|
Hannaford CIO Bill Homa, overseeing a data breach probe that exposed some 4.2 million payment cards, said this week that his grocery chain needs to go well beyond PCI to try and be secure, an effort he predicted would cost his department millions of dollars “but not tens of millions.” Homa called a news conference to detail some of those planned security improvements, including Triple DES PIN encryption (”customer card information is now encrypted from the PINpad at the store register and remains encrypted while it’s in our own internal network”), host and network intrusion prevention systems (”to proactively prevent malware from being installed in our systems”) and better payment segmentation. Read more. |
New stats out of India show three things: a sharply growing acceptance of the Internet (27 percent year-to-year increase); embracing of American sites (the top three most popular sites were from Google, Yahoo and Microsoft); and huge growth potential, given that barely 3 percent of its people today use the Internet.
Wal-Mart is certainly a company of few words. But when the world's largest retailer (it's expecting to hit $400 billion in annual sales later this year or early next year) wants to make a technology endorsement, a few words are all that's necessary.
In an eerie snapshot of where some top marketers want to take the next generation of search engines, a Japanese government-backed research project is working on a search that is based on what a user does, not a keyword a user types in.
Staples' Canadian operation has been quietly testing 2-way live video kiosks at 34 locations, but these kiosks do more than talk with customers: They remotely control hardware, including scanners and payment authorization devices.
Guest View Columnist David Taylor points out that PCI compliance has consistently generated larger security budgets, with little or no requirement for justifying them, other than "our bank told us we have to do it."
Despite an almost universal embrace of the idea of merged channel, most retailers aren't getting any closer to making it a reality, with overly restrictive inventory reserve policies, inconsistent data and political resistance getting most of the blame, according to a new Forrester Research report.
This issue's Reach Of The Week goes to IT analyst firm IDC and its report released Wednesday (July 16) that its survey of 250 execs "found that there is a growing level of commitment" to supporting green programs. So far so good, but let's look a little closer at these IDC figures.
A handful of Stop & Shop stores have been using in-store location tracking—coupled with basket content—to narrowly target ads to customers using handheld shopping devices, the chain confirmed in a statement issued Thursday (July 17).
Consumers older than 50 are rapidly growing fond of the Web, with such users checking news, for example, more frequently than those younger than 20 as well as participating in online communities more. But the study found that instant messaging and video downloads were "still tools for young users."
For those e-tailers wondering if video is an effective way to reach American consumers, here's the latest video stat, courtesy of Comscore: In May alone, U.S. Internet users viewed more than 12 billion online videos, representing an increase of 45 percent versus one year ago.
Bill Homa, who just stepped down July 1 as the CIO for the 165-store Hannaford grocery chain, considers Microsoft's OS to be "so full of holes" and describes the fact that current PCI regs do not require end-to-end encryption as "astonishing."
Retail deployment of the 2-D barcode, a technology that allows consumer cellphones to see virtually unlimited amounts of content by taking a picture of a special barcode, has slowed after an initial flurry of activity in January. But several major cellphone carriers are preparing to bundle the 2-D barcode software with phones as they ship. Will that make a difference?
Two recent developments—one involving a New York federal judge and the other involving a group of U.S. senators—are signaling serious difficulties for E-Commerce efforts over the next two years.
The number of reported data breaches has been soaring, with the figure from the first six months of 2008 some 69 percent higher than the number from the identical period last year. Among those were little-known recent breaches of Facebook, H&R Block and BearingPoint.
Fujitsu is hoping retailers in the United States will embrace a checkout system used by some European stores, but untested in the U.S., that splits scanning and payment processes into two different stations in the store. If American retailers decide to switch to this system, it will call for a significant overhaul of their current checkout systems.
Guest View Columnist David Taylor argues that outsourcing is considered the thing to do these days, like a summer barbecue. But it's both easier and more complex than most merchants think.
RFID vendor Impinj on Thursday (July 10) purchased all of Intel's RFID operation--including the R1000 RFID reader chip. A joint Intel/Impinj statement said that the acquisition details are not being released, but The Seattle Times reported that Intel will get an equity stake in Impinj.
No sooner had IT concocted a system to try and automatically detect an under-age shopper than someone has crafted a remarkably low-tech way to fool it. How low-tech? How about a picture ripped out of a magazine?
Will consumers ever deploy counter-top barcode scanners and a Web site to have groceries delivered to them automatically? A company called Ikan.com is hoping they will.
