Evan Schuman's StorefrontBacktalk

Some Marks & Spencer customers have reported that the U.K. chain’s contactless payment terminals have taken money from contactless cards even when those cards were still in purses or wallets a foot or more away—and in at least one case, the grabby POS behavior was repeatable.

The retailer recently rolled out contactless point-of-sale terminals to 644 U.K. stores and reportedly processes more than 230,000 contactless transactions every week. But several customers told the BBC that they had the experience of inserting a chip-and-PIN card in the PINpad’s slot, but being issued a receipt for a contactless card that was nowhere near the PINpad. The contactless system isn’t supposed to work at distances of more than about two inches.

Regional convenience-store chain Mapco Express (NYSE:DK) said on Monday (May 6) that thieves may have stolen credit and debit card information from all 377 of its stores during March and April.

“The hackers accessed the payment processing systems used in all of our stores from March 19-25, in certain stores from April 20-21, 2013, and at two stores in Goodlettsville and Nashville, Tenn., from April 14-15, 2013. If you used your credit or debit card at one of these locations during these time periods, you card data may have been compromised,” the retailer said in a statement.

After a cook in one of its in-store restaurants was discovered to have typhoid fever, Nordstrom is trying to directly contact customers who might have been exposed to the disease. The retailer is sifting through point-of-sale transactions from the Nordstrom Cafe in the store at San Francisco’s Stonestown Galleria mall in an attempt to identify specific customers who could have been exposed, but that’s proving more challenging than expected, a spokesperson for the chain said on Monday (May 6).

The San Francisco health department notified the store late last Thursday (May 2) that an employee was diagnosed with typhoid and may have exposed customers who ate in the restaurant to it on April 16, 17, 18, 20 or 27. As of this week, no cases of customers or other store associates having the disease have been reported, according to the health department. But Nordstrom is still trying to track down anyone potentially exposed.

Walmart is arguably the most tightfisted retail chain in the world, constantly driving out costs any way it can. So why is the world’s largest retailer now focused on building its own technology instead of buying it off the shelf? According to the chain’s e-commerce chief, that’s the only way it can get a competitive advantage from the technology.

“We can’t do what we need to do and want to do with off-the-shelf solutions,” said Neil Ashe, Walmart president and CEO of global e-commerce, speaking at a retail conference last week. And one of the first big projects to come from the insourcing is a proprietary search engine that has tighter integration with local stores that will let Walmart continuously customize its search without having to wait for outsiders to develop the features it wants.

Ebay and retailer Kate Spade are doing something this summer that would have been unthinkable just a few years ago: creating a pop-up store in New York that will feature a gigantic touchscreen store window. Let’s be clear—what would have been unthinkable would be a relatively small (82-store) apparel chain taking on something this technically aggressive, even with a partner as big as eBay to help foot the bill.

Leaving aside all the obvious unanswered questions—from “how do you physically protect a giant touchscreen?” to “how much of an exhibitionist does a customer have to be to browse a web catalog that’s taller than she is, right out in public?”—it’s a testament to how inexpensive and physically tough this kind of technology has become that it’s viewed as practical. Of course, that all assumes that the chain and eBay will actually get it to work as advertised.

Online sales taxes are marching toward reality much faster than anyone would have expected even a month ago. The “Marketplace Fairness Act,” which would allow states to collect sales taxes through online retailers even if the merchants don’t have physical operations in those states, is being debated in the U.S. Senate this week after being fast-tracked to avoid the Senate Finance Committee, where every previous version of the bill since 2001 has died.

One key element of the bill that won’t relieve the tax pinch but should simplify the implementation: A state can’t start requiring collection of the taxes until it provides free software that nails down all the complexities of that state’s sales tax structure, including automatic calculation of what rates are owed on which products for any location in the state.

Who says regional chains can’t compete with the big boys? On Sunday (April 14), the 100-store Schnuck Markets grocery chain revealed more details about the breach it reported in March, and the numbers are impressive: 79 stores breached, with as many as 2.4 million payment card numbers potentially stolen over a four-month period. That puts it in the same class as breaches in recent years at Barnes & Noble, Michaels, Aldi and Hancock Fabrics stores.

