Evan Schuman's StorefrontBacktalk

First, Procter & Gamble and other major manufacturers started direct selling, undermining their longtime retail partners. Now comes word that Visa is setting up its own virtual shop to move products. What, Brutus, the sharp, 8-inch interchange dagger wasn’t enough? You had to go for the jugular?

Visa’s E-Commerce move, called Rightcliq, is actually a rather clever CRM move to collect more data on consumers directly. “Rightcliq will enable consumers to track their purchases in one convenient location. This removes the hassle of remembering tracking numbers, digging through confirmation E-mails or having to double-check delivery dates,” a Visa statement said. “The information will all be stored in Rightcliq, giving consumers more control over their online shopping experience.” And here’s the unexpected kicker: The service will accept “other payment options, including competing brands.” Visa is setting up an E-Commerce arena in which people can make purchases on their Amex card? That says everything that needs to be said about how much Visa values those extra CRM tidbits.

Strong mobile applications today understand the need for extreme efficiency of movements to allow for actions with as little effort as possible. That’s been the problem with mobile payment trials; they simply haven’t proven to be any faster than swiping a credit card. A new PayPal iPhone app—dubbed Send Monday—grasps this ultra-convenient attitude and attacks the nightmare of splitting checks.

By simply banging two iPhones together (gently, please. Those things are mostly glass), payment data is shared. “With bump, users can put two iPhones together and funds are quickly transferred between their PayPal accounts,” a PayPal statement said. “The Split Check feature lets users conveniently divide and quickly reimburse each other for the cost of a meal, including tip and tax, for up to 20 people. Collect Money allows users to request money from multiple people for a joint gift, team dues, concert tickets and more.”

The payment industry is ripe for a new disruptive technology to come along and tip the banking world on its head. For too long, the banks have been living off a protected revenue stream from interchange that pays for a bloated and archaic system. Why is it that Google can offer a 2-hour high-definition movie streamed to your PC for free but the average credit card transaction ($100) carries an interchange fee of almost $3? The problem, opines Franchisee Columnist Todd Michaud, is that most innovation is happening at the consumer and retail end of the transaction.

What would happen if we turned NFC on its head? For example, rather than the phone making a payment to the POS, it makes a payment to the restaurant’s bank in the cloud. What would happen if the restaurant deducted the cost of lunch from Facebook credits? What if the guest could earn a free lunch by promoting the brand on Twitter? What if restaurants gave guests their menus on an iPad? What if that menu was customized to each diner’s likes, dislikes and allergies? What about a restaurant booth that has a video-conferencing setup that allowed to people to have lunch together without being in the same restaurant?

Gap’s site crashed for about 3.5 hours on Wednesday (March 17) and apparently took fellow Gap brands—including Old Navy, Banana Republic and Piperlime—down with it. The cause of the crash, which kept the site down from about 3 PM to about 6:30 PM (New York time), was not immediately known, said Gap Spokesperson Daniel Rubin.

Site performance tracking firm Pingdom was the first to report the trouble, a problem quickly confirmed by another Web performance firm, Gomez. “The error messages seem to indicate that the problem is very serious,” said Matt Poepsel, Gomez’s VP of Performance Strategies.

The conventional belief among retail marketers is that Gen-Y consumers (especially teenaged girls) have zero sense of privacy and that they will—and do—share every aspect of their lives with anyone online. Well, if a new study out of Europe is to be believed, those girls may be a bit more private than their personaes would imply. It suggests that the teens will indeed share anything, but only with a relatively small circle of friends.

The report comes from Euro RSCG: “Although the average teen girl might have more than 100 friends on Facebook, she focuses on sharing key information with the one or two people closest to her,” the report said. “When they find a good deal, teen girls want to share it—but they’re more interested in tipping off a friend than in broadcasting the information. Shopping with just her best friend or sister, a teen girl will spend 23 percent more than when shopping with two or more friends. Shopping with a boy, she will spend less than half of what she spends with her close friend or sister. And shopping with her mother, who provides access to a larger budget and is also a key member of her intimate circle, she will spend triple the amount she spends with a group of friends.”

In the 15 or so years that we’ve had E-Commerce, the industry has seen quite a few improvements, but nothing that radically changed the way people shopped or retailers sold. Local inventory search, which today is not even in its infancy (not really even embryonic; it’s more like a zygote), is likely to be the first truly dramatic shift.

Last Thursday (March 11), Google made a major—albeit extremely preliminary—move into local inventory search through a deal with a handful of major chains: Best Buy, Sears, Williams Sonoma, Pottery Barn and the Vitamin Shoppe. But instead of working out this process internally and then bringing in retailers—or the reverse, with retailers figuring it out first—Google’s objective is to run the earliest stage tests with various chains “so we’re both learning how to do this in parallel,” said Paul Lee, Google Product Search’s business product manager.

Facebook next month will add an API that will allow shoppers to automatically link to data about a favorite retailer and perhaps their purchases, the Wall Street Journal reported Tuesday (March 9). “Facebook users can already add information from a variety of sites to their news feed, the stream of stories they see when they log in. But the profile is more sacred ground and is a stronger signal of a user’s interests,” the story said.

