StorefrontBacktalk

Amazon Explores Buying Back Products; Wal-Mart, Best Buy Give Up On Used Video Games

Evan Schuman — Thu, 04 Feb 2010 04:55:56 +0000

Some major retailers have been debating whether the buying and selling of used merchandise (please shoot me if I ever say “pre-owned”) is a business model worth pursuing. Wal-Mart and Best Buy, after pushing the idea for about six months, have surrendered plans to buy and sell used video games. But Amazon, always the more adventurous of E-tailers, thinks the idea has huge potential. A Financial Times of London story cited an Amazon ad for programmers: “As people upgrade to the latest and greatest there is a plethora of valuable, perfectly good products that need a new home. We help facilitate the pairing of new owner with device, while also creating an open marketplace.”

What makes the Amazon concept so intriguing from an IT perspective are the CRM implications. Instead of tracking purchases to merely profile the customer, the new requirement is to also profile the products purchased. What is each product’s life expectancy? What is the optimal point to make an offer to a customer who might be starting to get bored with that product? How much of an upgrade can that consumer afford? Should the company start pitching new prospects based on a software projection of what already-sold merchandise will likely come back into play? And you thought Amazon needed a huge data warehouse before?

Mobile Sites Are Supposed To Be Slow, But Not This Slow

Evan Schuman — Wed, 03 Feb 2010 20:52:28 +0000

Best Buy Does OK, Costco Tanks. When Keynote Systems started looking at the mobile sites from major retailers late last year, the veteran mobile and Web site test and measurement firm knew that these sites would be a lot slower than their wired Web counterparts. But some at Keynote were caught off-guard by just how slow some of the major retailers’ mobile sites were. To put this difference into context, Keynote argues that a wired Web site should, on average, be able to deliver a page—especially the site's homepage—within two seconds. For mobile, Keynote said, users should tolerate sites that are about twice as slow, or about 4 seconds on average.

In its examination of 10 major E-tail sites—Amazon, Barnes & Noble, Best Buy, Costco, Dell, Foot Locker, Musician’s Friend, Sears, Target and Walmart—the very fastest site (Best Buy) averaged more than twice Keynote’s acceptable slow estimate, crawling in at 8.3 seconds. Again, that was the fastest mobile site. The slowest site delivered its average page in 34 seconds. Keynote officials steadfastly refused to identify which site was the slowest. That said, points made by Keynote while discussing the study pretty much eliminated all of the tested retailers other than Costco from being candidates for the slowest performing site.

HSN: Where Multi-Channel Becomes Even More Multi

Evan Schuman — Wed, 03 Feb 2010 17:45:15 +0000

When Brian Bradley left Circuit City as its senior vice president, Multi-Channel (well, more precisely, when Circuit City went out of business and left Bradley and tons of others unemployed), years after having worked at J.C. Penney, he felt that he had a good handle on retail merged-channel, cross-channel and multi-channel issues. But when he began his new gig as executive vice president at HSN (formerly the Home Shopping Network), Bradley discovered television as another retail channel and started looking at customer interactions very differently.

One of Bradley's first takeaways from the $2.8 billion HSN was that consumers' interactions with content are strongly influenced by their physical location. Why? It's expectation. Consumers see brick-and-mortars as places to look, touch and buy products. Video demos feel out of place in that context. At home watching TV, however, the expectations are much more tolerant. "Depending on where a person physically is can dictate how you can have their attention," Bradley said. "Out on the street? She'll have seconds. In-store? A minute or two. On the Web? Maybe 15 minutes. But on the TV? Hours. People go to the Web with certain goals in mind. There's a lot of bouncing back and forth as they're trying to solve a problem. There's more ADD, bouncing around."

Retail Vendors: Forget New Functions. Just Make It Simple And Cheap

Todd L. Michaud — Wed, 03 Feb 2010 17:34:03 +0000

Do you know what question Franchisee Columnist Todd Michaud hates? “If I can go buy a basic cash register for a couple hundred bucks that does everything that I need, why on earth do I have to spend $10,000 on a POS? Someone has asked him this question almost once a week for the last 4 years. Do you know why he hates it? Because after 4 years, he still doesn't have a good answer.

