Retail Realties Columns on CBSNews

About Men's Warehouse change in leadership. "It's the difference between having many customers who want to be in the stores and who enjoy getting clothes that they like and customers who find shopping for clothes one-quarter notch more pleasant than dental surgery," notes Evan Schuman, editor of StorefrontBacktalk."

"The Albertson's supermarket chain is getting rid of self-checkout at all locations, and Kroger is experimenting with no-self-checkout stores as well, reports StorefrontBacktalk."

"Kroger, the largest grocery chain in the U.S. (with some 2,500 outlets), is experimenting with removing all self-checkouts in at least one Texas store, reports StorefrontBacktalk, an industry publication."

"Bill Bass, who used to run e-commerce operations for Sears and Lands End and now overseas the Charming Shoppes chain online initiatives, recently gave an interview with StorefrontBacktalk that describes perfectly the conundrum facing brands — or specifically retailers — that base a campaign around getting a Facebook Like."

"And it has to make sure Target's new website doesn't crash, as it has several times since it rolled out in late August, including a five-hour malfunction in September when shoppers stormed online to buy Missoni clothes and housewares. 'It's a very cutting-edge site that wasn't sufficiently tested and it can't hold up to the strains of Target traffic,' said Evan Schuman, who runs the retail technology blog StorefrontBacktalk."

"StorefrontBacktalk notes that, during the company's quarterly conference call, Johnson said that all JCPenney associates would be getting iPod Touches for point-of-sale operations."

"Wal-Mart will allow the team from its tech arm, @WalmartLabs, to test innovations in four or five brick-and-mortar stores, StorefrontBacktalk reported. One idea is a concept called endless shelf, that connects an in-store shopper with her shopping history and lets her place her order from a computer at the front of the store. Workers would fill the order from store shelves and ship out-of-stock items directly to the customer."

"The postmortems have been harsh, bashing (JCPenney CEO) Johnson for misunderstanding his customer base in axing in-store promotions and commissions for salespeople. 'It was a terrible idea from the beginning,' said Evan Schuman, a retail analyst who runs StorefrontBacktalk. 'To have made sense, you would've had to believe that the shopper base was almost identical to Apple's.'"

"And so you shrug at the odd little charge on your credit or debit card, maybe for an iTunes download you're not sure you remember. 'It's a test transaction,' warned Evan Schuman, editor for StorefrontBacktalk, a technology blog read by major retailers."

"Walmart has confirmed that a software glitch caused nearly all of the chain's self-checkout units for the past two weeks to display incorrect or confusing information, according to StorefrontBacktalk."

"According to a StorefrontBacktalk report, Subway's corporate IT and a credit card company discovered the data breach 'almost simultaneously.' In the case of Subway restaurants, those requirements were provided to franchisees. But according to StorefrontBacktalk, some of the franchisees "directly and blatantly disregarded" Subway's security and POS configuration standards."

"PayPal users who shop at Home Depot can pay for purchases at participating Home Depot locations by simply entering their mobile phone number and a PIN at the payment terminal. No wallet, identification or mobile device itself need to be present, which means that anyone who has access to the user's phone number plus PIN can access the registered user's account. This has potential security nightmare written all over it! StorefrontBacktalk has more details on this new way to pay and the risks associated with it."

"In (eBay CEO John) Donahoe's case, he bragged during last week's conference call that Macy's had turned to eBay to reach Australian consumers. But according to StorefrontBacktalk, Macys.com was already selling to Australian customers using third-party vendor FiftyOne, and finding, in fact. The retail blog also found that Macy's eBay Australia store currently has no products."

"A QR code approach that will display different information—and initiate different actions—based on the purchase history of the person scanning it is being evaluated by Home Depot, Target and Macy's, according to StorefrontBacktalk."

"Last weekend was a great time to fill up the car, unless you used a Shell station to do it. According to StorefrontBacktalk, a confidential memo from payment processor First Data says that 401,120 consumers were double-billed to the tune of $12,135,608.19 January 29 after a system outage."

"To combat this threat, Visa advises merchants to scan for Bluetooth signals, which could be evidence of a wireless skimming device transmitting stolen card numbers, according to a report from StorefrontBacktalk."