Called the Roadmap Open Graph API, Facebook openly describes the new capability and says it is slated to be available in this year’s second quarter. That the API will be rolled out at Facebook’s developer conference next month is new but not unexpected. “The user will then have [the retailer's site] listed in their list of connections on their profile as pages are represented today,” the Facebook description says. “Any content that [the e-tailer] publishes will show up in the stream on Facebook like it normally would. And, any time the user searches on Facebook, [that retailer] will show up prominently in search results.”

In a major near-field-communications (NFC) trial in India—one lasting six months (ending last month) and involving more than 3,100 consumers, 44,000 transactions and more than 26 million India Rupees (about $573,000 U.S.)—Citibank saw how extremely willing consumers in Bengaluru were to use NFC to make purchases. That is true, of course, as long as the bribes are substantial. Not only is this the most extensive NFC trial we’re aware of, but Citibank and some key technology partners have issued a 37-page report detailing the study’s results, warts and all.

The Nokia 6212 used in the trial has a list price of $240; trial participants paid $110. But if the consumers made 12 purchases, they got to keep the phone for free. With six purchases, the phone’s cost dropped to $55. Some 86 percent of participants made more than 12 purchases and, therefore, got the phones for free. The report dubbed the 18 percent who made exactly 12 transactions “gamers, customers who want to participate at exactly no cost to themselves.”

With Twitter, MySpace and LinkedIn leading the way, many retailers are experimenting with a wide range of approaches for creating common-interest communities for their customers, especially online. Of course, such actions start to shift some of the power away from the chains and to the consumer. Amazon last month made its first defensive move in trying to control that type of community. What Amazon did was change how it handles E-mail. Before, comments to a discussion forum would include a customer’s real E-mail address. No more.

“Real buyer and seller E-mail addresses will be hidden by our systems. All sellers and buyers will be assigned an Amazon E-mail alias,” said an Amazon statement. “This will enable both parties to continue communicating as they do today with standard E-mail providers (such as Yahoo, Hotmail, etc.). However, that communication will happen via their new E-mail aliases instead of their real E-mail addresses. All communication will be stored and available for review in case of disputes.” This move is very interesting. From a brand-building perspective, there are few things better than sitting back and creating a huge room for tons of your customers to gather and talk about you.

The growing movement of major league consumer goods manufacturers selling directly from their Web sites is hardly unexpected. But the lack of a defensive reaction from retail IT is. For more than a decade, a mountain of extranet projects has allowed data to flow freely from manufacturer to retailer, with real-time data about pricing, inventory and millions of marketing insights. Is it time to radically reevaluate what is being shared?

The direct-sell CG announcements are all couched in politically sensitive phrasing, with promises that it’s just a short-term test to better understand mutual customers and that some of the data will be shared with retailers. Some even argue that these direct-to-consumer moves will help retailers make more money by allowing the manufacturer to better target its products. (That argument is not necessarily impressive, but making it with a straight face is.)

As Google—which has been toying with capturing retailers’ in-store images for its search database—and mobile projects have been pushing the data-capture envelope, retailers have been able to sit back and think of 100 ways to use that data once it’s organized and made accessible. Even the petabytes of free CRM data floating around in social sites are starting to be spidered and analyzed, not to mention payment cards designed for data-sharing and even more wacky ideas.

But we have now seen the first concrete government effort to slow down that data flow, and it comes from European Union data privacy regulators. An EU letter said that not only must Google provide more warnings to consumers before it sends cameras out to shoot street views, but that Google “should shorten the length of time for which it keeps the uncensored photographs it takes from one year to six months.”

After Colorado tried a creative approach to taxing E-Commerce purchases—forcing E-tailers to tell consumers how much state sales tax they owe—Amazon shot back Monday (March 8) by cutting off all its Colorado affiliates. Colorado’s governor issued a statement indicating understandable confusion, because the law doesn’t address affiliates and the Amazon move doesn’t spare them from the new requirements. The implication: that Amazon’s move was pure spite, designed to punish state businesses—and therefore the state–without helping Amazon.

Amazon’s E-mail said: “The regulations are burdensome and no other state has similar rules. The new regulations do not require online retailers to collect sales tax. Instead, they are clearly intended to increase the compliance burden to a point where online retailers will be induced to ‘voluntarily’ collect Colorado sales tax—a course we won’t take.” Said Colorado Gov. Bill Ritter: “Amazon has taken a disappointing—and completely unjustified—step of ending its relationship with associates. While Amazon is blaming a new state law for its action, the fact is that Amazon is simply trying to avoid compliance with Colorado law and is unfairly punishing Colorado businesses in the process.” The battle of E-tailers Versus State Sales Taxes continues.

Sometimes satire gets so close to reality that it’s unsettling. ‘Tis the case with a piece that The Onion ran Tuesday (March 2) about Google’s data mining and privacy efforts. The article described Google’s efforts to assure consumers that it protects their privacy. But as Google attempts to make its case, more confidential data slips out.

According to the satirical piece, “While admitting that security measures need to improve, Google officials also claimed that everyone makes mistakes, be it storing confidential data indefinitely or, say, ‘having a few too many drinks on the evening of Jan. 23, driving home in a haze, striking a pedestrian on the corner of Mercer and Cavendish, speeding off, and then desperately searching online for hit and run laws, right, Karen?’” Well worth a read.