"I typically say something like, 'It is our requirements that drive us to that price point. Adding centralized menu management, polling, integrated inventory management and labor management into the mix requires that we buy this type of system. You can’t do that stuff with a cash register or basic POS.' Typically, the response I get is something like: 'So? I don’t care about all of that complicated stuff. I just need to ring sales.' It’s no wonder franchisees think that retail CIOs are out of touch with reality. Here is the really crappy part. When you add in all of the other costs, such as high-speed broadband, hardware maintenance, software maintenance, help desk, installation, inventory management, labor management, training and various upgrades along the way, that $10,000 POS is probably going to cost franchisees $20,000 over five years--not to mention that they wrongfully expect the system to last 7 to 10 years.”

Trying To Force Strong Passwords Futile, Counterproductive

Evan Schuman — Wed, 03 Feb 2010 15:04:53 +0000

The almost daily reports of consumers and retail employees using either weak passwords or the same passwords in multiple places—or both—is being met with yawns by retail security executives. But the kneejerk response—forcing consumers and associates to be smarter about security—has had little effect, beyond being counterproductive.

For example, a company can automate rules for choosing passwords and require that they be changed periodically. But the stronger the password, the more it will fuel its own failure. Let’s say the rules require that passwords be at least 11 characters and include numerals, characters and non-traditional characters (&, %, |, @, #, ~, etc.). Add to that requirement that no character or number be repeated and that each password must pass a dictionary search. Sure, you’ll get a strong password, but you’ll also almost guarantee that that password will be written near the computer in plain sight as well as typed into a desktop file in clear text. As Newton’s IT director said, “To every password action, there is an equal and opposite stupid user reaction.” This is the topic of this week’s StorefrontBacktalk column on the McAfee security blog.

Forrester Thinks Some Retailers Are Leaving Too Much Cache On The Table

Evan Schuman — Wed, 03 Feb 2010 03:26:17 +0000

Although retail sites are obviously very fond of cache, a new report from Forrester Research states that many developers are focusing only on one type of cache and leaving a lot of potential performance boosts in the ether. The report talks about server cache versus browser and edge cache. “Forrester has found that many companies do not take advantage of all three levels of caches in their architecture. Application development professionals often focus on optimizing the server-side cache while ignoring the browser cache or optimize their Web-page design to take advantage of browser caching only to be stung by geographic latency because they don’t know that they should use a content delivery network.”

Forrester stresses the importance of factoring in geography when making cache decisions but points out that IT shouldn’t confuse a dense population of customers with the company’s best (read: most profitable) customers. “Caching nearest to your users goes without saying, but most companies must allocate their caching dollars carefully, and your biggest investment should be close to your most profitable customers. Your most profitable customers may not be located in your highest concentrations of customers. Work with your marketing department to analyze customer profitability and location, and then review this data at least annually.”

What’s The Rush For New PCI Call Center Requirements?

Walter Conway — Tue, 02 Feb 2010 23:26:30 +0000

PCI Columnist Walt Conway initially thought the PCI Council’s revised guidance on audio recordings were not that big a deal. He quickly changed his mind.

"You will need to reconfigure your call center application to stop recording the security codes. This point is where I start to have some problems. If your application can’t do this, you need to upgrade or replace it with one that automatically interrupts recording when, for example, the payment screen is displayed. And forget about using manual interrupts, at least if I’m your QSA. In practice, they can be too easily missed, forgotten or ignored. Large retailers will make a business decision and budget for the investment. But what about smaller merchants, charities and universities with call centers?"

Intel, Microsoft Toying With Digital Signage That Can Interact With PDAs

Evan Schuman — Tue, 02 Feb 2010 04:39:25 +0000

Intel and Microsoft are working on what is truly the next generation of digital signs. These devices will be able to share content—both ways—with phones. But they could also use facial recognition to identify repeat customers without the benefit of loyalty cards or RFID. The cameras embedded within the displays would simply recognize faces the system has captured before, ultimately having the potential to identify those consumers.

The camera software will initially be designed to differentiate between genders and to detect products the customer has touched. That information could signal a coupon to be sent to that consumer’s smartphone. None of these options is rocket science. But they do show a concerted effort to leverage the kind of data that is accessible in-store and, ironically, much harder to capture online. Think of it as Big Brother with a sales commission.

