News

Do Merchants Need P2PE?

Point-to-point encryption (P2PE) is a technology that promises to reduce a merchant's PCI scope significantly. Ideally, with an approved P2PE approach, a merchant's only PCI scope will be the point-of-interaction (POI) device itself. But do merchants really need to wait for a P2PE-approved package to get the benefits?

The answer to that question, in some cases, might be "No." Instead, writes PCI Columnist Walter Conway, based on the PCI Security Standards Council's revised guidance on when encrypted cardholder data may be considered out of scope, it might be possible that existing vendor offerings could potentially bring some merchants the same benefits with less work and without waiting—and paying—for the first P2PE products to hit the market.

Walmart China: Always The Low Price Last Week

This is just not Walmart's week for price management. On Tuesday (Sept. 25), a Walmart store in China was slapped with almost $16,000 in fines for a "discount hoax," according to China Daily. In May,...

Finish Line's Mobile Checkout: Practical Vs. Potential

By November, the 654-store Finish Line sportswear chain will become the first major retailer to have mobile checkout in every one of its stores, just in time for the holidays. But while piloting the system in almost 50 stores, the $1.4 billion Indianapolis chain has had to wrestle with the practical versus the potential. For example, the associate-issued mobile units have full CRM access, so associates are able to review a customer's full purchase history to deliver the best experience. To avoid awkwardness, though, most associates don't access such history until after a sale is completed, when asking for a loyalty card seems natural.

"It undermines the strategy," said Finish Line CIO Terry Ledbetter. "But quite frankly, it was hard to imagine how resistant customers would be to telling you who they are. 'You don't need to know who I am,'" he said, adding that the chain is exploring using an opt-in feature on its mobile app that would broadcast to all associates when a customer walks in the store.

Do Walmart, Macy's And Target Even Know Tablets Exist?

After two years and 125 million iPads and other tablet computers shipped, most large chains' mobile Web sites still don't seem to know that tablets exist. They still serve up an M-Commerce site designed for a tiny smartphone screen, which looks somewhere between mediocre and terrible on a tablet screen that's seven inches or larger. That means just a few years after chains finally figured out the importance of customizing M-Commerce sites for phones, there's a new advantage to be gained by spotting which mobile devices don't have tiny screens and giving them their own customized tablet sites or the full-size Web site.

Among the largest retailers, only the Amazon, Home Depot, McDonald's, Kohl's, Apple, JCPenney, Gap and Overstock Web sites showed up in a tablet or full-screen version. Staples.com showed up on a seven-inch tablet with slightly more content added to what was still clearly a site designed for a phone screen. But Walmart, Target, Walgreen, CVS, Lowe's, Best Buy, Sears, Macy's, Rite Aid, TJ Maxx, Nordstrom and even eBay served up exactly the same screen for a tablet as for a phone with a screen a small fraction of the size. On the phone, those compact, minimalist sites help usability. On even a small tablet, the result is vast expanses of blank space that all but drives away customers.

Can Price-Match Deals Work? Not Any More

Maybe it's time for retailers to give up on price-matching promotions. Last Friday (Sept. 21), U.K. supermarket chain Asda all but threw in the towel on a promotion in which it promised to beat competitors' prices by 10 percent or refund the difference. The problem (spotlighted in a story by one of the U.K.'s biggest newspapers): "Professional shoppers" were milking the promotion to get as much as $14,000 in rebates in a month.

It used to be only chains that kept detailed databases of competitors' prices. Now every coupon or rebate Web site has data that's even more current, which makes beating a chain's price-match promotion trivial.

Would A Marriage Of Mobile And A Shopping Cart Solve The In-Store Tracking Issue?

In our story this week about the various ways to track shopper location in-store, an astute reader asked whether tracking a shopping cart wouldn't be an easier approach than tracking the mobile device. Although tracking the cart or a handheld basket is much more limited, it does have some wonderful advantages. But what if you could marry the brains of a mobile app with the bulk—and easier trackability—of a cart?

This marriage could be a very low-cost proposition, with the app asking for the cart's number or, better yet, the cart presenting a QR or barcode that the app can scan. The app—with its capabilities and its CRM history—could use a cart equipped with a simple radio beacon for navigation purposes.