In the ongoing legal tax-collection battle between pureplay E-tailers and U.S. states, California and Colorado are getting a bit creative. California is joining New York in what is becoming a big states versus small states strategy, while Colorado is requiring pureplays to tell state residents how much tax they owe based on their E-Commerce purchases. Yeah, that’s exactly what consumers want to hear from Amazon.

Amazon has steadfastly pushed back against state tax efforts, primarily by canceling affiliate relationships in states that try to hit up its affiliates for sales taxes. The states feel they can take this approach because, although Amazon might have no physical presence or storefronts, the same isn’t true for affiliates.

With the economy putting intense pressure on supplier costs—while also making lower cost merchandise highly attractive—Best Buy is quietly making a push into the secondary market, a strategy that is opening huge possibilities in its CRM analytics. Suddenly, a sold product starts the clock on when it can be profitably bought back.

“The product now doesn’t disappear from your mind after it’s sold. It actually just begins a different lifecycle,” said Larissa Hall, the Best Buy general manager in charge of the consumer end of Best Buy’s new venture. “Why let eBay have all the fun? You don’t throw away a car when you’re done with it. Even a broken DVD player is worth something.”

Many restaurant chains don’t realize that by implementing online ordering, they are exposing their menu system to consumers for the first time. This may not seem like a big deal. But in all the concepts that Franchisee Columnist Todd Michaud has worked on over the years, the actual menu architecture has been both very flawed and typically “covered up” by the restaurant’s crew, who knows how to work around its challenges. For example, he talks about a group of restaurants that used the “No – Add Ketchup” modifier for about 3 years. The crew understood this to mean “No Ketchup.” A customer, meanwhile, would look at the receipt and say, “But I don’t want any ketchup!”

Such a system obviously can’t be unleashed on the Internet. Consumers will not tolerate a system that is difficult to use. For chains, the challenges often come from tracking data in one way while marketing/selling it in another. Add to that the complexity of each franchisee having unique, local store marketing offers and the responsibility for its own pricing, and what seems very simple can quickly become very complex.

The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. The practical impact of the ruling for E-Commerce sites is unclear, both because the FTC has little authority to enforce its rulings and because consumers have typically been impressively apathetic about security and privacy issues.

The settlement against five-year-old ControlScan said that “contrary to the statements” ControlScan made to retailers, the company “in many instances conducted little or no verification of the privacy and/or security protections for consumer information provided by companies displaying its Business Background Reviewed, Registered Member, Privacy Protected and Privacy Reviewed seals. Instead, in many instances, ControlScan provided the Registered Member seal to a company that failed to qualify for the Verified Secure seal because an electronic scan of its Web site identified an actual or potential severe vulnerability on the Web site and permitted the company to display the seal indefinitely while taking no action to assess whether the company was working to resolve any vulnerability identified by the Web site scan.”

A funny thing happened here the other day. In reviewing the top sites linking to us, we often click on some of the referrals to see the context of the reference. While trying to back out, the user’s complete Inbox was revealed—with full read, delete, modify and send privileges. In searches that we’ve conducted, we routinely stumble on confidential E-mail exchanges that were clearly found by a relentless spider.

This problem is likely going to get much worse as the efficiencies of cloud computing tempt companies to place the contents of server after server on the cloud for faster and easier access. Easier access is certainly right, but for whom? But cloud computing is not the only new target for security holes. Mobile computing and especially M-Commerce have an even greater potential for issues. Beyond the inherent breach possibilities with anything wireless, retailers are going to feel the need to push more functionality onto these consumer devices.

The PCI Council may have thrown a compliance lifeline to retailers that are missing a required quarterly external vulnerability scan. This means you might—just might—be deemed PCI compliant even if through accident, poor planning or sheer blockheadedness you manage to screw things up and miss a vulnerability scan, pens PCI Columnist Walt Conway. Passing isn’t easy, and a successful result is not guaranteed. But if you do everything else right, your QSA may be able to assess you as compliant in spite of yourself. Then again, did the Council both offer an option and take it away?

During an onsite assessment, QSAs confirm that merchants have met PCI Requirement 11.2 by examining the passing vulnerability scans for each of the last four quarters. The problem is, what if the merchant has missed a scan? If this happens, is the merchant noncompliant until it can get four quarters of passing scans? Ouch.

Changing consumer shopping behavior is about as easy as motivating a salesperson: Just speak with money. This is how you can tell the difference between what retail executives really care about and what they need to say they care about.Contactless payment, biometric payment and self-checkout are just some of the more obvious examples of payment processes that retailers have said they want to push, and yet they have never done the only thing that’s almost guaranteed to work: sharp discounts. If a grocery chain decided it wanted to push more consumers through its self-checkout lanes, all the chain needs to do is announce that product prices in self-checkout are sharply less than those rung up through staffed lanes. It can even dictate the percent of change by deciding the percent of discount.

Target, for example, has decided that its in-house payment cards are a priority, so it’s trialing a program in Kansas City that—in part—offers customers who use the card “5 percent off on every item, every transaction, everyday,” Target CFO Doug Scovanner told analysts in a Tuesday (Feb. 23) conference call discussing the chain’s earnings.

