Has Tesco Figured Out How To Make All-Self-Checkout Work?

Tesco's experiment with an all-self-checkout store in the U.S. is delivering surprisingly favorable customer satisfaction stats. Internal Tesco customer surveys for its Fresh & Easy stores are...

Verichip Puts Itself Up For Sale, Parts Ways With CEO

Controversial RFID vendor Verichip on May 15 announced that it is selling much of the company, wants to sell the rest of it and that the company has parted ways with its CEO, Scott Silverman.Verichip...

Trick Or Treat? New PCI Version To Be Here By Halloween

By this Halloween, the PCI Council will unveil the first major revision of the PCI DSS payment card security program in two years. But with the council not releasing any true details about the changes, nervous retailers are truly wondering "Trick or Treat?"

Robert Russo, general manager of the PCI Council and a man who never met an acronym he didn't like (when we chatted, he tried turning QA into a verb—and he frighteningly got darn close), is trying to play down the significance of the new version, describing the modifications as "minor changes."

Dave & Buster's Data Breach Indictment: Apps Crash For The Bad Guys, Too

It was April 2007 when a pair of cyberthieves from the Ukraine and Estonia set out to try and grab payment card data from the 49-store Dave & Buster's restaurant chain. But according to a federal indictment and a U.S. Secret Service affidavit unsealed May 12, 2008, the pair quickly discovered that software can be an equal-opportunity crasher.

"As a result of a defect in the software program for the packet sniffer, the packet sniffer automatically deactivated whenever the compromised (Dave & Buster's) POS servers rebooted in the normal course of the operation of the servers," the indictment said. "Therefore, in order for the packet sniffers to capture data from the compromised D&B POS servers on an ongoing basis, the defendants had to regularly reactivate the packet sniffers." This group might even have had a hand in the TJX incident.

In E-Commerce Satisfaction: Netflix, QVC On Top; PCMall, Home Depot On Bottom

That which keeps consumers satisfied seems to be part of an E-Commerce site's culture, as top (and bottom) players tend to show little movement, year to year. The latest results from measurement firm...

Delegation Can Be Good, And A Half-Dozen Other Security Tips

From his perch in the world of security, Guestview Columnist David Taylor sees delegation as a good thing. Some of the retailers with the best strategies have figured out how to "deputize" internal audit, HR, data owners and store managers and give them specific things to do, from employee education to access monitoring to policy enforcement.

These leaders also tend to be more successful at getting business units and other departments to share the cost of PCI compliance with IT.

U.S. Watched 11.5 Billion Web Videos In March

For e-tailers who still think that Web video may be a fad, consider this stat: In March 2008, U.S. Internet users watched 11.5 billion online videos. That's a 13 percent gain from the prior month and...

Google Pushes Aside Yahoo For #1 Slot

Thanks in no small part to soaring traffic on YouTube, Google for the first time took the top slot in American consumer reach in April 2008, besting Yahoo.But it took that top slot just barely,...

TJX Gets 99.5 Percent Signoff With MasterCard Banks

When TJX announced a MasterCard agreement last month to pay $24 million for data breach costs stemming from the industry's worst payment card data breach, it was contingent on at least 90 percent of...

Applying Internet Security To RFID

NeoCatena Networks has in the wings a product designed to stop fraudulent or bad tag data from getting into the system from the supply chain.Applying Internet-level security to RFID is something that...

FTC To Hold Contactless Hearing In Seattle

Retailers focused on contactless payment might want to circle July 24, 2008, on their calendar. That is when the U.S. Federal Trade Commission will hold a hearing in Seattle "to explore the growth of...

Macy's Shutting Down Bloomingdale's Catalogue

Guess this is what the cliche-afflicted would call a "sign of the times." Macys is killing the Bloomingdale's catalog while is selling copies of Bloomingdale's 1886 catalog for $12. (Can...

Arrests Made In California Debit-Card Skimming Scam

California authorities have arrested two men in connection with another retail card-reader switch scam, an effort that police say brought in about $225,000 from 222 victims who swiped their debit...

Self-Checkout Psychology: Losing The Customer's Trust

With the many new self-checkout offerings being introduced this week from the likes of IBM, NCR and Fujitsu, it's not a bad idea to focus on what will truly decide whether these machines do anything to help retailers.

To state the obvious: It's getting consumers to use them. I say it's obvious, but one wouldn't guess that based on what the vendors were saying this week.

Self-Checkout: It's Not Just For Lanes Anymore

With the nation's largest casino town as its backdrop, IBM and NCR gambled that the ho-hum growth in self-checkout can become a winner if the systems are moved away from the front-of-the-store checkout lanes and moved back toward the deli, bakery and even in the middle of the cereal aisle. All in all, I'd rather take my chances at rolling a 10 the hard way.

Las Vegas was hosting the 2008 Food Marketing Institute and Marketechnics show, which felt like self-checkout central this week.

The Home Depot Self-Checkout Machine That Wouldn't Take "No" For An Answer

Trying to collect some innocuous-sounding information from self-checkout customers, a self-checkout system at a Maryland Home Depot instead accidentally got itself embroiled in a privacy controversy.

The story began on May 8 when a woman visited a Baltimore Home Depot to buy a few odds and ends, including plants, pots and tile sealer.

The Data Breach Librarian Actually Gets Paid

The Florida librarian and data breach victim who successfully took Wells-Fargo and Sprint Nextel to small claims court was paid this week, something that some data breach observers doubted would ever happen.

Theodore Karantsalis had filed the lawsuit for several reasons, but one was to prove that consumers would fare far better—faster, easier and more money—in small claims court than as one of many in some class-action litigation.

Twitter Dead Last In Social Network Uptime

With its sites being unavailable for barely one hour over four months, MySpace has the best uptime of any major social networking site and Twitter (more than 37 hours of downtime during the same period) has the worst. Those stats come courtesy of Pingdom's periodic uptime surveys, which tracked some 16 social networking sites from January 1 through April 30 of this year.

Not only was Twitter's 37 hours and 16 minutes of downtime the worst in the group, it was almost double the amount of downtime from the second worst-performing site (, with 18 hours and 55 minutes of downtime). But even Twitter's numbers amounted to an uptime that sounded good: 98.72 percent. Pingdom's Peter Alguacil said those percentages can be misleading.

The Dangers Of Choosing The Wrong Wireless Approach

London-based Marks & Spencer is the RFID tag champ. Attaching 350 million a year to items of clothing, they even blow past Wal-Mart when it comes to tagging individual items. Unfortunately, each and every one of those tags might have used the wrong technology.

The exec "who has been running the program said to me a year ago, 'I'd love Nokia to say we have a way for people to walk into this door, wave their phone over a suit and take it home,'" said IDTechEx Chairman Peter Harrop. "But he said, 'I think I've chosen the wrong frequency.'"

Opposition To Tokenization A Lot More Than Token

GuestView Columnist David Taylor this week discovered that there's a lot more than token opposition to tokenization.

One of the concerns is that companies have already spent money on encryption. The most popular reason for not implementing tokenization is that companies have already implemented data encryption and key management systems costing hundreds of thousands of dollars, and either they did not feel they needed tokenization or they were unwilling to be perceived by upper management as "changing course" by recommending the removal of the data they just spent all this money to protect.