But unlike those attacks, Schnuck’s said its PINpads were not tampered with—the attack was apparently done entirely through malware implanting somehow on Schnuck’s payment-related systems. An even more troubling revelation: The breach activity seems to have begun on Dec. 1, less than a month after the chain’s QSA validated its systems as PCI DSS compliant.

What happens next at JCPenney (NYSE:JCP), after the 1,100-store chain fired CEO Ron Johnson on Monday (April 8) and replaced him with the CEO that Johnson replaced, Mike Ullman? The retailer isn’t saying. But one thing is certain: The chain won’t just be turning the clock back to the day Ullman departed in 2011. Many of the internal changes Johnson instituted at JCPenney are effectively irreversible, including remodeling all the chain’s stores and replacing much of the chain’s IT capability. That money is already spent.

Johnson had already reversed many of his decisions that were the most unpopular with shoppers—including his elimination of sales, discount pricing (including “mark up to mark down”) and coupons. And then there’s Johnson’s beloved shops-within-the-store concept—which isn’t likely to be reversed, mainly because it was originally the brainchild of a former Sephora executive with a familiar name: Mike Ullman.

One of the results of StorefrontBacktalk‘s being acquired back in December is that we are going to be expanding into coverage that goes beyond Retail IT into other areas of retail. The first example of this launched last week and is a daily newsletter and site called FierceRetail.

The site applies the same kind of perspective, analysis and bad jokes that StorefrontBacktalk has always delivered, but we can now explore issues way beyond IT. Consider our coverage of an unorthodox Apple patent, the reasoning behind the Sears Portrait shutdown, why Target’s Manatee mishap is a lot worse than it looked, Samsung’s real retail strategy, why Best Buy and Target’s Geek Squad alliance was doomed and stats showing Visa having all-but-cornered the debit market. It’s all free, of course. If you’d like to sign up, our latest thoughts will be in your Inbox early each morning.

Target (NYSE:TGT) is quietly getting into the E-Commerce infrastructure business. The $68 billion chain announced last Thursday (March 14) that it is buying online cookery sites CHEFS Catalog and Cooking.com, both of which sell kitchenware and utensils. But Cooking.com also provides the backend for several high-profile celebrity cooking websites — and Target apparently intends to keep its hands off that business as long as it keeps growing.

Keep in mind that it’s barely a year and a half since Target could barely keep its own newly built E-Commerce site running, after a decade of having its E-Commerce operations run by Amazon (NASDAQ:AMZN). That’s fresh in the minds of Target E-Commerce execs, so if there’s any chain that can see an advantage to becoming a mini-Amazon for cooking websites, it’s Target.

Maybe digital receipts and coupons are something you need to start promoting—and fast. The second-largest supplier of POS receipt paper, Germany’s Koehler, still plans to stop shipping paper to the U.S. in April, after a December ruling by the Commerce Department that will increase tariffs by more than 70 percent. That could translate into shortages and will almost certainly mean higher prices for thermal paper, which is used in most chains’ POS printers.

U.S. and Chinese paper mills say they will eventually fill the shortfall from the U.S. exit of Koehler, which has been providing about 40 percent of POS paper. But in the meantime chain execs may be expecting IT to keep stores from running out of paper. Strange as it sounds, it is IT’s problem—and the second-easiest option is digital receipts.

Say what you will about Amazon (NASDAQ: AMZN), but it’s an impressive operation when it comes to sweating the details. One such design innovation from Amazon—it’s ultra-smooth, almost instantaneous-responding pulldown menus—was driving one developer crazy, until he (possibly) figured out how Amazon’s people did it. The developer is Ben Kamens, who is lead developer at Khan Academy, and this is his theory on the pulldown magic, along with his suggested code for replicating it. The trick appears to be not that different from Amazon’s gravity-based link assist Patent, where the system anticipates where the cursor is headed and opens the pulldown a split-second before the cursor gets there, making it feel like an immediate response.

Pulldowns have always been an efficient programmer tool (lots of content, minimal space), but never a shopper favorite. They are typically infuriating to use, with the submenus disappearing as the cursor tries to get there to click. Amazon’s approach fixes this issue, too, because the submenus politely stay there, assuming the shopper’s click will eventually arrive. Hats off to Mashable for first spotting this.