When a security problem is discovered, timely response is important. So is making sure that the patch is going to fix the problem while also–hopefully—not introducing any new issues. That process takes time, and that’s OK. But someone at the Open Source Vulnerability Database took the time to see which vendor waited the longest to fix a glitch once it was discovered. No surprise: Microsoft took top honors, with an awe-inspiring 2,027 days. Yes, that’s more than 5.5 years.

Microsoft’s entry was its Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution. Apple was the next major name on the list, at 390 days, for its Mac SLP v2 Service Agent (slpd) Registration Request Overflow. Others who made the dishonorable list including Novell, Sun, HP and Computer Associates. The full list is absolutely worth reviewing.

Reports from South Korea have grocers selling huge numbers of one specific line of sausages because they can be used to activate the touchscreen on an iPhone. The need for any kind of stylus for the iPhone is because the screen cannot recognize gloved fingers; the glove blocks the finger’s electrical impulses. But not just any sausage will, apparently, do. Only sausages from CJ Corp. are packaged with electrostatically charged plastic.

Let’s skip over the question of why sausages would be packed with electrostatically charged plastic. Is the Monty Python/Daily Show-caliber ludicrousness of Koreans bundled up in a cold subway car checking their E-mail with cylindrical breakfast meat enough to prompt all touchscreen manufacturers to insist that some kind of cold-weather stylus (preferably not edible) be integrated into the unit’s casing? Come to think of it, at what temperature (if any) would the touchscreen stop functioning? For doctors trying to Tweet their surgical thoughts, can the touchscreen see through rubber gloves?

Edward Lampert, the chairman of Sears Holding, wrote a letter to shareholders this month where he, among other things, argued that Amazon really should be paying an awful lot more taxes than it is now. If it doesn’t, it will set off a chain reaction that will undermine and shut down brick-and-mortars throughout the U.S. (Pause. For you Seinfeld fans, “not that there’s anything wrong with that.”)

Before he offered the unsolicited advice for Amazon, Lampert penned an unusual claim: that Sears and its 20th Century catalogue business is essentially the father of E-Commerce. It’s a bit of a stretch, but he makes a legitimate point.

“Sears has a long legacy in serving customers beyond physical stores. In many respects, The Sears Catalog was the 20th Century model for selling products through the mail,” Lampert said, with the suggestion being that selling-through-the-mail is essentially what E-Commerce is. “To be successful, Sears had to earn the trust of its customers who purchased products sight unseen and who had to feel confident that they would receive what they purchased and, if they were not satisfied, they would be able to get their money back.”

Should mobile be considered its own retail channel or should it just be a sub-channel, something to act as a temporary placeholder for a desktop until the customer can get to a real computer? (Hint: The answer is the same as it was in school. If one answer is going to require a lot more work, that’s the one you’re supposed to choose.)

We’re asking the question because a lot of major retailers today seem to be designing their Web apps based on the assumption that consumers are also using their desktops and that their mobile devices are simply a very temporary point of convenience. But is that how many consumers view mobile devices? What if we zero in on Gen-Y members, who seem to have an effortless natural affinity for these radiation-emitting thumb-typing mini-boxes?

If the projections of ABI Research come true, not only will global consumers spend roughly $119 billion annually through their mobile phones but that revenue will account for about 8 percent of all E-Commerce activity. Much of this activity will come from outside the U.S., though, according to ABI Senior Analyst Mark Beccue, who points out that U.S. M-Commerce hit about $1.2 billion last year while Japan alone reached more than $10 billion in 2009. European M-Commerce activity is also projected to blow away the U.S. by the end of this year.

“Mobile online shopping is reaching critical mass,” Beccue said. “In the United States, mobile online shopping rose from $396 million in 2008 to $1.2 billion in 2009. While definitions of ‘mass market adoption’ vary, a more than fivefold increase in one year indicates significant consumer interest.”

A February 2010 Cambridge University report that points out critical security flaws in chip-and-PIN (EMV) protocols—a security method that’s ever-present in the U.K., being massively deployed in Canada and being pushed for use in the U.S.—is most surprising in how remarkably unsurprising it is. Retail IT execs specializing in security were especially concerned about the relative ease of the university hack execution.

Braden Black, a senior enterprise architect (and security specialist) for 305-store shoe chain DSW, said that, in his opinion, the biggest problem with chip-and-PIN—as it’s currently deployed—is that banks have little incentive to make these systems secure because they no longer have any liability if they’re repeatedly breached. That liability has been pushed to the retailers. “The ramifications of this attack are most disturbing when viewed in light of the fraud liability regulations that were adopted alongside the technology. Essentially, the banks offloaded fraud liability to merchants and cardholders.”

Reports of the latest successful attack on chip cards based on the EMV standard should remind all of us once again that there is no such thing as absolute security. Retailers and consumers worldwide–especially those in Canada who are currently implementing chip-and-PIN–need to understand this fact and not count on any single technology to remain secure. That is why PCI remains relevant even in a chip-and-PIN environment.

