In an eerie snapshot of where some top marketers want to take the next generation of search engines, a Japanese government-backed research project is working on a search that is based on what a user does, not a keyword a user types in.

But the specific tactics being considered—and detailed in a Web site for the group officially dubbed the Information Grand Voyage Project—includes searching history of game programs, blog postings, surreptitiously captured video segments from TVs and computers, tracking Wi-Fi locations and using an RFID reader connected to a cell phone to identify a consumer’s activities “based on data captured by mobile device camera.” Read more.

Bill Homa, who just stepped down July 1 as the CIO for the 165-store Hannaford grocery chain, considers Microsoft’s OS to be “so full of holes” and describes the fact that current PCI regs do not require end-to-end encryption as “astonishing.”

But Homa’s key point is that most retailers handle security backwards: Don’t pour everything into protecting the front door. Assume they’ll get through and have a plan to control them once they’re inside. Read more.

Retail deployment of the 2-D barcode, a technology that allows consumer cellphones to see virtually unlimited amounts of content by taking a picture of a special barcode, has slowed after an initial flurry of activity in January.

But several major cellphone carriers are preparing to bundle the 2-D barcode software with phones as they ship. Will that make a difference? Read more.

RFID vendor Impinj on Thursday (July 10) purchased all of Intel’s RFID operation–including the R1000 RFID reader chip. A joint Intel/Impinj statement said that the acquisition details are not being released, but The Seattle Times reported that Intel will get an equity stake in Impinj.

The move is not expected to change things much for RFID-focused IT execs in the near term, because both firms were pretty much headed in the same direction anyway. But ABI RFID Research Director Michael Liard said the move could accelerate already-projected RFID reader price drops over the next few years. Read more.

No sooner had IT concocted a system to try and automatically detect an under-age shopper than someone has crafted a remarkably low-tech way to fool it. How low-tech? How about a picture ripped out of a magazine?

This delightful story from Pink Tentacle shows how the Japanese cigarette-machine RFID-leveraging face-recognition system is completely fooled by the magazine photo. “The face-recognition machines rely on cameras that scan the purchaser’s face for wrinkles, sagging skin and other signs of age. Facial characteristics are compared with a database of more than 100,000 people, and if the purchaser is thought to be well over 20 years old (the legal age), the sale is approved,” the story said.

A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards, according to this intriguing Computerworld story.

NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors, the story said.

Although the question of RFID safety has been debated extensively over the years, with conflicting study results, a major new medical study released this week points to very specific electromagnetic dangers within nine inches of the transmitter.

The highly respected Journal of the American Medical Association (JAMA) found 34 electromagnetic interference instances out of 123 tests, with 22 of them rated potentially hazardous. “Interference changed breathing machines’ ventilation rates and caused syringe pumps to stop” at a distance of about nine inches, according to a story in The Wall Street Journal. This may give serious pause to some retail IT operations, who can have dozens of RFID devices in loading docks and assembly lines, in addition to trucks and even on shelves.

Computerworld columnist Frank Hayes–a former colleague of mine from CMP and an awesome folk singer as well–has a wonderful column out about why the Wal-Mart RFID effort is still having problems.

Although some of the proprietary arguments are slightly overstated, Hayes makes a great point about how Wal-Mart’s $2 per pallet non-RFID penalty reflects a lack of understanding of why suppliers have resisted RFID tagging. It’s the software implementation costs and the fact that different retailers demand different versions. Hayes’ column is worth reading. (But not everyone seems to agree. The RFID Journal took exception to the piece, on several levels. And then some RFID Journal readers took exception to that disagreement.)

Germany’s METRO Group is experimenting with RFID inserts to track meat and to immediately locate any product that is about to expire or that has expired.

METRO is placing the inlays into the foam meat packing trays used in their Future Store. “RFID has a key role to play in quality management for fresh food,” said Gerd Wolfram, managing director of MGI METRO Group Information Technology in a statement. “This automatic product identification technology will contribute to product quality and efficiency in our stores.”

MasterCard Canada this summer will start a 4-month NFC-phone trial, with the backing of some of Canada’s largest retailers, including Loblaw, Petro Canada, Tim Hortons’, Pioneer Petroleum, Rabba Foods, a major NHL arena and McDonalds.