Target Denies IT Layoffs In India While Borders Promises Them

Evan Schuman — Tue, 02 Feb 2010 03:19:34 +0000

This has been a difficult—and truly odd—last few weeks in the retail IT world. Target CIO Beth Jacob made the highly unusual move of issuing a statement denying that the retailer planned to sell its Target India IT operation. (What does it mean when the executive vice president of a $63 billion retail chain publicly reiterates its commitment to your team? Update your resume.)

“Our captive center in Bangalore continues to be an important part of our long-term strategy and is highly integrated with our work and team in Minneapolis,” said a statement attributed to Jacob, who is a Target executive vice president in addition to being the chain's CIO. Added Tim Baer (another Target executive vice president and general counsel): “We do not know the source of this ridiculous speculation, but we can absolutely reaffirm that it is unequivocally not true.” If the speculation is so ridiculous, why issue a statement quoting two executive vice presidents? The only sentence in the execs’ statement that describes these rumors says: "The company emphatically refutes the irresponsible rumor that it is engaged in any discussions, or has any plans, to sell its Target India operations." This is where things get scary.

Cambridge University Calls Verified By Visa Secure Protocol Terrible Security

Evan Schuman — Tue, 02 Feb 2010 03:03:47 +0000

At a presentation at the Financial Cryptography and Data Security conference, a Cambridge University computer lab team dissected the recent 3-D Secure (3DS) protocol—branded as Verified By Visa and MasterCard SecureCode. The team found that not only was the security lacking, but it sharply undermined other security mechanisms.

"3-D Secure has so far escaped academic scrutiny, yet it might be a textbook example of how not to design an authentication protocol," wrote Cambridge University's Steven J. Murdoch and Ross Anderson. "It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. It's bad enough that EMV Verified by Visa and MasterCard SecureCode have trained cardholders to enter ATM PINs at terminals in shops. Training them to enter PINs at random E-Commerce sites is just grossly negligent." The pair, however, found that 3DS did get one part right: the money and where it comes from. Although "other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology, they got the economics wrong, and their schemes have not been adopted. 3-D Secure has lousy technology but got the economics right, at least for banks and merchants. It now boasts hundreds of millions of accounts."

And The Award For The Most Overly Complicated Auction Site Goes To Biddees

Evan Schuman — Mon, 01 Feb 2010 05:01:18 +0000

As eBay has discovered, there’s a lot of money to be made in them thar online auctions. So it’s no surprise that lots of startups are trying to creatively find their own slice of the auction pie. But a site called Biddees, from the people who brought you shoes.com, is taking an unusual approach that just may prove to be the most needlessly complicated auction site in quite some time.

This wonderful story from Internet Retailer does a nice job of detailing this cocoon of complexity: “In order to see the current price of a prepaid card, which is guaranteed to be at least $1.50 less than the card’s face value, shoppers first have to use a token called a Little Biddee Thing, which costs 99 cents. Each time a customer views the current price of a card, the price automatically drops 50 cents. If the shopper is the only person viewing the card, he has 30 seconds to buy the card at the current price,” the story said. “If another person is already viewing the card, the shopper enters a queue before he can see the card’s price. If the card is purchased while the shopper is still in the queue, the shopper will be transferred to the next auction for the same product. An auction ends when someone purchases a card or when its price reaches zero. The last shopper gets the card for free.” Of course. What could be more natural?

To Counter Every “Retail Revenue Is Down” Argument, There’s Amazon

Evan Schuman — Fri, 29 Jan 2010 15:47:27 +0000

For many retailers, flat or minuscule in-store revenue increases are becoming the norm, with online increases the only thing that looks bright. Mobile is going to quickly fall into that category (although a percentage increase for anything as new as mobile is meaningless, it still looks cool on an earnings report). But how can this work given the small revenue percentage E-Commerce still controls? Let’s take a look at Amazon’s latest numbers (which look pretty much like all of its numbers.)

The king of E-Commerce reported on Thursday (Jan. 28) a 42-percent increase in net sales for the fourth quarter just ended, along with a net sales increase of 28 percent for the whole year, to $24.5 billion. (To be precise, it’s actually 29 percent if you exclude a $182 million unfavorable impact from year-over-year changes in foreign exchange rates throughout the year, the company reports.) Sure, you say, but revenues are not the point. What about profits? Net income soared 71 percent (to $384 million) for the quarter and 40 percent (to $902 million) for the year. Amazon’s official guidance for the first quarter 2010 is equally rosy, suggesting a sales increase of as much as 43 percent. For those arguing that E-Commerce will always be a footnote to in-store, these numbers are hard to ignore.