From a security perspective, PCI Columnist Walt Conway pens, retail CIOs should understand a few things about these chip cards or smart cards (i.e., payment cards with an embedded integrated circuit or microchip). Chip cards can reduce fraud losses, but chip-and-PIN zealots can overstate the benefits.

Google is reportedly experimenting with a new service—to complement its Google Street Views—that will shoot pictures and videos within stores and combine all of the images in its database. If you cast aside all of the out-of-date issues inherent with infrequent store images being shown as more-or-less current, this concept has serious potential. How many stores have you peeked into and, within four seconds, decided this wasn’t the place where you want to shop for a particular item? Had you seen an image before driving, might you have saved yourself some time?

Let’s flip it the other way. You’re in the market for a new couch. Your Google search shows you a page with 35 results and they all, at a glance, seem interchangeable. You’ve already limited your search geographically, so most of these places (OK, granted, Google’s geography limiter doesn’t do much) are nearby. Most consumers tend to only focus on the first two or three results and choose from there. But what if there were thumbnail photographs of the insides of all of those stores, sized and positioned so that you could meaningfully flip through them all in seconds? Might that draw your eye to Result 26?

Retailers everywhere are losing sensitive information to their competitors every day. It’s not because some hacker has compromised the corporate database or because some corporate espionage team has gone dumpster diving after a corporate meeting. No, the people responsible for this breach are actually your own customers.

Franchisee Columnist Todd Michaud adds that the kicker is that most retailers don’t even know it’s happening. We’re talking about your closest competitors having access to some of your customer profiles (at a much deeper level than what you probably are aware of), the purchase patterns of those customers and the amount they are spending on each visit. And you have no idea. Sound scary? It is.

Pizza Hut CIO Baron Concors oversaw what could easily be the most successful mobile application and certainly the most successful retail mobile app, a colorful applet that is directly responsible for “millions of dollars in additional sales” and 1.5 million downloads from Apple. And yet, when he was fighting to get it funded and approved, his return-on-investment (ROI) argument was weak and speculative.

Concors said he was lucky; his senior management team is open to creativity and was willing to roll the pizza dough dice on what sounded like an interesting idea for the world’s largest pizza chain, with its more than 7,500 U.S. restaurants and more than 5,600 shops in 97 countries and territories globally. But few CIOs are in that position, and that’s a piece of reality that could cripple the nascent retail mobile app space. “A lot of companies are struggling with whether to enter this space because of the ROI issue,” Concors said. A big part of the problem is that far too many retailers are deploying mobile apps for the wrong reason or doing it the wrong way.

When Saks CIO Michael Rodgers was tasked with trying to accelerate the $3 billion apparel chain’s Web order deliveries, he knew he needed help, and he opted for a non-traditional form. Rodgers made arrangements to command an army of 700 robots—each one capable of transporting a half-ton of merchandise at a time.

No, this isn’t some IT apparel version of Revenge of the Sith (although that would be cool, in a sort of geeky wool-blend kind of way). It’s merely the unexpected path taken by the 53-store chain’s IT leader, who wanted to see how much of a Butterfly Effect he could cause in E-Commerce customer satisfaction by making small improvements in fulfillment operations. The computers in question are not of the Cyborg type, and they look less like C3PO and more like a cross between R2D2 and what Rodgers calls a “giant Roomba“—you know, those robotic self-running vacuum cleaners. They’re orange and made by a robotics startup called Kiva Systems, which has placed these squat robots in the warehouses of retailers including Gap, Crate & Barrel, Walgreens and Staples.

FACTA, the federal law that prohibits POS receipts from displaying full credit card numbers and expiration dates, does not apply to E-Commerce purchases, a federal judge has ruled. The fear had been that the electronic purchase receipts E-mailed to customers might have to comply with the same paper receipt truncation rules, but U.S. District Court Judge John W. Darrah (Northern District of Illinois) ruled that E-tailers are immune from the Fair and Accurate Credit Transactions Act (FACTA).

“E-mail order confirmations are not entitled to FACTA protection” because they “are not electronically printed receipts under FACTA,” Darrah said. “Second, an E-mail order confirmation is not provided at the point of sale or transaction under FACTA. Although plaintiff posits that print is commonly understood to mean ‘to display on a surface (as a computer screen) for viewing,’ this argument is unpersuasive.”

Target said Monday (Feb. 8) it will start accepting gift cards—but only its own, for now—displayed from customers’ mobile phones. The chain will redeem the cards via associates scanning the barcodes at checkout, a process that some retailers have avoided because of a high number of scanning errors.

Target issued a statement claiming that it “is the first major retailer with the ability to scan mobile barcodes in all of its stores. Guests may access their Target Mobile GiftCards to add value at store registers, and check GiftCard balances at any time via the Target.com mobile site. In addition, Target Mobile GiftCard functionality allows guests to save multiple GiftCards to their account and label each one for easy reference.” This approach may prove to be a good move for Target, but it will almost certainly give a lot of cover to executives who want to try mobile gift card scanning. Unanswerable Question Of The Day: Is it better for the associate to hold the consumer’s phone during the scan—risking liability if, for example, a high-priced iPhone is dropped and shattered—or for the consumer to hold the phone—making a consistent scan much more difficult?