"Retailers have been known to shut off contactless payments over interchange disputes. For example StorefrontBacktalk reported early last year on BestBuy's dispute with Visa over its contactless debit card payment interchange policies and fees, which led the mega-retailer to stop accepting Visa's contactless transactions. StorefrontBacktalk, a rich and well-respected source for retail technology information, also disclosed issues other large retailers had with the contactless fee structure."
— Avivah Litan, Gartner security analyst, in a report to clients.

"Libby tried out the new Hannaford to Go service at the North Windham store, filling out her order online Monday night and then picking up $77 worth of food Tuesday afternoon, all without getting out of her car. But the move does come with risks. StorefrontTalkback, a popular website on e-commerce and retail technology, said the effort could cost Hannaford some impulse purchases."

"As StorefrontBacktalk has reported, that system could be used to jam up Walmart's logistics system—allowing a competitor or other party to perform a 'denial of inventory' attack on items that may be in high demand and short supply, such as hot holiday gift items around Black Friday."

"StorefrontBacktalk has been steadily covering trends in point-of-sale payment options. They point out the issues around the new payment offerings from PayPal, which are worrisome. Are a phone number and PIN really adequate security?"

"The reasons for American Eagle Outfitters' four-day outage (and subsequent four more days of technical aftershocks) related to backup and disaster-recovery technologies and processes that failed, according to several articles on retail tech site StorefrontBacktalk."

"Wal-Mart's plans were disclosed at a smartcard conference being held this week, and was first reported by StorefrontBacktalk earlier on Thursday."

"The ability of Google's cache capture to memorialize anything found on a Web site—including credit card information—is hardly new, but some Australian IT execs have been given a concrete reminder, as they found that data from some 19,000 credit cards—including including CVVs, expiration dates, names and addresses—in a routine Google search, according to a report in StorefrontBacktalk."

"It was already suspected JCPenney was one of the retailers after the Web site StorefrontBacktalk was the first outlet to accurately report that fact in August."

"According to StorefrontBacktalk, the data can be paired with other sources of data, including surveillance video and point-of-sale transaction information. If they went this route, retailers would get a very detailed profile of who's carrying each phone."

"Fraudsters have revealed flaws that make it easy to fake Shopkick check-ins at high-profile retail chains including Target, Macy's and Crate & Barrel, without actually going to the stores, reports StorefrontBacktalk."

"Another analyst of the retail scene, Evan Schuman, who runs a blog called StorefrontBacktalk, feels that for every impulse buy killed by smart phone use, another 10 will surface. He reminds us that when grocery stores added self-checkout lanes, they discovered that sales of impulse items such as gum and candy and batteries declined."

"However, in a leaked memo, Visa says PCI certification has been withdrawn from two previously approved products from Ingenico as a "precaution," retail industry site StorefrontBacktalk reports"

"StorefrontBacktalk thinks one patchwork device being used in California is really meant to help the state lobby the courts and Congress down the road for a federal initiative."

"StorefrontBacktalk pointed out that eBay CEO John Donahoe scaled back on the number of national retail trials he said PayPal would initiate this year."

"A report from the retail technology site StorefrontBacktalk suggests that Walmart's recent acquisition of a Facebook calendar application with 16 million users is part of a plan to drive more sales through social networks."

"In support of my entirely unscientific observation, my regular reading of StorefrontBacktalk reveals to me that Kroger's, another fine chain, is also experimenting with removing self-checkout lanes from one of their Texas stores."

"Encrypting this data so that it is unreadable to any hacker who steals it is one way merchants are removing it from their systems. However, 'encrypting all your data may actually make you more vulnerable to a data breach,' Walter Conway warned in his column at the retail technology news website StorefrontBacktalk."

"A bit more light was shed on the episode today in a behind-the-scenes story at StorefrontBacktalk. This interesting story claims that it cost Target possibly as much as $5 million in extra labor costs to manually process coupons. That's a pretty good incentive to speed up a computer fix. The StorefrontBacktalk story looks well-sourced, and it is worth a read. It has a nice explanation about why Target may not be able to easily account for any coupon/customer discrepancies, too."

"The National Retail Federation confirmed a report that David Hogan, who has served as its chief information officer and senior vice president of retail operations since 2002, is leaving the association. His impending departure, which was not formally announced by the NRF, was reported last week in StorefrontBacktalk, which quoted him as saying he was leaving to find 'a more traditional industry' job."