Former Woolworth’s CIO In Kickback Trial In Australia

Evan Schuman — Fri, 29 Jan 2010 04:44:37 +0000

Former Woolworth’s CIO David Wills is in the middle of a criminal trial, accused of accepting more than $3.7 million in bribes related to IT decisions about a POS system and some server upgrades. The fraud accusations involved approximately $37 million in IT contracts that were awarded by the retail chain.

According to The Australian newspaper, the executive “allegedly received $1.78 million between February 1997 and January 1999 in exchange for awarding an IT contract to Israeli software firm Az-Ben. He is accused of accepting a further $1.92 million from Az-Ben for giving advice to NCR that was likely to influence NCR to enter into a contract with Advance Retail Technology.” The newspaper story added that the “contracts were for Woolworth’s APOS2000 project, an upgrade of its point of sale systems and servers for the Millennium rollover. In December 1997, the retailer began a $130 million overhaul of its systems.”

POS Software Maintenance Disconnect: Retailers To Pay A Lot More Than They Expect

Evan Schuman — Thu, 28 Jan 2010 08:13:10 +0000

Although it’s hardly a stunning revelation that retail IT will be spending more on POS software maintenance this year than they expect, it’s unusual for a research report to quantify it precisely. A new report from the IHL Group and RISNews, however, tries to do just that.

Beyond showing a modest IT spending increase at both the store and enterprise level, the report found a “disconnect between what retailers are claiming they are paying today for software maintenance” and what the vendors they are considering for their next POS are actually charging, said IHL President Greg Buzek. “So those people considering buying Oracle for POS their next time, they are currently only paying 10.1 percent of license fees towards maintenance. If they actually buy Oracle, they will be adding an additional 11.9 percent to their annual software maintenance cost for POS. If they move to accounting/finance/HR, it would be an 8.4 percent increase. And if it’s Oracle merchandising and supply chain applications, it would be 8.6 percent more than what they pay today with their current vendor.” The vendors examined were Microsoft, SAP, Oracle, JDA, Micros, IBM, NCR, Retalix, Epicor and Fujitsu.

New PCI Phone Rules: A Number Spoken Is Just As Risky As One Typed

Evan Schuman — Thu, 28 Jan 2010 07:18:20 +0000

Last week, PCI changed its policy on audio recordings. It now instructs retailers to treat a digital audio capture exactly the same as if it was written. This means that all of those call centers asking for credit card details over the phone must dispose of those recordings, or at least the parts that store the prohibited data, immediately.

The PCI community has been debating the audio rules for years, with our first story on it back in August 2007. (No, we won't say that this is the first sound decision from PCI in years. Plays on words and data security stories rarely mix well.) The issues go beyond the literal digital audio capture ruling that PCI just issued. Another key concern are overheard snatches of conversation. In theory, that is where a cyberthief calls a call center with a series of long questions. The thief records the call and later extracts the sound of other call center operators reading back credit card numbers, expiration dates and CAV2/CVV-2/CVC-2/CID details.

The CIO’s Job Description: Top-Notch Sales Executive

Todd L. Michaud — Thu, 28 Jan 2010 06:23:25 +0000

At an NRF panel earlier this month, McDonald’s CIO David Grooms was asked by the moderator what he would tell people his primary job is. Grooms said, "I'm in sales," and then added that he wanted his staff to say, "We make hamburgers." Grooms is right that a CIO needs to be a master of sales, but that's mostly because the CIO needs to sell both upstream and down.

The CIO needs to sells ideas upstream to senior management and sideways to line-of-business peers, convincing them that the technology is the right move and that it needs to be approved and funded. If that works, it's barely 30 percent of the battle. If the stores aren't sold on the idea, Franchisee Columnist Todd Michaud opines, the data won't be used and the project is doomed to fail. And you're to blame.

Burger King Sues Franchisees Who Didn’t Upgrade POS

Evan Schuman — Thu, 28 Jan 2010 06:12:00 +0000

Fearing it would lose control over all of its franchisees, Burger King has now sued hundreds of its franchisee stores because they missed a chain deadline for purchasing new POS systems. The litigation highlights—albeit acrimoniously—a difficult franchise IT issue: Chains mandating equipment investments that most franchisees believe do not benefit them enough to merit the cost.