In the never-ending saga of the lawsuit aftermath of the Heartland Payment Systems data breach, Heartland and Visa last Thursday (Feb. 4) announced that “more than 97 percent” of the financial institutions that had sued them had accepted their $60 million settlement terms. That statement was obviously followed by an announcement a few days later from representatives of the three percent saying, in effect, “We’re still here. See you in court.”

“Visa sent customized settlement information packets to the affected financial institutions on January 14, 2010. In order to accept the settlement, a financial institution was required to affirmatively complete and return the settlement paperwork to Visa by January 29, 2010,” said the statement from lawyers representing some of the impacted banks. “The offers–at least those reviewed by class counsel–appeared to be less than 10 cents on the dollar for most financial institutions and some at less than 1 cent on the dollar.”

It’s becoming a common tactic for E-Commerce and some mobile sites to now hide much of their pricing. But in an interesting piece on Sunday (Feb. 7), The New York Times pegged much of the recent price-games to a 2007 Supreme Court case that gave manufacturers much more power to dictate pricing. And it has motivated them to forbid retailers from advertising their merchandise for less than a dictated price—for E-tailers, “advertising” includes posting on a Web product (as opposed to checkout) page.

This game is a sure loser for all concerned, and that includes retailers that are primarily brick-and-mortar, E-tailers and manufacturers. Manufacturers: Welcome to the year 2010. There are all kinds of non-traditional ways your products will make you money. Beyond eBay, even Amazon and others have toyed with recycling used products. Your ability to control prices is limited, but the bigger concern is your efforts to allow lower prices but to prohibit them from being discussed out loud. In the day of the Web, mobile and Twitter, this strategy simply won’t work. In the meantime, while you are futilely trying to make it work, you’ll alienate consumers and retailers.

Social media sites are driving retail marketers crazy. They clearly know that powerful things are happening on these sites, but they’re clueless about how to get involved. CVS on Wednesday (Feb. 10) launched a series of programs on Twitter, indicating that the chain simultaneously gets Twitter and doesn’t get it. An E-mail blast from a PR firm representing CVS promised anyone following CVS on Twitter “special discounts, coupons, money-saving tips and ‘inside scoop’ updates” as well as “a secret discount code for 25 percent off nearly everything on CVS.com.”

Where to start? Given that a Twitter feed is offered to anyone and everyone, using the words “secret” and “inside scoop” demonstrates either a lack of understanding of what Twitter is or an impressive lack of concern for truth. Neither is a great trait for a pharmacy chain trying to gain the trust of Twitter users. But much more meaningfully, the whole concept of Twitter for retailers is to use it to open a dialogue and solve customer problems. Using Twitter as a coupon feed misses the point of the service. If you want to read a really powerful book on the topic, check out Twitterville, Shel Israel’s take on the service. The book makes a surprisingly strong case for retail Twitter use if and only if the chain is willing to make it two-way.

Apple this month posted a stern-sounding warning on its developer pages: make sure your geolocation efforts are designed with the user—and not an advertiser—in mind. “If you build your application with features based on a user’s location, make sure these features provide beneficial information. If your app uses location-based information primarily to enable mobile advertisers to deliver targeted ads based on a user’s location, your app will be returned to you by the App Store Review Team for modification before it can be posted to the App Store.”

At a glance, that sounds like a fine consumer-oriented focus, but let’s delve a bit deeper. Apple is by no means coming out against geolocation. The problem is how Cupertino is defining both the good (“provide beneficial information”) and the bad (“deliver targeted ads”). Who’s to say that a cleverly targeted ad doesn’t, in fact, potentially provide beneficial information?

Mobile communications in general—and M-Commerce in particular—are predicated on promises of speed and convenience. But that supposition tends to run counter to robust security, and therein lies the inherent conflict between mobile and security. Meanwhile, Facebook stands as the leader of social networks, and those networks also are based on convenience.

Our tale today involves a recent problem that Facebook experienced, where registered users logged in to the social site and saw the personal contacts and messages of other users rather than their own. But the glitch only happened when users were coming in through AT&T. That glitch is the topic of our weekly security column on McAfee’s blog.

Some major retailers have been debating whether the buying and selling of used merchandise (please shoot me if I ever say “pre-owned”) is a business model worth pursuing. Wal-Mart and Best Buy, after pushing the idea for about six months, have surrendered plans to buy and sell used video games. But Amazon, always the more adventurous of E-tailers, thinks the idea has huge potential. A Financial Times of London story cited an Amazon ad for programmers: “As people upgrade to the latest and greatest there is a plethora of valuable, perfectly good products that need a new home. We help facilitate the pairing of new owner with device, while also creating an open marketplace.”

What makes the Amazon concept so intriguing from an IT perspective are the CRM implications. Instead of tracking purchases to merely profile the customer, the new requirement is to also profile the products purchased. What is each product’s life expectancy? What is the optimal point to make an offer to a customer who might be starting to get bored with that product? How much of an upgrade can that consumer afford? Should the company start pitching new prospects based on a software projection of what already-sold merchandise will likely come back into play? And you thought Amazon needed a huge data warehouse before?