One unusual aspect of the trial is that it will eventually support more than one payment card on each phone, said MasterCard Canada’s Nagesh Devata.

Jane’s contactless loyalty card is detected as the Des Moines attorney approaches the self-checkout. The system knows the counselor’s shopping history and anticipates that the counselor likely has a dozen kiwis in her cart.

So when she places the barcode-less fruit on the scale, the first fruit it displays in its list is kiwi, followed by the four fruits and vegetables that Jane typically buys. Other fruits and vegetables follow alphabetically after Jane’s favorites have been displayed. Given how many fruits Jane buys each time, this shaves a precious 108 seconds off of her checkout. Read more.

The grocery challenge with the theft of moist, fresh products–such as cheese–has frustrated retail loss prevention managers because such products tend to react poorly with EAS tags. Checkpoint and Sealed Air Cryovac announced Wednesday (May 21) one possible way around this issue.

Cryovac has started to integrate anti-theft labels inside the vacuum shrink bags. “The first market request to Sealed Air Cryovac was for two million packs for the protection of Parmigiano Reggiano. In Italy, for instance, Parmigiano Reggiano has a shrink rate of about 9 percent,” said a joint statement. “Initial studies have shown that this RF-EAS source tagging program may cut down inventory shrinkage of dairy products from 9 percent to 1 percent.”

The RFID market has a healthy future, looking at a 15 percent compound annual growth rate over the next five years, hitting $9.7 billion by 2013, according to a report issued Tuesday (May 20) by ABI Research.

These figures highlight an RFID market that is growing “robustly,” said ABI research director Michael Liard, pointing to recent commitments from Wal-Mart’s Sam’s Club and the German retail giant Metro AG as key factors.

Controversial RFID vendor Verichip on May 15 announced that it is selling much of the company, wants to sell the rest of it and that the company has parted ways with its CEO, Scott Silverman.

Verichip and its onetime parent company, Applied Digital, generated a lot of negative publicity for RFID with its efforts to push implantable RFID chips, including some especially controversial statements that Silverman made about RFID chips being implanted in non-citizen guest workers. The company’s sale of its XMark unit to The Stanley Works for $45 million will remove the vast majority of the company’s revenue. (RFID Update just ran an excellent look at whether such implantable RFID efforts are viable anymore.)

NeoCatena Networks has in the wings a product designed to stop fraudulent or bad tag data from getting into the system from the supply chain.

Applying Internet-level security to RFID is something that has not gone very far, according to this RFID Update story about the anticipated rollout. NeoCatena Networks is developing RF-Wall, an appliance to be installed between RFID readers or controllers and middleware servers, edge servers or host applications in networked RFID systems. The product acts as a firewall that authenticates RFID tags prior to allowing their data to pass into enterprise systems and also scans input to detect and block malware. RF-Wall works by using the unique tag ID to create a digital signature.

Retailers focused on contactless payment might want to circle July 24, 2008, on their calendar. That is when the U.S. Federal Trade Commission will hold a hearing in Seattle “to explore the growth of contactless payment systems and the implications for consumer protection policy.”

Here are the details of the FTC’s hearing along with a link to submit comments electronically. There are lots of legitimate pros and cons on this issue, but the panel should at least understand the merchant’s perspective.

With the nation’s largest casino town as its backdrop, IBM and NCR gambled that the ho-hum growth in self-checkout can become a winner if the systems are moved away from the front-of-the-store checkout lanes and moved back toward the deli, bakery and even in the middle of the cereal aisle. All in all, I’d rather take my chances at rolling a 10 the hard way.

Las Vegas was hosting the 2008 Food Marketing Institute and Marketechnics show, which felt like self-checkout central this week. Read more.

London-based Marks & Spencer is the RFID tag champ. Attaching 350 million a year to items of clothing, they even blow past Wal-Mart when it comes to tagging individual items. Unfortunately, each and every one of those tags might have used the wrong technology.

The exec “who has been running the program said to me a year ago, ‘I’d love Nokia to say we have a way for people to walk into this door, wave their phone over a suit and take it home,’” said IDTechEx Chairman Peter Harrop. “But he said, ‘I think I’ve chosen the wrong frequency.’” Read more.