Brick-and-Mortars And Their Bogeymen: Showrooming, Online Sales Tax And Amazon

For the last year or two, brick-and-mortar execs have shared three bogeymen—showrooming, E-Commerce sales tax avoidance and Amazon, itself—blaming each for plummeting sales. And just like the bogeymen of generations of children's nightmares, neither of the first two is real, other than being real excuses for their own problems. The sales tax bogeyman has been mostly exposed to the light, with the initial states where Amazon has started charging sales tax showing what should surprise no one: The sales taxes being charged have had no statistically meaningful impact on Amazon sales.

For the Amazon sales tax haven to be an issue, you first have to believe that the only—or even a main—reason why people shop at Amazon is to save the sales tax. There are quite a few reasons why that is absurd. But the fact that shipping charges are typically many times the sales tax is a pretty good place to start.

How Do I Track Thee, Mobile Shopper? Let Me Count The Ways

For quite a few years now, retailers have salivated over the idea of mobile phones revealing exactly where shoppers are at all times. Retailers would know which displays customers are standing in front of, for how long and what actions they take right afterward. Unfortunately, even though mobile devices have advanced quite a bit recently, the ability to know location with any precision has been elusive.

No major advances in mobile location technology have emerged. In the last couple of months, however, quite a few very different approaches to location tracking have emerged. These range from leveraging the earth's magnetic field to piggybacking the data already used by mobile ads, tracking a combination of Wi-Fi and Bluetooth signals, and riding the audio signals from existing music speakers. One app even reacts to light patterns from specially enhanced LED bulbs.

Best Buy RedLaser Trial Just Shows One Store’s Stock

Best Buy on Monday (Sept. 17) described a trial it's doing with eBay's RedLaser, where it uses in-store Wi-Fi triangulation coupled with near-the-store GPS tracking to confirm that a shopper has walked into a Best Buy. Once confirmed, it pops up a special version of RedLaser's app focused solely on Best Buy. The traditional RedLaser app—which will still be available to those shoppers in a Best Buy—did a more global product search among all retailers.

What's impressive is that this approach is three levels deeper than what RedLaser has been used to. It goes beyond limiting its results to Best Buy, focusing instead on what that specific Best Buy store sells and then limiting the results to what that specific Best Buy store has in stock. This means Best Buy's APIs are sharing real-time inventory data.

JCPenney's In-Aisle Checkout And Store Redesigns Are About To Collide

JCPenney showed off its new "shops within the store" concept on Wednesday (Sept. 19). But there are still more than a few unanswered questions about exactly how the retailer's in-aisle checkout will work when it goes live in February 2013. The biggest issue: Will customers treat the clusters of mini-shops like a mall (pay when you leave each mini-shop) or like a department store (pay all at once at the end)?

The 1,100-store chain's CEO, Ron Johnson, admits that JCPenney is still figuring out the workflow for checkout. He'd better work fast—this is a lot more complicated than anyone assumed.

Walmart's Local Facebook Fiasco

When Walmart unveiled its local-store Facebook program almost a year ago, it touted a page for some 3,500 neighborhood stores, with content based on that community's interests and local comments and complaints answered by local store management. Since that time, the Facebook strategy of Walmart corporate (not the stores) has performed brilliantly, increasing its FB fans from 9 million to 19.5 million in less than a year. And even with those types of numbers, Walmart corporate has proven unusually responsive to comments.

But the social program of its stores, during the same timeframe, has gone nowhere, according to a report slated to be released Thursday (Sept. 20). The reason? Just about nothing that corporate is doing right—dedicated social resources, rules about the number and frequency of posts, people dedicated to responding to shopper comments—has been replicated at the store level. The stores have been left to do whatever they can fit in, which the report said seems to be pretty much nothing.

Another EMV Security Hole, But This One Is Preventable In The U.S.

A recent security hole discovered in EMV (yes, another one) involving the way it handles encryption is one that can be prevented based on how a retailer sets up its system. The hole is a major issue in regions where EMV is dominant, including Europe, Canada and Mexico. But with U.S. retailers just starting to consider EMV, it's a theoretically preventable attack.

"Having the terminal request the nonce from the issuer adds another full round-trip message, which is a lot of extra time. Nobody wants that," said one security manager with a major chain. "It's an extra pass through the payment network. That raises the question of cost. Will payment providers carry them for free? Will that impact their peak season throughput?"

ISIS Delay Points Out Mobile Payments Problem: No Leadership

ISIS has dodged a bullet. Just after Apple launched the iPhone 5 on September 12 without a surprise mobile-payments announcement, ISIS said its long-expected summer trial in Salt Lake City and Austin won't start this summer after all. Some coincidence, huh?