"StorefrontBacktalk has a Wal-Mart insider's account of the retailer's text-messaging trial that produced a couple of counter-intuitive results."

"Walmart is conducting a 90-day trial of 'virtual makeup mirrors' at 10 stores around the United States, retail-technology blog StorefrontBacktalk reported."

"Web sites for the Gap, J. Crew, Sephora and Williams-Sonoma all experienced Cyber Monday slowdowns or crashes, according to StorefrontBacktalk, an e-commerce news site."

"StorefrontBacktalk's reporters plan to Twitter the season away, using the microblogging site to give shoppers 'traffic reports' of a sort, letting them know what technical slowdowns or meltdowns are happening on retail sites."

"The security hole, which StorefrontBacktalk verified by recreating it in a Target store on Wednesday (May 12), is the result of the gift cards publicly displaying enough information for someone to create a copy that can trick the POS's barcode scan."

"StorefrontBacktalk, an industry blog, identified the other retailers as JCPenny and Target."

"Retail giant Walmart Stores Inc. is reportedly planning on making all its payment terminals in the U.S. compliant with a smartcard-based credit card technology that is widely used around the world but is not common in the U.S. Walmart's plans were first reported by StorefrontBacktalk."

"The feds have zeroed in on a foreigner as Suspect No. 1 in the Heartland breach caper, according to Evan Schuman, retail security expert and resident pundit at StorefrontBacktalk."

"Many companies have been slow to improve security because customers haven't stopped shopping. 'Consumers, regardless of what they tell surveys, do not take this seriously,' said retail technology blog StorefrontBacktalk. 'As long as they do not punish retailers that get breached, how can they cost-justify spending to prevent it?'"

"One of the companies has been confirmed as JCPenney, by the blog StorefrontBacktalk, which reported last year that the company was believed to be among the targets. Last August, StorefrontBacktalk was the first to report that Target was among Gonzalez's victims."

"Mobile devices create new types of impulse purchases. At the same time, the in-store research capabilities that phones present will wipe out many time-honored impulse buys, according to StorefrontBacktalk."

"On Friday, the StorefrontBacktalk blog identified JCPenney and Wet Seal as two victims of the hacking ring."

"Leaving online shoppers out in the cold with no warnings or explanations (or coats, if that's what they wanted to buy), Burlington Coat Factory took its Web site offline all day Wednesday (Nov. 18)--plus at least four hours--for a planned outage as the $3.5 billion clothing retailer performed an extensive hardware and database upgrade, reports StorefrontBacktalk."

"Macy's now admits that it was an in-house software glitch that caused them to charge in-store debit card users twice on the Saturday before Christmas, reports StorefrontBacktalk."

"The court said the plaintiffs had not proved their allegations that Heartland executives knew the company had inadequate security and misled the public about it, according to a report on StorefrontBacktalk."

"Visa refused to change their policy, so Best Buy says it will no longer allow customers to pay that way, reports StorefrontBacktalk."

"Citing a source 'close to the investigation,' the trade publication StorefrontBacktalk is reporting that law enforcement is closing in on the Heartland data thieves."

"'It's time for chip-and-PIN in the U.S.,' Jamie Henry, Wal-Mart's director of payment services, told the online publication StorefrontBacktalk."

"Retail technology Web site StorefrontBacktalk reports that visitors to the Dairy Queen in Rochester, Ind., recently were 'offered something beyond ice cream and hamburgers: A pile of identical tiny RFID tags, each with peel-off adhesive strips, sitting right next to the waffle cones.'"

"StorefrontBacktalk reports that a recent Caltech experiment found that customers are willing to pay about 50 percent more for products they can actually touch while shopping, compared with purchases based on just a text description or picture."

"When the new version of PCI becomes the law of the card-processing land in October, it will include new rules and clarifications on a wide range of key retail payment complaints, according to StorefrontBacktalk."

"StorefrontBacktalk writes that Visa's announcement is an 'unusual twist in the ongoing saga of Visa versus the retailers,' noting that merchant groups, such as NACS, have maintained for years that retailers should not be forced to retain primary account number (PAN) data—to which Visa typically responded: 'We don't require that."

"While convenience store chain 7-Eleven Inc. is most of the way through a two-month trial of mobile coupons in approximately 200 7-Elevens in San Diego, company officials could be preparing to extend the mobile marketing trial, according to a report on StorefrontBacktalk."