GuestView Columnist David Taylor this week suggests that, today, only a small minority of retailers says that they are getting much value from their security investments.

Examples abound: Intrusion alerts that are ignored due to lack of staff, firewalls with rules that are out of date, intrusion detection systems that have not been tuned to minimize the false positives, encryption keys that are never changed, privileged users who have permissions left over from prior projects, terminated employees who still have logins and policies that are not enforced. Fixing this stuff is not expensive, but it’s not fun either. Read more.

Wal-Mart executives this week promised Arkansas legislators that any product with a radio tag would be clearly labeled, as the retail giant tries to put the inventory-tracking devices on all products sold at Sam’s Clubs by 2010, according to this BusinessWeek story.

After checkout, customers would have the option of removing the labels containing the tags, Wal-Mart told the state legislators. “If a manufacturer installed the tag inside a container, workers would be able to deactivate it before a customer leaves the store,” the story said.

A difficult to duplicate RFID chip? That’s the claim of an RFID startup, which is using MEMs resonators to create a unique signal, or “voiceprint,” which can’t be cloned and can be used to authenticate the chip, according to this RFID Update story.

“Each voiceprint is unique but falls within a defined band so separate readers do not have to be developed for each chip,” the story said. “However, MEMflakes can’t be read with RFID readers currently on the market.”

Although contactless payment has tremendous potential to advance payments and set the stage for mobile commerce, it’s suffering from benign neglect from both retailers and the card brands—and banks, too. That according to a new contactless payment report from analyst firm Javelin Strategy & Research.

The key argument of the report is that none of the three groups of companies involved—the card brands, the issuing banks and key retailers—is spending the dollars to create true incentives to make contactless payment work, said lead report author Bruce Cundiff, who is Javelin’s director of payments research. “There is no effective value proposition for merchants and for wireless carriers,” Cundiff said. Read more.

RFID vendor Mojix has rolled out a new RFID system that it says can read passive, Gen2-standard tags from 600 feet away; cover 250,000 square feet of area; and pinpoint tag location in 3D, according to this intriguing RFID Update story.

The move is interesting, because it shows a vendor’s willingness to play with the assumed RFID rules to try and generate a little retail ROI. The story quotes company officials saying that the claims are based on advances in digital signal processing, RF antenna design and computational processing power. Mojix’s STAR 1000 differs from traditional RFID systems by using separate components to power and read tags. “There is no rule of physics or regulation that says the receiver and transmitter have to be in the same housing,” said Kevin Duffy, Mojix senior vice president of sales and marketing.

With reports out this week that Boeing’s much-celebrated upcoming aircraft—the 787 Dreamliner—would be again delayed because of technology problems, some wondered if the delays involved the plane’s extensive RFID experiments.

Boeing spokesperson Nancy Standifer announced Wednesday that the plane’s delays do not involve its experimental RFID capabilities and for a very good reason: the delays have prevented the RFID phase from even starting. The plane is slated to be among the first to truly have RFID tags on thousands of individual parts. And those tags have to work in temperatures that ranged from 40 degrees (Fahrenheit) below zero to 1,200 degrees above zero.

Amidst the sea of security announcements slated for the next week is a card swipe device that claims almost instant encryption of cards, avoiding the problem of card data being grabbed before encryption.

Such claims are commonplace, but the VeriShield Protect from Verifone is making claims that—if ultimately proven true—would significantly advance retail payment security. The new unit uses Hidden Triple Data Encryption Standard (H-TDES) from a company called Semtek Innovation Solutions Corp.. It’s hardware unit is designed to deactivate if anyone succeeds in opening the case, making the planting of physical data-capture devices more challenging. Read more.

With the background of repeated recent payment data breaches coupled with wireless security concerns, the U.S. Patent and Trademark Office last issued a trademark for a cellphone payment that leverages current retail equipment, an instantly encrypted validation code and completely sidesteps wireless communications. Plus, it avoids the retailer having to store the credit card number at all.

