in my PIN. Bang—it’s mine. That sounds like the perfect merger of in-store and M-Commerce—no more lines at the cash wrap for the retailer, instant gratification for the customer. There’s just one nagging problem. OK, there are lots of problems, but consider this one: When everyone is walking out the door with their items in hand, how do you tell what’s been bought and what’s being stolen?

Clearly it can be done—Apple Stores let roving associates complete transactions and so does Home Depot for some transactions. But doing it on a large scale with easy-to-shoplift items? The obvious answer is to use technology—and it’s possible to do with currently available technology. Unfortunately, there’s a tradeoff between privacy and loss prevention that customers may not be ready to make just yet.

If you’re selling books in California, you may soon have to handle all customer data very differently. If a piece of legislation now winding its way through the California legislature becomes a law, new restrictions on your record-keeping and file maintenance will extend far beyond the sales of actual books.

The legislation, which has more holes than a chuck of Swiss cheese, would place these burdens on retailers while ignoring a lengthy list of other people in the retail environment who have access to the identical data. The key problem, pens Legal Columnist Mark Rasch: The writers of the legislation didn’t think much about how retailers do their magic.

Macy’s is quickly moving ahead with its RFID item-level tagging efforts, with one report saying the testing has expanded to six distribution centers. But the retailer is saying that significant additional moves will only happen when key competing retailers make their item-level RFID moves. It seems that the $25 billion chain has figured out the difference between being an industry leader and leading an army of one.

Nowhere is that distinction more critical than with item-level RFID. Suppliers will resist—if they resisted the early Wal-Mart edicts and risked the wrath of Bentonville, they’ll resist Macy’s—and they’ll only sign on either when they see concrete benefits or when the percentage of retailers making the move is so high that they have no option but to comply.

As retailers try to master the new terrain of today—with mobile payments, item-level RFID, QR codes on subway walls or digital receipts—it’s good to know the largest insurance companies have their backs. It’s just that some of them seem to be holding knives.

At least that’s the sense one gets from The Hartford (Hartford Fire Insurance), which has now filed federal lawsuits in Illinois and New Jersey to tell two of its retail customers—Children’s Place and Crate & Barrel—that they’re on their own in defending against some POS lawsuits. The specific litigation involves consumers suing the chains because store associates asked for Zip codes at checkout. How prohibited such conduct is remains under debate, but not at Hartford, which has a fine-print exclusion for defending anything “arising out of the violation of a person’s right of privacy created by any state or federal act,” according to copies of both lawsuits. Whatever happened to the days when insurance companies saw their duty as defending their customers? (Answer: They were all April 1.)

One retail IT line that is too cynical to not share: In an unrelated interview, a senior IT manager discussed working with certain internal clients—business unit heads who had, until recently, been just colleagues.

What’s the difference, he was asked, between a colleague and an internal client? “Simple,” he said. “An internal client is a colleague who’s had his reasonability removed.”