One key issue that both sides are arguing is timing. Some of the franchisees have argued that Burger King is being punitive by moving so quickly. They are pointing out that the chain's deadline was Dec. 31, 2009, and that the lawsuits started being filed within a few days of the deadline passing. Burger King argues that it has been extremely patient, having informed its franchisees of the POS upgrade rule back in April 2008--giving the stores a rather generous 20 months to arrange for and make new POS purchases. Indeed, Burger King is saying that it was even willing to give franchisees more time if they needed help raising the money, as long as they were truly trying to follow corporate's edict.

You’re Leaving This Money On The Table? For Shame

Evan Schuman — Thu, 28 Jan 2010 04:57:39 +0000

Dear StorefrontBacktalk Reader: I am truly surprised at you. Here you are, raised to be proud money-grubbing capitalists and you’re leaving cash on the table like Bill Gates at a charity reception. (And can you believe how much Bill Gates jokes have changed in the last 15 years?) We’ve been giving away autographed copies of a best-selling security book and we still have some left. All we ask is that you fill out 5 minutes’ worth of questions on a one-page survey about whether your trust your QSA.

Even if you don’t like the book, they’re selling for decent bucks on eBay even without the author’s signature. Heck, they even make a great gift for that IT staffer who didn’t get a raise last month because you really wanted him to quit. Seriously, we only have a few left and they are easy to turn into cash. Is a 5-minute survey such a lot to ask? And if you fill it out, I won’t have to come back next week and beg even more pathetically.

Data Breach Cost Numbers Games

Evan Schuman — Thu, 28 Jan 2010 04:07:35 +0000

Over the last few weeks, one of the most common questions we're hearing discussed is "Is PCI really worth it?" These are multi-billion-dollar retail chains asking this question. But there's a lot more behind the question than it might initially seem.

In a marked contrast to the same kinds of questions two years ago, the intent is not to ignore security. Indeed, many of the chains considering such a heretical question are already putting in place security procedures that go well beyond current PCI requirements. This isn't a safety or security issue. It's a simple CFO's ROI balance sheet, contrasting the bureaucratic and paperwork costs of dealing with the very formal PCI procedure with the limited fines and other bad things that will happen if a chain suddenly stops pursuing PCI compliance. A report released this month from Ponemon tried to quantify the cost of breaches today, but its conclusions are rather underwhelming.

Obama’s Cyber Security Coordinator Is The Perfect Metaphor For CIO Impotence

Evan Schuman — Wed, 27 Jan 2010 18:09:00 +0000

Late last month, President Barrack Obama finally named his cyber coordinator, some 10 months after he declared filling the position a priority. The person who was tapped for the position comes to the job with a resume boasting jobs that include chief information security officer at eBay and chief security officer at Microsoft. But the interesting part is how this new job so closely parallels the worst parts of today's typical retail CIO gig.

The role itself is a spreadsheet of contradictions. White House jobs, especially those senior enough where the President is personally involved in the selection, are highly coveted. And yet, quite a few of the people who were approached for this particular gig rejected it. This position is supposed to get a lot of POTUS face-time. And yet, in a town known for its inflated titles (another czar anyone?), this job title is the underwhelming Cyber Coordinator. Coordinator? That's the best they could do? But there's a serious issue with this gig. Some of its applicants complained of insufficient authority. In many ways, this lack of authority problem nicely encapsulates all of the problems with IT security management today: all responsibility; no authority; not enough money; plenty of blame.

Will Old OS Cause PCI Violation? No, But Marketing Still Says So

Evan Schuman — Tue, 26 Jan 2010 17:11:32 +0000

For your overflowing folder marked "Ludicrous PCI Scare Tactics That Too Many People Believe" comes a renewed effort from some security vendors to say that out-of-date operating systems this year will cause instant PCI non-compliance. The cure: Give the vendor a lot more money. (Funny how that “cure” seems to treat so many ills in these letters. It's the Penicillin of PCI.)

A letter from a POS vendor making the rounds warns retailers—under the headline "Information Security Advisory"—that an out-of-date OS will cause lack of compliance with PCI. The warning isn't true, but the popularity of this and related PCI claims is moving beyond annoying. Are these vendors lying or is marketing being allowed to make the claims without anyone checking? A recession drives marketers to desperate measures. (OK, so does prosperity, but let's not go there.)

