In a case that may have profound ramifications for retailers' ability not only to collect but also to protect the privacy of customers' location information, the U.S. Justice Department argued to a U.S. appeals court on Monday (Oct. 1) that Americans do indeed have no right to privacy when it comes to mobile phone geolocation data. This comes about two months after a different appellate court reached the same conclusion, ruling that Americans have no such privacy rights.
If there truly is no expectation of privacy in what is called "historical cell data" (where you were, as opposed to where you are right now), then there would be no problem with retailers' collecting this data about their customers with or without the knowledge and consent of those customers, pens Legal Columnist Mark Rasch. Just as video cameras in the mall capture images of customers (and their locations), retailers could use cell data to find out where their best (and worst) customers are. Accepting the government's argument before the federal court, there would be no privacy violation for a retailer doing this.
The fight over the interchange settlement is heating up again, with the biggest settlement opponent apparently trying to swing PayPal onto its team. On September 28, the National Association of Convenience Stores' lawyer, Douglas Kantor, claimed that the settlement's terms would hobble PayPal's in-store payments hopes. (PayPal hasn't said anything on the subject, which suggests how much of a reach this is.)
But even Kantor admitted PayPal could fix the problem with a simple change in its merchant terms. A much trickier problem for retailers post-settlement may be deciding what price to put on each item—or whether there even is a single official price.
Point-to-point encryption (P2PE) is a technology that promises to reduce a merchant's PCI scope significantly. Ideally, with an approved P2PE approach, a merchant's only PCI scope will be the point-of-interaction (POI) device itself. But do merchants really need to wait for a P2PE-approved package to get the benefits?
The answer to that question, in some cases, might be "No." Instead, writes PCI Columnist Walter Conway, based on the PCI Security Standards Council's revised guidance on when encrypted cardholder data may be considered out of scope, it might be possible that existing vendor offerings could potentially bring some merchants the same benefits with less work and without waiting—and paying—for the first P2PE products to hit the market.
By November, the 654-store Finish Line sportswear chain will become the first major retailer to have mobile checkout in every one of its stores, just in time for the holidays. But while piloting the system in almost 50 stores, the $1.4 billion Indianapolis chain has had to wrestle with the practical versus the potential. For example, the associate-issued mobile units have full CRM access, so associates are able to review a customer's full purchase history to deliver the best experience. To avoid awkwardness, though, most associates don't access such history until after a sale is completed, when asking for a loyalty card seems natural.
"It undermines the strategy," said Finish Line CIO Terry Ledbetter. "But quite frankly, it was hard to imagine how resistant customers would be to telling you who they are. 'You don't need to know who I am,'" he said, adding that the chain is exploring using an opt-in feature on its mobile app that would broadcast to all associates when a customer walks in the store.
After two years and 125 million iPads and other tablet computers shipped, most large chains' mobile Web sites still don't seem to know that tablets exist. They still serve up an M-Commerce site designed for a tiny smartphone screen, which looks somewhere between mediocre and terrible on a tablet screen that's seven inches or larger. That means just a few years after chains finally figured out the importance of customizing M-Commerce sites for phones, there's a new advantage to be gained by spotting which mobile devices don't have tiny screens and giving them their own customized tablet sites or the full-size Web site.
Among the largest retailers, only the Amazon, Home Depot, McDonald's, Kohl's, Apple, JCPenney, Gap and Overstock Web sites showed up in a tablet or full-screen version. Staples.com showed up on a seven-inch tablet with slightly more content added to what was still clearly a site designed for a phone screen. But Walmart, Target, Walgreen, CVS, Lowe's, Best Buy, Sears, Macy's, Rite Aid, TJ Maxx, Nordstrom and even eBay served up exactly the same screen for a tablet as for a phone with a screen a small fraction of the size. On the phone, those compact, minimalist sites help usability. On even a small tablet, the result is vast expanses of blank space that all but drives away customers.