"A team of researchers at North Carolina State University says it has discovered a method for stores to beef up cell reception as they seek to increase the use of mobile marketing and RFID technology. Ducts created for heating and air-conditioning systems can be set up to work as conduits between cellular towers and in-store mobile devices, the researchers say, according to StorefrontBacktalk."

"Costco's e-commerce site came to a crashing halt for three hours in the midst of its Labor Day sales earlier this month, the result of a network problem rather than an overload of shoppers, according to StorefrontBacktalk."

"Tucked away in forgotten corners of your network sits a wide range of old, forlorn applications. Beyond collecting electronic cobwebs, these apps potentially pose one of the most serious threats to your data security. Visa routinely compiles a list of applications that, it believes, store sensitive authentication data after a payment has been authorized, according to a StorefrontBacktalk report."

"StorefrontBacktalk's write-up on the 7-Eleven trial has brought the issue to light, saying that since the trial doesn't ask for ages, it would be best to 'treat all participants with kid gloves. That approach certainly seems safer than assuming they are all adults and risking parental wrath for marketing to a 14 year-old.'"

"Visa Revokes PCI Approval From Ingenico PIN Pads Following Breach--according to StorefrontBacktalk."

"News of the development came last week from the StorefrontBacktalk online newsletter, which reported that Best Buy was unhappy with its contactless card initiative because Visa wouldn't allow PIN-based authorizations on payWave transactions."

"StorefrontBacktalk: Staples' Canadian operation is undergoing one if its largest pilots ever, testing two-way live-video kiosks at 34 of its locations."

"Dell will introduce a multi-function kiosk next month that is designed to change functions throughout the day, being used perhaps in the morning to check items in at the loading dock before spending the afternoon as a customer-facing pharmacy information booth, according to StorefrontBacktalk."

"StorefrontBacktalk profiles a pilot by Home Depot in which 150 top customers at certain stores will be given RFID-enabled loyalty cards. RFID readers are positioned above the store entrance and in aisles. When a reader detects the presence of a VIP customer (from her RFID card), it notifies all store associates by text message which aisle she is in."

"According to the StorefrontBacktalk blog, Forever 21 said its PCI assessor missed some credit card files that were accidentally being retained within other files--yet the merchant was still certified."

"According to StorefrontBacktalk, 'the almost 100,000 credit and debit cards accessed from the chain in a breach included transactions from 2003 through 2005, which was stored on a corporate data center, apparently in violation of PCI rules.'"

"While Home Depot and its 1,974 stores is preparing to roll out a contactless payment infrastructure, another major electronics retailer, Best Buy, may be abandoning the technology, according to StorefrontBacktalk's online newsletter."

"The trade publication StorefrontBacktalk is reporting that law enforcement is closing in on the Heartland data thieves"

"Visa agreed to back off its earlier PIN pad compliance deadline originally set for July 1, 2010, to the new date of Aug. 1, 2012, following retailer concerns, particularly from the gas station and convenience store industry, according to a story first reported by StorefrontBacktalk."

"Wal-Mart recently said Chip-and-PIN cards were the preferred, secure way to handle debit and credit card transactions. Now there is some discussion that Congress (or the Fed) should impose that requirement. What would that cost your bank? For more on this possibility, read the StorefrontBacktalk blog."

"Walmart is conducting a 90-day trial of 'virtual makeup mirrors' at 10 stores around the United States, retail-technology blog StorefrontBacktalk, reported."

"StorefrontBacktalk reports that the software glitch that caused a drive-thru screen to display details of the store's point-of-sale system affected many other
fast-food chains as well."

"From retail tech blog StorefrontBacktalk: The latest retailer to report credit card data theft, Advance Auto Parts, admits that stolen info dating back three to seven years was not encrypted, violating basic security practices."

"MasterCard has apparently reversed its decision earlier this year that required Level 2 merchants to hire a PCI-approved auditor to complete an annual on-site data security assessment. StorefrontBacktalk writes about the company's quiet change in plans."

"As of July 1st, Bill Homa, who had served as CIO for 12 years, stepped down from that position. Shortly after his departure, Homa was interviewed by StorefrontBacktalk's Evan Schuman. In a StorefrontBacktalk article, Homa shares some interesting comments regarding Microsoft, the PCI Data Security Standard, and the approach other CIOs should take towards security."