Can Validating PCI Compliance Increase Your Vulnerability To A Breach?

Walter Conway — Tue, 26 Jan 2010 01:51:44 +0000

PCI Columnist Walter Conway argues that it may sound like heresy coming from a QSA, but he sees some merchants over-emphasizing their PCI annual assessment. The main event for them is a clean Report on Compliance (ROC) for Level 1 (and soon Level 2) merchants or a Self-Assessment Questionnaire (SAQ) for everybody else. They believe that once the ROC is signed, they can relax until the next year.

But PCI is not like that. PCI has requirements that demand regular attention if merchants are to remain compliant the other 364 days in a year. CIOs and merchants who focus only on their annual PCI validation may actually find that they unintentionally make themselves more vulnerable to a costly data breach. They also make their PCI revalidation the following year more difficult, and possibly more expensive, than it has to be.

Social Unstructured Data Is Not Unusable

Evan Schuman — Thu, 21 Jan 2010 08:40:00 +0000

Just as certain a fact as stating that many of today’s social network sites will be gone in two years is the fact that new social sites—invariably much more niche and focused—will replace them. Hidden in plain sight within the millions of posts in dozens of languages of these huge number of sites is every trend, every individual customer profile and every hint of what customers will buy—and perhaps even their desired price range—that your chain could ever wish for. There’s only one problem: There is no simple spreadsheet-friendly way to access that data.

You can read it without limits. But to automate that process and to process the data in a way to get anything meaningful out of it, that’s difficult. We are deluged with products and services that are trying to solve problems that hardly anyone has ever experienced. Who will be the first to conquer this one? Many companies—including SAP and Oracle—are trying to figure it out. But they typically try to fall back on algorithms and filters. The software needed is closer to what the CIA and the NSA use to parse billions of phone calls and E-mail messages while trying to figure out plots. It’s much closer to artificial intelligence than cryptography. Military satellite technology eventually came to consumers in the form of GPS. How long will it take for AI to visit the local retail chain, where software will peruse the world to find out the best assortment to be displayed tomorrow?

Social Media E-Commerce: Just Because It Can’t Be Measured Doesn’t Mean It Doesn’t Exist

Evan Schuman — Thu, 21 Jan 2010 08:19:44 +0000

The disruptive potential for social media and E-Commerce is huge, literally because it allows for so many—and ostensibly credible—connections that simply weren't viable 10 years ago. The influence on purchases is vast. But those influenced purchases are indirect, which drives marketers crazy because they can't be easily quantified. (Note: This scores social media two very well-deserved honors: driving lots of sales and driving marketers mad. The first accolade is more profitable, but the second is more fun to watch.)

What brings up this topic is a maddening news release issued by a customization vendor called ChoiceStream. In reporting its own survey, ChoiceStream concluded that "consumers are not as interested in shopping when engaged with social networks. The survey found that while M-Commerce is a hot spot for recommendations in 2010, social networking is not. Of the respondents who belong to a social networking site, only 8.5 percent report that they have ever made a purchase while on the site. And only 27 percent indicate any interest in product recommendations from trusted retailers." That so misses the whole point of social networks and E-Commerce.

Home Depot: NCR Kicked Out Because Self-Checkout Rival 20 Percent Faster, More Functionality

Evan Schuman — Thu, 21 Jan 2010 07:39:18 +0000

Longtime self-checkout enthusiast Home Depot is sticking with self-checkout but making a change in its self-checkout software. The home improvement superstore is pushing NCR software out and bringing Fujitsu in, at least in the chain's U.S. and Canadian stores. The chain had been using NCR machines running NCR software but will now apparently be loading Fujitsu software onto those NCR machines, according to Fujitsu officials. The NCR hardware will be staying, for now.

The change was for several reasons, including "some functionality in the Fujitsu software that we really liked and needed" that wasn't offered by NCR and testing that showed Fujitsu's software on NCR self-checkout units performed about 20 percent faster than when NCR's own software was loaded on its units, said Cara Kinzey, Home Depot's Senior VP of IT.