Maybe it's time for retailers to give up on price-matching promotions. Last Friday (Sept. 21), U.K. supermarket chain Asda all but threw in the towel on a promotion in which it promised to beat competitors' prices by 10 percent or refund the difference. The problem (spotlighted in a story by one of the U.K.'s biggest newspapers): "Professional shoppers" were milking the promotion to get as much as $14,000 in rebates in a month.
It used to be only chains that kept detailed databases of competitors' prices. Now every coupon or rebate Web site has data that's even more current, which makes beating a chain's price-match promotion trivial.
In our story this week about the various ways to track shopper location in-store, an astute reader asked whether tracking a shopping cart wouldn't be an easier approach than tracking the mobile device. Although tracking the cart or a handheld basket is much more limited, it does have some wonderful advantages. But what if you could marry the brains of a mobile app with the bulk—and easier trackability—of a cart?
This marriage could be a very low-cost proposition, with the app asking for the cart's number or, better yet, the cart presenting a QR or barcode that the app can scan. The app—with its capabilities and its CRM history—could use a cart equipped with a simple radio beacon for navigation purposes.
For the last year or two, brick-and-mortar execs have shared three bogeymen—showrooming, E-Commerce sales tax avoidance and Amazon, itself—blaming each for plummeting sales. And just like the bogeymen of generations of children's nightmares, neither of the first two is real, other than being real excuses for their own problems. The sales tax bogeyman has been mostly exposed to the light, with the initial states where Amazon has started charging sales tax showing what should surprise no one: The sales taxes being charged have had no statistically meaningful impact on Amazon sales.
For the Amazon sales tax haven to be an issue, you first have to believe that the only—or even a main—reason why people shop at Amazon is to save the sales tax. There are quite a few reasons why that is absurd. But the fact that shipping charges are typically many times the sales tax is a pretty good place to start.
For quite a few years now, retailers have salivated over the idea of mobile phones revealing exactly where shoppers are at all times. Retailers would know which displays customers are standing in front of, for how long and what actions they take right afterward. Unfortunately, even though mobile devices have advanced quite a bit recently, the ability to know location with any precision has been elusive.
No major advances in mobile location technology have emerged. In the last couple of months, however, quite a few very different approaches to location tracking have emerged. These range from leveraging the earth's magnetic field to piggybacking the data already used by mobile ads, tracking a combination of Wi-Fi and Bluetooth signals, and riding the audio signals from existing music speakers. One app even reacts to light patterns from specially enhanced LED bulbs.
Best Buy on Monday (Sept. 17) described a trial it's doing with eBay's RedLaser, where it uses in-store Wi-Fi triangulation coupled with near-the-store GPS tracking to confirm that a shopper has walked into a Best Buy. Once confirmed, it pops up a special version of RedLaser's app focused solely on Best Buy. The traditional RedLaser app—which will still be available to those shoppers in a Best Buy—did a more global product search among all retailers.
What's impressive is that this approach is three levels deeper than what RedLaser has been used to. It goes beyond limiting its results to Best Buy, focusing instead on what that specific Best Buy store sells and then limiting the results to what that specific Best Buy store has in stock. This means Best Buy's APIs are sharing real-time inventory data.
JCPenney showed off its new "shops within the store" concept on Wednesday (Sept. 19). But there are still more than a few unanswered questions about exactly how the retailer's in-aisle checkout will work when it goes live in February 2013. The biggest issue: Will customers treat the clusters of mini-shops like a mall (pay when you leave each mini-shop) or like a department store (pay all at once at the end)?
The 1,100-store chain's CEO, Ron Johnson, admits that JCPenney is still figuring out the workflow for checkout. He'd better work fast—this is a lot more complicated than anyone assumed.
When Walmart unveiled its local-store Facebook program almost a year ago, it touted a page for some 3,500 neighborhood stores, with content based on that community's interests and local comments and complaints answered by local store management. Since that time, the Facebook strategy of Walmart corporate (not the stores) has performed brilliantly, increasing its FB fans from 9 million to 19.5 million in less than a year. And even with those types of numbers, Walmart corporate has proven unusually responsive to comments.