An Apple surprise might have forced the mobile-operator consortium to rush into its launch. That's not something ISIS wants to do, especially now that Google has already tried and abandoned ISIS's chosen technical approach and the number of ISIS-supporting retailers still isn't up to what ISIS wants it to be. And that's not the worst of it: There's still no leadership in mobile payments.

Why Not Use Mobile Devices To Let Customers Literally See What's In-Store?

Yet another video-related shopping patent was issued last Friday (Sept. 14), and it's not for retail chains—at least not at first glance. U.S. Patent 8,244,594 describes a personal shopping...

Opt-In Is Nice For Tradition, But Don't Expect Any Protection

When a federal appeals panel last month ruled that Americans have no right to privacy when it comes to the location data broadcast by their phones, some retailers started asking whether this meant geolocation opt-ins might no longer be necessary. In reality, such opt-ins never provided any protection. But continuing to do them is probably harmless, for both reasons of tradition and to keep legal happy.

There have always been only two reasons for seeking opt-ins—supposed legal protection and to negate future customer backlash. As a practical matter, opt-ins help out in neither situation. Let's start, though, by admitting there are two types of opt-in: knowingly/deliberate, and what retail chains use.

PCI Memo To Mobile Payment App Developers: It's Up To You

One of the highlights of last week's PCI Community Meeting was the long-awaited release of the PCI Security Standards Council's guidance on mobile-payment application developers. The document lays out a set of requirements that together form a roadmap for mobile-payment application developers and would-be developers.

Currently, retailers have a choice. They can use their smartphones and tablets, sticking on a dongle that reads a payment card's magnetic stripe, and be cruising down the mobile commerce highway. Or they can be PCI DSS compliant. Unfortunately, the PCI Council has stated that smartphones and tablets are not secure, pens PCI Columnist Walter Conway.

Little Caesars System Delayed Thousands Of Charges For Eight Months

A glitch that sat between a Little Caesars franchisee's POS system and its payment processor, Fifth Third, caused one of its pizza shops to process zero payment-card transactions for more than eight months. (A second store didn't process transactions for two months.) And then, to the non-delight of that store's customers, the glitch was fixed and they started getting collectively hit with thousands of charges for eight months worth of pizza purchases.

Even more impressive is that the owner of this group of six California (Bay area) Little Caesars said it took him months before he realized that one store had posted no revenue for eight months and another for two months. This guy owns six stores and it takes him months to notice that one-third of his stores are reporting zero payment-card revenue?

What's The Big Delay With GS1 Databar All About?

On Monday (Sept. 10), two supply-chain standards organizations (GS1 US and VICS) said they would merge. For retail IT execs this merger is robustly inconsequential, because the next-generation barcode plans are still being pushed by the GS1 folk. VICS has pretty much been on life support. But this week's announcement does remind us to ask: "What the heck ever happened to GS1?"

Back when GuestView Columnist Ann Grackin started tracking such matters in 1995, the goal of the key players was that GS1 would be almost ubiquitous by about 2000. Today, some 12 years later, ubiquitous is hardly the move. And Ann conservatively projects that 2017 is much more likely. Now we have 2D and GS1 DataBar for the new world of mobile coupons. So what's been the slowdown? Quite a bit, it turns out.

Spending Less On Mobile Often Yields The Same Results

Here's some good mobile news for your bean-counting bosses: Spending less on mobile, in most situations, will deliver roughly the same results as spending a lot more, according to a report released Tuesday (Sept. 11) by Forrester Research and the National Retail Federation (NRF).

Clearly, that's not always the case. Sometimes spending much more is highly beneficial but may not deliver immediately better mobile stats; for example, an infrastructure investment that will provide better uptime and faster performance for many years. That caveat caveated, the fact that Forrester found few, if any, performance gains from spending more money on mobile is deliciously counter-intuitive.

Do Not Track Feud Drags Retail Web Sites Into Legal Risk

Retailers could really use some cooperation from vendors these days—or at least fewer surprises—when it comes to following privacy policies. Right, that'll happen. As of last week, Microsoft and the Apache Web server project are feuding over how Apache (the most widely used Web server) will handle Do Not Track features of Internet Explorer (the most widely used Web browser).

Unfortunately, the two software suppliers aren't just throwing the usual hissy fits at each other. They're configuring their software as part of the feud, which means retailers and their online privacy policies and, potentially, the Federal Trade Commission are caught in the middle.