In Citi’s View, Costco Is The Least Sophisticated Retail IT Shop, CVS The Most

Evan Schuman — Thu, 21 Jan 2010 07:18:21 +0000

One of the most respected retail technology trackers on Wall Street, Citi, has put out a list of major retail IT leaders, ranking them from the most sophisticated and advanced to the least sophisticated. The most worldly ones include, in order, CVS, Walgreens, JC Penney, Target and Kohl's, while the more hick-like chains are Costco, BJ's, Family Dollar, SuperValu and Safeway.

"We consider CVS and (Walgreens) to be the most advanced, as they have already implemented chain-wide computer synchronization, advanced inventory management and pharmacy workflow optimization systems," said Deborah Weinswig, from the Citi investment research and analysis group. "The warehouse clubs are considered to be the least sophisticated of the group. However, BJ and (Costco) have fewer inventory management needs as a result of their unique business model."

Helicopter Parents May Ruin The Retail IT Industry

Todd L. Michaud — Thu, 21 Jan 2010 06:35:56 +0000

“Do you have any issues with me bringing my parents to my interview?” Franchisee Columnist Todd Michaud has now been asked this question three times when talking to candidates for entry-level IT positions. Ironically, a bad economy has created a stay-with-parents environment that has allowed applicants to be a lot more picky about jobs, especially tech jobs. That spells serious trouble.

Michaud describes the first parent-included IT interview he did, where the mother reminded him that her daughter was trying to decide about him, too. This makes for an awkward interview, but even worse, what does it say about the applicant's independence? Their ability to lead? Are programmers expecting instant gratification, the product of an "Everyone's a winner" upbringing? A frightening column for anyone hiring for IT positions this year.

Some Banks Try Again For Class-Action Heartland Lawsuit

Evan Schuman — Thu, 21 Jan 2010 05:35:17 +0000

Shortly after Heartland tried to sweep away most of the lawsuits against it with a series of recent negotiated settlements, a group of banks is trying to persuade other banks to reject the settlement offer and support a class-action lawsuit instead.

The lawsuit, filed Tuesday (Jan. 19), hit Heartland hard for its "lack of Payment Card processing system security; its desire to use a 'lowest bidder' system of selecting its outsourced IT 'auditors'; its reliance on a 'snapshot' telling it that, at one identifiable point in time, its system supposedly complied with the bare minimum industry standards; its startlingly poor IT oversight in general; and (Heartland's) complete and utter disregard of the oversight responsibilities they had to their fellow members of the Associations that allowed the intruders to make trip after trip in and out of the Heartland Payment Card processing system." The lawsuit also referenced Heartland's initial response to the attack. "Thirteen months later, the 'clean up' efforts would be seen for what they were—worthless." (Pause. But other than that, Mrs. Lincoln, how was the play?)

Forget Your Well-Thought-Out Mobile Strategy: You Now Need Three

Evan Schuman — Thu, 21 Jan 2010 04:37:01 +0000

The most popular parlor game in retail tech circles these days is plotting out mobile strategies. For some, that strategy may be little more than "not now." But the simple act of trying to craft a single, coherent mobile strategy may itself be flawed. Most retailers now need to prep three distinct strategies for dealing with the three separate ways mobile devices will be used.

The mobile retail world has now neatly morphed into three categories: consumer-used (with true M-Commerce, mobile research from home and on the road, etc.); retailer-used (for price checks, inventory inquiries, in-aisle supply chain inquiries, etc.); and consumer-in-store (2D barcodes, price comparisons, SMS communications with the chain, watching demos, mobile research from within the store, direct payment, etc.). To make matters worse, some applications sit in multiple categories, such as a retailer-used device that is temporarily given to a consumer for checking online inventory or seeing a demo.

Are Tokenization And End-To-End Encryption Substitutes?

Walter Conway — Wed, 20 Jan 2010 15:58:18 +0000

PCI Columnist Walt Conway is intrigued by the large number of retailers that are pursuing--well, at least exploring--approaches that include both tokenization and end-to-end encryption. He wonders "if that really makes sense from either a PCI or an economic perspective."

Maybe tokenization and end-to-end encryption are just two closely related approaches that can, when properly implemented, accomplish the same thing: minimize your total PCI scope. One thing is for sure, though: Either way, you will need to bring your checkbook.