A new E-commerce payment system at UrbanOutfitters.com allows users to complete purchases in one screen, boosting cart conversion rates by 19 percent.
The PCI Security Council is branching out a little, with an attempt to bring unattended payment terminals (UPTs) under its jurisdiction. As kiosks get more sophisticated and start taking cash, credit cards, mobile transactions and other payment methods, the UPT security risk is sharply increasing.
A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards.
Amazon.com on Wednesday (July 9) finally deployed Bill Me Later as a payment option, almost eight months to the day after Amazon announced its intent to do so.
For the second time in two weeks, one of the largest grocery chains in the U.K. hit a snag with its Web site, triggering a 24-hour outage and causing the 823-store retailer to use a temporary homepage. Sainsbury's, a $38 billion retailer, is calling these incidents coincidental.
When the $1.3 billion JCrew apparel chain launched its new Web site on June 29, it was the culmination of a 2-year deployment effort. Seems that customers may have to wait a bit longer to fully use those new capabilities, as the site quickly crashed and has suffered significant slowdowns ever since.
J.C. Penney customers are twice as likely to say they are highly satisfied with their in-store shopping experience if they are working with store employees who are accessing the company's Web site while standing next to them.
When an order processing snafu shut down the delivery operations of one of the U.K.'s largest grocery chains, the $38 billion retailer acted starkly different than the typical U.S. retailer. The London-based 823-store Sainsbury's grocery chain immediately issued almost a half-million dollars' worth of vouchers.
A new Retail Systems Research report is challenging the way retail IT looks at application development backlogs. The report is based on a survey showing that some 79 percent of retailers have appdev backlogs of at least a year, with one-fifth of those hitting delays of more than two years.
The conventional wisdom has held that China is not likely to embrace E-Commerce, because of the Chinese aversion to credit payments and fears of piracy and poor quality products. But a Forbes story this week makes a powerful argument that E-Commerce—and a credit-card lifestyle in general—will be coming to China very soon and in a big way.
In one of the first wide-scale studies of SMS' capability to hold up under volume pressure, the technology fared "surprisingly" poorly, according to Keynote Systems. This has particular significance for retailers, who are exploring the technology's use for mobile communications connecting to both online and in-store.
A U.K. company is pushing retailers to use voice-recognition to authenticate purchases over the phone and online. The Voice Commerce Group's Voice Transact package has consumers call the service, quote a pre-arranged product code and then a series of digits dictated by the automated system. 
A federal appellate court backed a group of retailers Monday (June 23)—including Best Buy, Circuit City, Costco and Lowe's—by ruling that their gift card systems do not violate any patents.
Internal audit is not staffed to enforce PCI at the store level, argues GuestView Columnist David Taylor. Except for about a dozen leading retailers, most retailers do not have enough IT-skilled internal auditors to meet the requirement for a "continuous" review of store-level IT security.
Wal-Mart and a handful of others have been trying to do green the right away, with policies that will have a significant environmental impact and that also improve operations.
When Oracle finally introduced its Retail 13 integrated suite this week, after three years of acquisition and integration, the teams working for the world's largest enterprise software vendor might have breathed a sigh of relief.
Are European retailers going to have any better luck than American retailers with consumer-facing biometric payments? The 750-store Albert Heijn supermarket chain, the largest such chain in the Netherlands, is about to find out.
The Moodys Investor Service has upgraded how important a retailer's E-Commerce activity is when assessing that retailer's overall economic health. Although this isn't a radical change for the financial firm—and the thought that E-Commerce is important is hardly surprising—it's one of several recent moves suggesting that the young teen-age Web is starting to be taken a wee bit more seriously.
North American self-service transactions will process $607 billion this year, a figure that is projected to soar to $1.7 trillion by 2012, according to report published Wednesday (June 18) by the IHL Group. When IHL began work on the report, "I did not expect the acceleration that we're seeing in the out years," said IHL President Greg Buzek. "I did not expect how fast it's growing."
One of the repeated arguments made in retail data security circles is that retailers tend to have much weaker security because it's not as much of a cultural priority as, for example, banking. So it's a little bit consoling that the latest ATM databreach is apparently not the result of a retail breach, not the result of social engineering and the trusting bank clerk, but is the first proven incident of a bank server's breach linked to ATM fraud.