In online, when does anticipating a user’s likely move and making that move easier morph into imposing what the retailer wants the shopper to do? Can the programming power to make a site visitor’s cursor go where the retailer wants—and to specifically click on what the retailer wants clicked, such as “click here to purchase”—be something merchants can be expected to be disciplined about using? This ethical and marketing question (now there are two words rarely seen together) is prompted by a patent granted to Amazon on February 26.

That patent discusses using what Amazon (NASDAQ: AMZN) calls “gravity-based link assist” to guide a cursor to where the system thinks the shopper wants it to go. And to do so more quickly than some systems can. Although the patent specifies that this approach can be used in laptops, tablets and a wide range of other devices, its initial focus is on ebooks. That is because of a very specific technical issue: ebooks often have much slower refresh rates, so slow that shoppers can be confused about whether they have successfully clicked a link.

Abu Dhabi is going to an E-Commerce-friendly street address system. The capital of the United Arab Emirates announced on Sunday (Feb. 17) that, over the next 30 months, every building will get a number and every street will get a unique name (in many cases a much shorter name, in part to satisfy the needs of online forms), along with a short postal code. Currently, streets may be known by multiple names. For example, 7th Street is also Zayed the First, but it’s commonly known as Electra. And although the street Abu Dhabians call “Bank Street” is lined with banks, it’s formally named Khalid bin Waleed Street. Even some new glass-and-steel hotels have addresses like “Between the Bridges.”

Although local couriers are currently able to navigate the city to make deliveries, U.S.-style addresses should simplify things for E-tailers using addresses or postal codes for things like payment-card verification. It’s also a useful reminder for E-tailers that online forms designed for U.S. addresses aren’t necessarily going to work well in the rest of the world. With its population of 2.4 million people and a per capita income just below that of the U.S., Abu Dhabi is hardly a little desert oasis. But having three names for every street may not be so bad—just ask anyone who has tried to find an address on Peachtree in Atlanta.

In another sign that investing in security isn’t enough, three customers of security vendor Bit9 ended up with malware in their systems. This happened after a digital code-signing certificate was stolen from the vendor—and that, in turn, happened because Bit9 failed to use its own product on some of its systems.

Never mind the physician-heal-thyself aspect of this incident (which is a little tough for us because, well, Bit9 did do exactly what it tells its customers not to). More to the point, it’s another sign that retailers need to stop trusting security and start thinking securely.

For the past two years, the Payment Card Industry Security Standards Council (PCI SSC) has been taunting merchants with offers of a specialized (and simplified) Self-Assessment Questionnaire (SAQ) for those using “validated P2PE” approaches. At first, the council told merchants to wait while it drew up plans to validate the products. Then—finally—seven months ago, PCI SSC released its standards and told merchants to go right ahead and pick one of these validated options. There’s only one problem: As of Thursday (Feb. 7), the council hadn’t validated any.

That’s right. Seven months after the standards were released and nearly two full years from its initial announcements on the matter, the PCI SSC has yet to validate a single P2PE vendor that can offer the promised scope reductions and a simplified SAQ to merchants. Why? Well, quite frankly, pens GuestView Columnist J. David Oder, because the council designed the wrong standard.

Who actually believes in MSRP, anyway? On January 24, the New York Post breathlessly reported that JCPenney was asking (or maybe just planning to ask) suppliers for a “fake” list price, even if they don’t have one, so the 110-year-old chain could display that price along with JCPenney’s own lower price. The Post was shocked, shocked to find that pricing gimmicks were going on in retail.

The chain denied any fakery, but the real shock is that JCPenney bothered. Customers don’t care about the Manufacturer’s Spurious Retail Price. They care whether JCPenney’s price is lower than Macy’s or Kohl’s, and they can get that information online. Why isn’t JCPenney doing the same thing?

When there is a retail IT contractual dispute with a software vendor—as is now happening with Lands’ End—that ISV (or cloud or other “as a service” provider) may have a contractual right to terminate access to the software or service, with or without notice.

Under what has been called “digital repossession,” software vendors may even have the right to decide for themselves whether the terms of a contract have been breached and to simply terminate access to the software or the service. The key here, writes StorefrontBacktalk Legal Columnist Mark Rasch, is to make sure both software license agreements and service agreements have a “soft landing” provision that ensures the vendor is paid for its services while limiting the impact of a sudden withdrawal of the service or software.