But the social program of its stores, during the same timeframe, has gone nowhere, according to a report slated to be released Thursday (Sept. 20). The reason? Just about nothing that corporate is doing right—dedicated social resources, rules about the number and frequency of posts, people dedicated to responding to shopper comments—has been replicated at the store level. The stores have been left to do whatever they can fit in, which the report said seems to be pretty much nothing.
A recent security hole discovered in EMV (yes, another one) involving the way it handles encryption is one that can be prevented based on how a retailer sets up its system. The hole is a major issue in regions where EMV is dominant, including Europe, Canada and Mexico. But with U.S. retailers just starting to consider EMV, it's a theoretically preventable attack.
"Having the terminal request the nonce from the issuer adds another full round-trip message, which is a lot of extra time. Nobody wants that," said one security manager with a major chain. "It's an extra pass through the payment network. That raises the question of cost. Will payment providers carry them for free? Will that impact their peak season throughput?"
ISIS has dodged a bullet. Just after Apple launched the iPhone 5 on September 12 without a surprise mobile-payments announcement, ISIS said its long-expected summer trial in Salt Lake City and Austin won't start this summer after all. Some coincidence, huh?
An Apple surprise might have forced the mobile-operator consortium to rush into its launch. That's not something ISIS wants to do, especially now that Google has already tried and abandoned ISIS's chosen technical approach and the number of ISIS-supporting retailers still isn't up to what ISIS wants it to be. And that's not the worst of it: There's still no leadership in mobile payments.
Yet another video-related shopping patent was issued last Friday (Sept. 14), and it's not for retail chains—at least not at first glance. U.S. Patent 8,244,594 describes a personal shopping...
When a federal appeals panel last month ruled that Americans have no right to privacy when it comes to the location data broadcast by their phones, some retailers started asking whether this meant geolocation opt-ins might no longer be necessary. In reality, such opt-ins never provided any protection. But continuing to do them is probably harmless, for both reasons of tradition and to keep legal happy.
There have always been only two reasons for seeking opt-ins—supposed legal protection and to negate future customer backlash. As a practical matter, opt-ins help out in neither situation. Let's start, though, by admitting there are two types of opt-in: knowingly/deliberate, and what retail chains use.
One of the highlights of last week's PCI Community Meeting was the long-awaited release of the PCI Security Standards Council's guidance on mobile-payment application developers. The document lays out a set of requirements that together form a roadmap for mobile-payment application developers and would-be developers.
Currently, retailers have a choice. They can use their smartphones and tablets, sticking on a dongle that reads a payment card's magnetic stripe, and be cruising down the mobile commerce highway. Or they can be PCI DSS compliant. Unfortunately, the PCI Council has stated that smartphones and tablets are not secure, pens PCI Columnist Walter Conway.
A glitch that sat between a Little Caesars franchisee's POS system and its payment processor, Fifth Third, caused one of its pizza shops to process zero payment-card transactions for more than eight months. (A second store didn't process transactions for two months.) And then, to the non-delight of that store's customers, the glitch was fixed and they started getting collectively hit with thousands of charges for eight months worth of pizza purchases.
Even more impressive is that the owner of this group of six California (Bay area) Little Caesars said it took him months before he realized that one store had posted no revenue for eight months and another for two months. This guy owns six stores and it takes him months to notice that one-third of his stores are reporting zero payment-card revenue?
On Monday (Sept. 10), two supply-chain standards organizations (GS1 US and VICS) said they would merge. For retail IT execs this merger is robustly inconsequential, because the next-generation barcode plans are still being pushed by the GS1 folk. VICS has pretty much been on life support. But this week's announcement does remind us to ask: "What the heck ever happened to GS1?"
Back when GuestView Columnist Ann Grackin started tracking such matters in 1995, the goal of the key players was that GS1 would be almost ubiquitous by about 2000. Today, some 12 years later, ubiquitous is hardly the move. And Ann conservatively projects that 2017 is much more likely. Now we have 2D and GS1 DataBar for the new world of mobile coupons. So what's been the slowdown? Quite a bit, it turns out.