The Patent itself covers a variety of uses (see the Patent’s full text here as well as some illustrations that accompanied the federal filing), but its core functionality would require consumers to download a small applet to their phone, which would then be associated with a payment method plus a password and potentially some other authentication approach such as any form of biometrics. Password-only protection is the default scenario. Another piece of software would be installed in the retailer’s POS system. Read more.

Bankrupt Pay By Touch—officially using the name Solidus Networks—has sold off two key units for a total of $4.8 million.

Phoenix Check Cashing dropped $4.2 million to pick up Pay By Touch’s check-cash¬ing division, known as BioPay Paycheck Secure, according to The Nilson Report. Acculink paid $600,000 for ATM Direct, a unit trying to introduce PIN-based debit card payments for E-Commerce sites, the publication reported.

Pushing a convenience/ease-of-use argument, payment processors have spent much of the last two years trying to get consumers to use different payment methods. But 2008 has thus far not been friendly to them.

This week brings the news that American Express is halting its ExpressPay keyfob, some six years after the payment giant started offering it. The program is expected to deactivate the last of its fobs by July. There are many reasons the fob may have died, but at least Amex—with six years of fob effort under its payment belt—can’t be accused of not giving the fob enough time to work. Read more.

The retail move to embrace 2-D barcodes that began with a Sears trial in December and strong interest from BestBuy, the Gap and Target is inching forward, with a 500-store trial starting Thursday in San Francisco.

The trial, involving CitySearch, Antenna Audio and Scanbuy, is a fairly basic mobile integration effort. “More than 500 restaurants, shops and businesses reviewed by Citysearch are placing printed bar codes in their windows, and people who have Scanbuy software loaded on their phones can simply take a picture of the code and their phone’s Internet browser will immediately take them to the restaurant’s corresponding Citysearch page,” said a statement from the group.

Next Tuesday, it’s likely Washington state will have a new RFID law on its books, one that will be the first in the nation to make malicious stealing of data via RFID a crime. But the bill is a far cry from what’s the bill’s assemblyman sponsor had envisioned—and what he says he will still fight to get.

The bill had been pushed by Assemblyman Jeff Morris. The final version of the bill—which Morris said he expects Washington Governor Chris Gregoire to sign into law on Tuesday—makes anyone guilty of a Class C felony if they “intentionally scan another person’s identification device remotely, without that person’s prior knowledge and prior consent, for the purpose of fraud, identity theft or for any other illegal purpose.” Read more.

Just three months after filing for Chapter 11 bankruptcy protection, Pay By Touch officially pulled the plug on its remaining biometric transaction customers Thursday morning.

Pay By Touch (officially Solidus Networks Inc. doing business as Pay By Touch) issued a statement on Thursday that it “regretfully announced today that it will no longer process biometric transactions on behalf of its merchant customers and consumer membership base, as 11:59:59pm March 19, 2008.” Read more.

Guest Columnist Ed Adams argues that PCI has a long way to go and that the PCI Security Council isn’t helping very much.

“The PCI Security Standards Council is made up of seemingly smart folks from the credit card brands and security industry. Unfortunately, this group of misfits is saddled with a myriad of competitive conflicts of interest and, worst of all, a complete misunderstanding of how to best protect card data and consumer identity,” writes Adams. Read more.

Shortly after reports surfaced that the Hannaford grocery chain had been PCI compliant at the time of its data breach attack, the Web has been crawling with those questioning the value of PCI, even as the confusing preliminary details of the breach are being sorted out.

As one who has frequently used this column to point out the many flaws within PCI, please allow me to stand up and say to those PCI critics: What planet are you from that tolerates only perfect security systems? Do they conclude from one successful burglary of a house protected by a top-notch burglar alarm and high-security deadbolts that burglar alarms and deadbolts are worthless? Read more.

As details of the Hannaford data breach trickle out, the familiar data breach pattern of apparent inconsistencies has emerged.

For example, Hannaford’s people have been stressing to reporters that they were PCI compliant and, indeed, that they not only were certified compliant in Spring 2007, but that they were re-certified compliant in February 2008. But that raises more troubling questions than it offers comforting assurances. As a Level 1 retailer, Hannaford is only required to undergo a PCI assessment once a year. If they were compliant in the Spring—regardless of which month it was—it seems eyebrow-raising that they would have sought another assessment so soon. Read more.