Lands’ End has landed in a nasty fight over software licensing. On January 17, the Sears mail-order and online subsidiary sued the supplier of its HR and payroll software, Genesys Software Systems, which wants Lands’ End to either pay for a new million-dollar license or pull the plug on the software immediately.

The lawsuit has the tactical advantage of freezing the situation, giving Lands’ End a little more time (very little time) to find a new home for its payroll system. But it’s also an object lesson in software end-of-life issues—that lesson being, “when a vendor has you over a barrel, it doesn’t have to play nice.”

Putting Albertsons back together again won’t be as easy as it looks. The grocery chain was split in 2006 between Supervalu and private equity firm Cerberus Capital Management, with both chains using the same logo in different geographic regions. But on January 10 the two owners decided to reunite what will now be a 650-store chain in a complicated deal that leaves only one thing very clear: These money managers aren’t thinking about IT when it comes to reassembling the chain.

Yes, the Albertsons logo is the same on both sides. But seven years later, everything from self-checkout to loyalty to POS to prescription systems is now different across the soon-to-be-unsplit chain. And everything will have to be merged—and fast.

By now, almost everyone in retail knows about Amazon’s glitch that sent congratulatory victory E-mails to fans of both Alabama and Notre Dame—half a day before they played in the NCAA championship game on Monday night (Jan. 7). The obvious question: Why weren’t safeguards in place to prevent this from happening?

Amazon isn’t saying, but chances are good that such safeguards were in place—and that’s why the victory E-mails went out hours before the game even started.

As the founder of StorefrontBacktalk, I am thrilled to announce today that StorefrontBacktalk is now a member of the FierceMarkets family of B2B publications. FierceMarkets is a wholly owned subsidiary of the Questex Media Group.

Our voice and approach—for good or for bad—will not change, and we have been told to continue delivering the same mix of breaking retail IT stories, analysis and opinion columns. (Yes, and some truly awful jokes. It’s in the contract that those stay.) The bylines here will stay, as Frank Hayes, PCI Columnist Walt Conway, Legal Columnist Mark Rasch and the rest of the team will continue to do that which we do. Me, too.

Didn’t we learn this lesson last year with Best Buy? On Black Friday morning, a Houston-area couple got up at 2:00 AM to order thousands of dollars’ worth of appliances from Sears. They got their order confirmation E-mail, went back to bed—and woke up to find another E-mail telling them their order had been canceled. Then the appliances were delivered, but charged at the regular prices thousands of dollars higher. It took a local TV station’s cage-rattling to get Sears to honor the Black Friday prices.

Sears’ explanation—the system sent confirmations before checking inventory but sent the cancellation E-mail almost immediately—misses the point. It’s 2012, not the dawn of E-Commerce. Inventory is online. Customers don’t need to be reminded that they just placed an order, only notified that their order will be honored. There’s no reason for two E-mails, nor is there any excuse for confirming an order by E-mail before checking inventory. That will take an extra 30 seconds? Five minutes? It’s E-mail. Nobody expects sub-second response times, not even customers. They do expect a “confirmation E-mail” to confirm they’ve made a purchase—and it’s long past time for retailers to get that message.

Microsoft has retail dreams to rival Apple’s chain of stores, but we’re pretty sure this isn’t going to help: A blogger on November 29 reported buying a Surface tablet at a Microsoft pop-up store in a New York City mall and then watching the PC-based POS system crash twice, requiring two separate reboots to complete the transaction.

This would be a little less embarrassing for Microsoft if not for the fact that the repeatedly crashing operating system was either Windows or Microsoft’s own customized version that it sells as a POS system. This is not the way you demonstrate your retail expertise—or compete with Apple.

How far can retailers go to get beyond retail technology that’s the same as what every other chain has? U.K. department store John Lewis held a TV-style competition this month that forced start-ups to pitch ideas for solving specific problems defined by the upmarket chain—and it was judged by business-side managers alongside IT management.

The result, as our media partner Retail Week reported, isn’t just that vendors were pulled into thinking in terms of actual retail needs. It also pulled non-IT managers into thinking about IT. As John Lewis Retail Operations Manager Mark Lewis said, “It sparks ideas in our minds.”