Best Buy Does OK, Costco Tanks. When Keynote Systems started looking at the mobile sites from major retailers late last year, the veteran mobile and Web site test and measurement firm knew that these sites would be a lot slower than their wired Web counterparts. But some at Keynote were caught off-guard by just how slow some of the major retailers’ mobile sites were. To put this difference into context, Keynote argues that a wired Web site should, on average, be able to deliver a page—especially the site’s homepage—within two seconds. For mobile, Keynote said, users should tolerate sites that are about twice as slow, or about 4 seconds on average.

In its examination of 10 major E-tail sites—Amazon, Barnes & Noble, Best Buy, Costco, Dell, Foot Locker, Musician’s Friend, Sears, Target and Walmart—the very fastest site (Best Buy) averaged more than twice Keynote’s acceptable slow estimate, crawling in at 8.3 seconds. Again, that was the fastest mobile site. The slowest site delivered its average page in 34 seconds. Keynote officials steadfastly refused to identify which site was the slowest. That said, points made by Keynote while discussing the study pretty much eliminated all of the tested retailers other than Costco from being candidates for the slowest performing site.

When Brian Bradley left Circuit City as its senior vice president, Multi-Channel (well, more precisely, when Circuit City went out of business and left Bradley and tons of others unemployed), years after having worked at J.C. Penney, he felt that he had a good handle on retail merged-channel, cross-channel and multi-channel issues. But when he began his new gig as executive vice president at HSN (formerly the Home Shopping Network), Bradley discovered television as another retail channel and started looking at customer interactions very differently.

One of Bradley’s first takeaways from the $2.8 billion HSN was that consumers’ interactions with content are strongly influenced by their physical location. Why? It’s expectation. Consumers see brick-and-mortars as places to look, touch and buy products. Video demos feel out of place in that context. At home watching TV, however, the expectations are much more tolerant. “Depending on where a person physically is can dictate how you can have their attention,” Bradley said. “Out on the street? She’ll have seconds. In-store? A minute or two. On the Web? Maybe 15 minutes. But on the TV? Hours. People go to the Web with certain goals in mind. There’s a lot of bouncing back and forth as they’re trying to solve a problem. There’s more ADD, bouncing around.”

Do you know what question Franchisee Columnist Todd Michaud hates? “If I can go buy a basic cash register for a couple hundred bucks that does everything that I need, why on earth do I have to spend $10,000 on a POS? Someone has asked him this question almost once a week for the last 4 years. Do you know why he hates it? Because after 4 years, he still doesn’t have a good answer.

“I typically say something like, ‘It is our requirements that drive us to that price point. Adding centralized menu management, polling, integrated inventory management and labor management into the mix requires that we buy this type of system. You can’t do that stuff with a cash register or basic POS.’ Typically, the response I get is something like: ‘So? I don’t care about all of that complicated stuff. I just need to ring sales.’ It’s no wonder franchisees think that retail CIOs are out of touch with reality. Here is the really crappy part. When you add in all of the other costs, such as high-speed broadband, hardware maintenance, software maintenance, help desk, installation, inventory management, labor management, training and various upgrades along the way, that $10,000 POS is probably going to cost franchisees $20,000 over five years–not to mention that they wrongfully expect the system to last 7 to 10 years.”

Although retail sites are obviously very fond of cache, a new report from Forrester Research states that many developers are focusing only on one type of cache and leaving a lot of potential performance boosts in the ether. The report talks about server cache versus browser and edge cache. “Forrester has found that many companies do not take advantage of all three levels of caches in their architecture. Application development professionals often focus on optimizing the server-side cache while ignoring the browser cache or optimize their Web-page design to take advantage of browser caching only to be stung by geographic latency because they don’t know that they should use a content delivery network.”

Forrester stresses the importance of factoring in geography when making cache decisions but points out that IT shouldn’t confuse a dense population of customers with the company’s best (read: most profitable) customers. “Caching nearest to your users goes without saying, but most companies must allocate their caching dollars carefully, and your biggest investment should be close to your most profitable customers. Your most profitable customers may not be located in your highest concentrations of customers. Work with your marketing department to analyze customer profitability and location, and then review this data at least annually.”

Intel and Microsoft are working on what is truly the next generation of digital signs. These devices will be able to share content—both ways—with phones. But they could also use facial recognition to identify repeat customers without the benefit of loyalty cards or RFID. The cameras embedded within the displays would simply recognize faces the system has captured before, ultimately having the potential to identify those consumers.

The camera software will initially be designed to differentiate between genders and to detect products the customer has touched. That information could signal a coupon to be sent to that consumer’s smartphone. None of these options is rocket science. But they do show a concerted effort to leverage the kind of data that is accessible in-store and, ironically, much harder to capture online. Think of it as Big Brother with a sales commission.

At a presentation at the Financial Cryptography and Data Security conference, a Cambridge University computer lab team dissected the recent 3-D Secure (3DS) protocol—branded as Verified By Visa and MasterCard SecureCode. The team found that not only was the security lacking, but it sharply undermined other security mechanisms.