One of the non-intuitive truths about marketing is that marketers love to suggest the opposite of what they know to be true. This was illustrated this week when a contactless payment organization leapt to attack the Associated Press for pointing out that contactless technology exists in credit cards as well as building access cards.

You don’t address security concerns by pretending they don’t exist. You acknowledge that everything is relative and that weaknesses are there but there are advantages, too. Read more.

This is one of these “everyone already pretty much knew this but it’s nice someone took the time to prove it” studies. The University of Arkansas was paid by Wal–Mart to find out whether RFID actually improves inventory accuracy. It found that, yes, it does, to the tune of some 13 percent.

But the methodology is a lot more interesting than the as-expected result. The team followed air fresheners at 16 Wal-Marts for 23 weeks where “a national inventory-auditing group determined each day’s on-hand air-freshener inventory by manually counting every item in all 16 stores.” Read this RFID Journal piece for a look into how to prove inventory accuracy and why a retailer can never afford to duplicate this study.

A grocer offering milk cartons that glow when their milk turns sour and a programmable soft drink that will change its flavor to a consumer’s whim. These are two of the more unusual ways nanotechnology may impact retailers in the next few years, according to this fascinating story in Australia’s Sydney Morning Herald.

While the product capabilities can be exciting, the potential health hazards are better described as terrifying. If groceries of any kind are among your SKUs, you should check this piece out.

At long last, this week finally delivered a wireless security report with some good news. Due to airport wireless security holes big enough to fly a Boeing 747 through, the report discovered one airport with an unencrypted wireless baggage handling network that could allow bored travelers to hack into it and reroute other people’s luggage for fun.

“Since Bernie ordered me to accompany him on this stupid trip to Philadelphia and we sit here in a five-hour connecting flight delay in Chicago, it’s the least I can do to thank him by giving his luggage a much-deserved holiday in Hong Kong,” deviously thinks Brad, the junior LAN administrator with far too much time on his hands. Read more.

JCPenney and Krogers are the latest U.S. members of the National Retail Federation’s Association for Retail Technology Standards, joining the newest global members of Tesco, Carrefour and IKEA.

The Association for Retail Technology Standards is an international membership organization that, since 1993, has said that it was dedicated to reducing the costs of technology through standards.

Hello, blog readers! We’ve been approached by a company that wants to create a 3-D environment for StorefrontBacktalk, complete with avatars for all readers. Before we explored this more seriously, we wanted to ask our readers whether we should proceed. Therefore…

Near Field Communication (NFC) is running into the exact same kind of tech hurdles that has slowed down RFID, according to a new report from the Venture Development Corp., which cited a lack of supporting infrastructure, standards problems and a “complex ecoysystem of stakeholders.”

VDC “believes that NFC may take root first in niche vertical applications rather than hypervolume consumer applications like contactless payment,” said this RFID Update story.

The Metro Group’s RFID trial efforts have been well-known, but this is an interesting International Herald-Tribune story discussing some of the privacy debates within Europe on their efforts.

The piece quotes a Metro person as saying that a recent European Union effort to force the tags to be deactivated at POS as the kiss of death for consumer-facing RFID. “If we have to deactivate at the check-out, then the technology is going to stay within the logistics process - to say where is a box or where is the pallet in the distribution center. It won’t come on consumer items. They’re going to kill the technology with that.”

Are we looking at a near future where consumers’ purchase profiles will be used by law enforcement to track down fugitives?

The potential is absolutely there, with retailers collecting molecular mountains of shopping history—sometimes more than a decade’s worth—and law enforcement seeking creative ways to find criminals (or people they think are criminals) who are quite determined about not being found. Read more.

A pair of companies is pushing an approach where hotel guests could use their electronic room key to also open vending machine snacks, which would then be automatically charged to the guest’s room.

The new approach, from Cstar Technologies and Fastcorp, would theoretically make such purchases easy to order repeatedly, offering revenue and margin that could more than compensate for reductions in “honor bar” purchases.

Global RFID revenue is expected to hit $1.2 billion this year and $3.5 billion in the next four years, according to new Gartner projections. This year’s figures represents an almost 31 percent increase from last year.

