Storefrontbacktalk

Trick Or Treat? New PCI Version To Be Here By Halloween

Evan Schuman — Fri, 16 May 2008 07:14:55 +0000

By this Halloween, the PCI Council will unveil the first major revision of the PCI DSS payment card security program in two years. But with the council not releasing any true details about the changes, nervous retailers are truly wondering “Trick or Treat?”

Robert Russo, general manager of the PCI Council and a man who never met an acronym he didn’t like (when we chatted, he tried turning QA into a verb—and he frighteningly got darn close), is trying to play down the significance of the new version, describing the modifications as “minor changes.” Read more.

Dave & Buster’s Data Breach Indictment: Apps Crash For The Bad Guys, Too

Evan Schuman — Fri, 16 May 2008 05:50:30 +0000

It was April 2007 when a pair of cyberthieves from the Ukraine and Estonia set out to try and grab payment card data from the 49-store Dave & Buster’s restaurant chain. But according to a federal indictment and a U.S. Secret Service affidavit unsealed May 12, 2008, the pair quickly discovered that software can be an equal-opportunity crasher.

“As a result of a defect in the software program for the packet sniffer, the packet sniffer automatically deactivated whenever the compromised (Dave & Buster’s) POS servers rebooted in the normal course of the operation of the servers,” the indictment said. “Therefore, in order for the packet sniffers to capture data from the compromised D&B POS servers on an ongoing basis, the defendants had to regularly reactivate the packet sniffers.” This group might even have had a hand in the TJX incident. Read more.

In E-Commerce Satisfaction: Netflix, QVC On Top; PCMall, Home Depot On Bottom

Evan Schuman — Thu, 15 May 2008 08:56:33 +0000

That which keeps consumers satisfied seems to be part of an E-Commerce site’s culture, as top (and bottom) players tend to show little movement, year to year. The latest results from measurement firm ForeSee Results seem to reinforce that.

Several of the top sites this year (Netflix, QVC, Amazon, DrsFosterSmith, Shutterfly and Newegg) changed only a few percentage points—and often less—from last year’s numbers. The percentage change for those at the bottom of the list (PCMall, PCConnection, Efollet, Bidz and Home Depot) is even smaller. ForeSee CEO Larry Freed said that a score of 80 percent or higher is “a really good score,” in the 70s “is in the average realm today” and anything below the 70s needs some serious work. Netflix came in at 86 percent, QVC at 84 percent and Amazon at 83 percent, while Home Depot and Bidz were both 69 percent, Efollet was at 68 percent and PCMall (the lowest) was at 67 percent.

Delegation Can Be Good, And A Half-Dozen Other Security Tips

Evan Schuman — Thu, 15 May 2008 07:50:02 +0000

From his perch in the world of security, Guestview Columnist David Taylor sees delegation as a good thing. Some of the retailers with the best strategies have figured out how to “deputize” internal audit, HR, data owners and store managers and give them specific things to do, from employee education to access monitoring to policy enforcement.

These leaders also tend to be more successful at getting business units and other departments to share the cost of PCI compliance with IT. Read more.

U.S. Watched 11.5 Billion Web Videos In March

Evan Schuman — Wed, 14 May 2008 10:13:29 +0000

For e-tailers who still think that Web video may be a fad, consider this stat: In March 2008, U.S. Internet users watched 11.5 billion online videos. That’s a 13 percent gain from the prior month and a 64 percent gain from the identical month the prior year, according to Comscore.

In March, Google Sites once again ranked as the top U.S. video property with more than 4.3 billion videos viewed (38 percent share of all videos), gaining 2.6 share points versus the previous month. YouTube.com accounted for 98 percent of all videos viewed at Google Sites. Fox Interactive Media ranked second with 477 million videos (4.2 percent), followed by Yahoo Sites with 328 million (2.9 percent) and Viacom Digital with 249 million (2.2 percent).

Google Pushes Aside Yahoo For #1 Slot

Evan Schuman — Wed, 14 May 2008 10:03:55 +0000

Thanks in no small part to soaring traffic on YouTube, Google for the first time took the top slot in American consumer reach in April 2008, besting Yahoo.

But it took that top slot just barely, reaching 141 million Americans in April. Yahoo ranked second with 140.6 million visitors, followed by Microsoft Sites with 121.2 million visitors.

TJX Gets 99.5 Percent Signoff With MasterCard Banks

Evan Schuman — Wed, 14 May 2008 09:51:11 +0000

When TJX announced a MasterCard agreement last month to pay $24 million for data breach costs stemming from the industry’s worst payment card data breach, it was contingent on at least 90 percent of the banks agreeing.

No surprise, but TJX made that acceptance rate with room to spare, coming in at 99.5 percent, the retailer announced May 14.

Applying Internet Security To RFID

Evan Schuman — Wed, 14 May 2008 09:23:04 +0000

NeoCatena Networks has in the wings a product designed to stop fraudulent or bad tag data from getting into the system from the supply chain.

Applying Internet-level security to RFID is something that has not gone very far, according to this RFID Update story about the anticipated rollout. NeoCatena Networks is developing RF-Wall, an appliance to be installed between RFID readers or controllers and middleware servers, edge servers or host applications in networked RFID systems. The product acts as a firewall that authenticates RFID tags prior to allowing their data to pass into enterprise systems and also scans input to detect and block malware. RF-Wall works by using the unique tag ID to create a digital signature.

FTC To Hold Contactless Hearing In Seattle

Evan Schuman — Wed, 14 May 2008 09:13:46 +0000

Retailers focused on contactless payment might want to circle July 24, 2008, on their calendar. That is when the U.S. Federal Trade Commission will hold a hearing in Seattle “to explore the growth of contactless payment systems and the implications for consumer protection policy.”

Here are the details of the FTC’s hearing along with a link to submit comments electronically. There are lots of legitimate pros and cons on this issue, but the panel should at least understand the merchant’s perspective.

Macys Shutting Down Bloomingdale’s Catalogue

Evan Schuman — Mon, 12 May 2008 15:59:41 +0000

Guess this is what the cliché-afflicted would call a “sign of the times.” Macys is killing the Bloomingdale’s catalog while Amazon.com is selling copies of Bloomingdale’s 1886 catalog for $12. (Can you imagine the number of out-of-stocks in that thing?)

Current Bloomie’s owner Macys is killing the classic catalog “by early 2009″ to focus more on its Web site and “reduce redundancies” (corporatespeak for pinkslip panic). A Macys statement even came up with a politically correct reason to zap the catalog: “Eliminating the paper catalog is also consistent with our sustainability and environmental policies of communicating more with customers electronically and less in paper.”