A pair of unrelated reports out this week are challenging several fundamental IT security assumptions, including that data breach laws will reduce consumer losses and that insiders account for more thefts than external evil-doers.
Just in time for Friday the 13th, Oracle is finally ready to unveil Oracle Retail V 13, with a formal rollout slated for Tuesday (June 17). Oracle's main retail suite is not expected to undergo any radical changes (even the name change is expected to be slight); it's mostly claims of better integration and interoperability.
E-tailers in continental Europe are just now starting to get hit by slower growth, but they are still shining much more brightly than their U.S. counterparts, according to new figures from eMarketer.
For the second consecutive workday, Amazon.com suffered a major crash on Monday (June 9), with the increasingly unlikely scenarios explaining why the historically robust site is failing.
When Best Buy launched a Spanish version of its site last fall (2007), E-Commerce officials quickly noticed unexpected activity, such as customers spending twice as much time on the Spanish site.
Note to retailers looking to offer free Wi-Fi: It's a good idea to first make sure you can make the offer. Starbucks discovered that an offer of two hours of free Wi-Fi a day simply wasn't working. "Due to overwhelming interest in Card Rewards we are currently experiencing difficulty accessing Starbucks Card accounts. We are working to fix the problem and ask that you please try again later," said a page shown to site visitors.
The Meijer department store chain—with 182 stores in Michigan, Ohio, Indiana, Illinois and Kentucky—is getting creative with its Web site, food recipes and online coupons.
New York State has started pushing to collect sales tax from e-tailers that have no physical presence in the state, prompting Amazon and Overstock to fight back. But all e-tailers are hoping against the odds that other states don't pull the same revenue-generating attempt. If New York gets legal greenlights, several more states will quickly mimic its efforts, leading to a flood of almost every state within two years.
The worst performance grades were given to Foxnews.com, IGN.com, Gamespot.com, CNN.com, Break.com and ESPN.go.com. The best performance grades were given to Google.com, Live.com, Orkut.com and Craigslist.org.
GuestView Columnist David Taylor asks: What would you do if one of your employees decided to leverage your brand and set up a little side business inside your store, including selling products via an E-Commerce Web site, setting up a merchant bank account and taking credit cards? You'd probably fire the person, right? But, what if you couldn't?
Shoppers at Gap.com will now be able to use a single shopping cart and consolidate shipping at any of the chain's four brands, the Gap announced on Tuesday (May 27). But the change for The Gap, Banana Republic, Old Navy and PiperLime is delicate, as the company still wants those brands to maintain their distinct personalities. Those conflicting goals give the new site a bit of a Jekyll-and-Hyde feel.
Borders this week officially stepped out of the shadow of Amazon and re-launched Borders.com, with an effort that scores points for creativity. The physical side of Borders (as in brick-and-mortar as opposed to Olivia Newton-John) has been trying to arrange its bookshelves to display more of the covers.
Germany's METRO Group is experimenting with RFID inserts to track meat and to immediately locate any product that is about to expire or that has expired. METRO is placing the inlays into the foam meat packing trays used in their Future Store.
April 25th, 2008 at 6:57 am
Excellent article. More details than I’ve seen anywhere else on Hannaford.
April 25th, 2008 at 7:54 am
Talk about jumping off the deep end. While I applaud Mr. Homa’s reaction to what is, clearly, a major security breach, I don’t see why he is installing “military” grade security. His answer is to simply “remove” the sensitive payment card data from his system. If you eliminate the data, you eliminate the risk. Replace the data with something that still offers his stores with valuable information, but is not “actual” card data. There are a couple companies out there that offer data replacement technology. My guess is that they are significantly less expensive and more secure than the thickest walls Mr. Homa can build around his data. If I were on Mr. Homa’s Board of Directors, I would be upset to learn that there was a better solution available - for far less money.
April 25th, 2008 at 9:53 am
Very informative article. One item that stood out was that Hannaford is “replacing equipment that is perfectly good” because they lack the security requirements.
This is a problem faced by many retailers. They believe, or have been led to believe, that they need to replace existing equipment with very expensive new equipment to gain security requirements. Not only is this not true but it comes with a high price tag and also requires retraining staff and managing compatibility issues, as well as other issues.
It is possible to keep perfectly good equipment in place and add security software for a fraction of the cost.
Hopefully, retailers will begin to realize this and not feel they are required to replace existing, perfectly good equipment.