“3-D Secure has so far escaped academic scrutiny, yet it might be a textbook example of how not to design an authentication protocol,” wrote Cambridge University’s Steven J. Murdoch and Ross Anderson. “It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. It’s bad enough that EMV Verified by Visa and MasterCard SecureCode have trained cardholders to enter ATM PINs at terminals in shops. Training them to enter PINs at random E-Commerce sites is just grossly negligent.” The pair, however, found that 3DS did get one part right: the money and where it comes from. Although “other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology, they got the economics wrong, and their schemes have not been adopted. 3-D Secure has lousy technology but got the economics right, at least for banks and merchants. It now boasts hundreds of millions of accounts.”

As eBay has discovered, there’s a lot of money to be made in them thar online auctions. So it’s no surprise that lots of startups are trying to creatively find their own slice of the auction pie. But a site called Biddees, from the people who brought you shoes.com, is taking an unusual approach that just may prove to be the most needlessly complicated auction site in quite some time.

This wonderful story from Internet Retailer does a nice job of detailing this cocoon of complexity: “In order to see the current price of a prepaid card, which is guaranteed to be at least $1.50 less than the card’s face value, shoppers first have to use a token called a Little Biddee Thing, which costs 99 cents. Each time a customer views the current price of a card, the price automatically drops 50 cents. If the shopper is the only person viewing the card, he has 30 seconds to buy the card at the current price,” the story said. “If another person is already viewing the card, the shopper enters a queue before he can see the card’s price. If the card is purchased while the shopper is still in the queue, the shopper will be transferred to the next auction for the same product. An auction ends when someone purchases a card or when its price reaches zero. The last shopper gets the card for free.” Of course. What could be more natural?

For many retailers, flat or minuscule in-store revenue increases are becoming the norm, with online increases the only thing that looks bright. Mobile is going to quickly fall into that category (although a percentage increase for anything as new as mobile is meaningless, it still looks cool on an earnings report). But how can this work given the small revenue percentage E-Commerce still controls? Let’s take a look at Amazon’s latest numbers (which look pretty much like all of its numbers.)

The king of E-Commerce reported on Thursday (Jan. 28) a 42-percent increase in net sales for the fourth quarter just ended, along with a net sales increase of 28 percent for the whole year, to $24.5 billion. (To be precise, it’s actually 29 percent if you exclude a $182 million unfavorable impact from year-over-year changes in foreign exchange rates throughout the year, the company reports.) Sure, you say, but revenues are not the point. What about profits? Net income soared 71 percent (to $384 million) for the quarter and 40 percent (to $902 million) for the year. Amazon’s official guidance for the first quarter 2010 is equally rosy, suggesting a sales increase of as much as 43 percent. For those arguing that E-Commerce will always be a footnote to in-store, these numbers are hard to ignore.

At an NRF panel earlier this month, McDonald’s CIO David Grooms was asked by the moderator what he would tell people his primary job is. Grooms said, “I’m in sales,” and then added that he wanted his staff to say, “We make hamburgers.” Grooms is right that a CIO needs to be a master of sales, but that’s mostly because the CIO needs to sell both upstream and down.

The CIO needs to sells ideas upstream to senior management and sideways to line-of-business peers, convincing them that the technology is the right move and that it needs to be approved and funded. If that works, it’s barely 30 percent of the battle. If the stores aren’t sold on the idea, Franchisee Columnist Todd Michaud opines, the data won’t be used and the project is doomed to fail. And you’re to blame.

Just as certain a fact as stating that many of today’s social network sites will be gone in two years is the fact that new social sites—invariably much more niche and focused—will replace them. Hidden in plain sight within the millions of posts in dozens of languages of these huge number of sites is every trend, every individual customer profile and every hint of what customers will buy—and perhaps even their desired price range—that your chain could ever wish for. There’s only one problem: There is no simple spreadsheet-friendly way to access that data.

You can read it without limits. But to automate that process and to process the data in a way to get anything meaningful out of it, that’s difficult. We are deluged with products and services that are trying to solve problems that hardly anyone has ever experienced. Who will be the first to conquer this one? Many companies—including SAP and Oracle—are trying to figure it out. But they typically try to fall back on algorithms and filters. The software needed is closer to what the CIA and the NSA use to parse billions of phone calls and E-mail messages while trying to figure out plots. It’s much closer to artificial intelligence than cryptography. Military satellite technology eventually came to consumers in the form of GPS. How long will it take for AI to visit the local retail chain, where software will peruse the world to find out the best assortment to be displayed tomorrow?

The disruptive potential for social media and E-Commerce is huge, literally because it allows for so many—and ostensibly credible—connections that simply weren’t viable 10 years ago. The influence on purchases is vast. But those influenced purchases are indirect, which drives marketers crazy because they can’t be easily quantified. (Note: This scores social media two very well-deserved honors: driving lots of sales and driving marketers mad. The first accolade is more profitable, but the second is more fun to watch.)

What brings up this topic is a maddening news release issued by a customization vendor called ChoiceStream. In reporting its own survey, ChoiceStream concluded that “consumers are not as interested in shopping when engaged with social networks. The survey found that while M-Commerce is a hot spot for recommendations in 2010, social networking is not. Of the respondents who belong to a social networking site, only 8.5 percent report that they have ever made a purchase while on the site. And only 27 percent indicate any interest in product recommendations from trusted retailers.” That so misses the whole point of social networks and E-Commerce.