Gartner reported that the leading segments were discrete manufacturing (21 percent), national and international government (20 percent), transportation (20 percent) and then retail (14 percent).

RFID-tagged products will have to be deactivated at the POS throughout Europe, if draft guidelines proposed this month by the European Commission are approved.

A public consultation is being launched into the “soft law” guidelines that EU Information Society and Media Commissioner Viviane Reding hopes will be adopted by the European Union executive to be applied in all the bloc’s 27 member states, according to this Reuters story. The guidelines are “tentaitively scheduled to be adopted before the summer of 2008,” the Commission said in a statement.

Sometimes, people who spend most of their working hours trying to get technology to do magical things lose sight of the many psychological dynamics. In short, employees and consumers rarely see things the way technologists do, which can cause some wonderful disconnects in the field.

Retailers and telcos and others are watching test markets such as New York City and seeing how many consumers are using contactless payment. Their assumptions are based on the number of contactless cards in the population. But if that population doesn’t realize that they have a contactless card, there’s nothing valid that can be concluded when those people do not use them. Read more.

These days, retail’s data breach du jour is some manager’s laptop getting stolen.

Breach letters are being sent out so frequently that I wonder if it’s going to pique the business interests of Hallmark. A card for every occasion, when you care enough to breach the very best. Perhaps a merger with their Get Well cards? “Sorry to hear that you’re not getting around these days…. [open card] …. but your CVV sure as heck is. Call 1-800-DATA-OOPS for your free year of credit monitoring, courtesy of your neighborhood retail chain.” Read more.

In very early January, residents of New Hampshire couldn’t pull out of their driveways without running into a presidential candidate. That’s how it is today with retail IT executives and vendors selling PCI compliance packages.

But, for better or for worse, that’s not a long-term situation. Like the presidential candidates who had to fly South for the winter (or fly the coop entirely), these compliance salesfolk have a limited lifespan. Within the next year or so, retailers are going to shift from trying to become PCI compliant to having to maintain PCI compliance. Read more.

The major credit card brands—and the banks they work with—do a fine job talking up security when they’re at podiums or writing news releases. But when it’s a choice between consumer security and lower transaction fees? Faggedaboutit. Fees win out every time.

At least that’s one of the core conclusions from a report released Thursday from technology analysis firm Gartner Inc. Read more.

In a move that researchers said might set up low-cost, high-volume RFID tags that could replace barcodes, the European Holst Center said Wednesday that their 64-bit, inductively-coupled, passive RFID tag achieved a record 780-bit/second data readout.

This development “represents a five-fold increase in bit rate performance compared to state-of-the-art plastic RFIDs,” reported Electronic Engineering Times. The story reported that the 64-bit RFID consists of a low-cost inductive antenna, capacitor, plastic rectifier and plastic circuit, all on foil.

Some 230 Oakland, Ca., commuters started a trial this week where they were issued specially-equipped near field communication (NFC) Samsung phones, devices that could be used to directly pay for the subway, Jack In The Box meals and can interact with underground posters to get directions.

The trial with the Bay Area Rapid Transit (BART) commuters started Tuesday and is expected to continue for four months, said Mohammad Khan, the CEO of Vivotech, which is one of the technology vendors involved in the trial. Sprint is also a key partner in the project. Read more.

A Chicago man has an older car that he’s not wildly in love with, but it’s good transportation. He’s not into the car’s appearance, figuring that the painting is for the entertainment of everyone else. He cares about what’s on the inside.

One day he’s in a parking lot and discovers that someone placed a huge scratch along the right side of the car. His insurance company inspects and awards him a large check to have the car completely repainted. Instead, the man uses the check to buy a new state-of-the-art audio system. The way that Chicagoan views his insurance check is how many IT leaders see PCI requirements. Read more.

One of the fastest growing segments of retail technology today is clearly mobile, whether it’s in the hands of consumers accessing the web or using 2-D barcodes on ads or in employees’ hands, changing prices on the shelf or doing inventory or even processing customer purchases while they stand in line.

But there is a huge IT frustration with those mobile devices when it comes to retail employees. It’s not the fact that most new retail tech capabilities are mobile and experimental, which just begs the data breach Gods to punish managers. That’s less frustrating than infuriating. Read more.