Treats For Nice Tweets, Texting For Turkey

Evan Schuman — Tue, 19 Jan 2010 09:44:52 +0000

Frozen dessert chain Tasti D-Lite is getting creative with incentivizing customers to post nice thoughts on social networking sited to promote the chain: coupons. “Participants who register their loyalty programme ‘TreatCards’ online are given the option of allowing Tasti D-Lite to send an alert on their behalf, whenever points are earned or redeemed,” according to this wonderful Reuters piece. When the customer “swipes his card at the store’s point-of-sale system, his Twitter or Foursquare followers immediately get an update that reads: ‘I just scored 5 TastiRewards points at Tasti D-Lite Columbus, Circle, NYC! myTasti.com.’ The customer is then awarded points for the message, which he can later redeem for treats.”

Meanwhile, a few stores in the Subway chain are seeing whether online food orders via SMS are more accurate and more profitable. During the trial, one manager found that the “text ordering service alleviated all phone-in orders. Doing so improved operations because his employees no longer had to leave the sandwich counter to answer the phone,” said a story about the trial in QSRWeb. “He said he also found that order accuracy improved since customers were sending the orders in directly.”

Home Depot’s $60 Million PDA Investment

Evan Schuman — Mon, 18 Jan 2010 09:23:38 +0000

Home Depot will spend about $60 million on more than 10,000 handheld units that are designed to help associates perform mobile checkouts, process payment cards, stock shelves and make phonecalls, according to BusinessWeek. “This is the first big customer-service tool we’ve given our associates in a very long time,” said Home Depot CIO Matt Carey.

The chain has been trialing these devices since 2008, when we reported that they were initially tested along with an RFID-based loyalty card that flagged associates when certain high-priority customers entered the store and set off a door-based reader.

Former Limited Brands CIO Tom Keiser Named New GAP CIO

Evan Schuman — Mon, 18 Jan 2010 09:01:36 +0000

The former CIO for Limited Brands, who had spent 12 years with Ernst & Young, has been named CIO of the $15 billion, 3,100-store Gap chain. Tom Keiser, now Executive Vice President/CIO, will report to Chairman and CEO Glenn Murphy and serve as a member of the Executive Leadership Team.

“Tom brings with him a successful track record in the retail industry,” Murphy said. “Through his leadership of rolling out effective technology platforms that delivered solutions for employees, customers and stores around the world, he has consistently demonstrated how effective IT investments and execution can deliver business results.

Holiday Season Dollars: We (Somehow) Were Right

Evan Schuman — Thu, 14 Jan 2010 18:31:37 +0000

Back in October, the National Retail Federation (NRF)—through its chief economist—issued its annual projection of how the 2009 holiday season would fare financially. That prediction was a one percent drop in revenue compared with the identical 2008 period. StorefrontBacktalk thought that was absurd, and we did our own prediction, which is that the season's revenue would actually be up slightly, a figure we estimated would be an increase of "1.5 percent to 2 percent."

Well, the NRF issued its final official tally Thursday (Jan. 14): an increase of 1.1 percent. For our team, which never did better than a C- in economics class, that ain't too shabby. For the record, we knew the figures would be released about now and were fully prepared to eat crow if we had to. Glad we got it a lot closer than the NRF did. Personally, we hate eating crow.

McDonald’s: IT Must Be Comfortable Failing, But “Fail Really Small”

Evan Schuman — Thu, 14 Jan 2010 11:24:30 +0000

The retail senior management edict of "Innovate" is so shop-worn that it's become almost clichéd. But in all of those innovation memos from all of those CEOs and COOs, what's often missing is encouragement to fail. After all, if IT leaders are so scared of failing that they never try anything truly new or creative, they may fail less but they'll succeed in leapfrogging their competition almost never. That was a key point made during a National Retail Federation (NRF) conference panel discussion with three of the most influential retail CIOs: David Grooms from McDonald's, Rollin Ford from Wal-Mart and Neville Roberts from Best Buy. Grooms agreed when Roberts said that IT leaders must today "be prepared to fail" and to get comfortable with failing. "CIOs must foster the right culture so [IT staffers] don't have a fear of trying new things. There's always a new shiny toy out there," Roberts said.

But Grooms added: "You should try and fail really small. You test, take some risks, adjust and go back. But you really can't take that long. You can't take three years to develop an app. You must launch and learn." Roberts took the opportunity to tweak his own wording. "Fail is such a strong word," he said. "I prefer to think of it as a sub-optimal business case outcome."