NRF Retail’s BIG Show Posts

By Yu-Ting Huang, Director, Global Product Marketing at Voltage

Regardless of whether the year 2012 will end the way the Mayans had predicted, retailers are moving forward with initiatives that can continue to grow their business. The general mood of the retailers at the National Retail Federation’s Big Show in New York earlier this month was a few rungs above cautious optimism. In addition to investing in ways to expand sales channels and understanding customer needs to increase revenues, corporations were also looking to build social stewardship into their businesses.

The buzz on the EXPO show floor was clearly about new devices that allow acceptance of mobile sales and payments, and the technologies that facilitate the management of store displays, supplies and analytics.

While the shiny new toys were eye-catching and inspiring, other aspects that are just as crucial to the success of a retail business were conspicuously missing from the conversation. I found it interesting that the security of customer data such as personal information, purchase history and preferences, and even payment data are not yet top of mind. There were a handful of vendors showing secure point-of-sale devices at the EXPO, but the coverage from the session presentations on this topic was thin.

Perhaps data security has been relegated to the “basic requirement of doing business” category and has become a non-topic. According to Visa, over 90% of both Level 1 and Level 2 merchants are PCI-DSS compliant. However, we continue to hear reports of data breaches, including the recent one from Zappos, which, incidentally, was a finalist for the ARIL Customer Service Award at the conference. (The breach notification went out to customers the day before the award luncheon.)

This goes to show that hackers never rest, and, therefore, as an industry we shouldn’t either. As we continue to invest in growing our businesses, it’s always good practice to take a moment to assess the integrity and security of what you have in place first. Making security a forefront topic in your business’ management can mean staying a step ahead of hackers– and this is where you should always strive to be.

For more information about Voltage Security visit or follow them on Twitter at

By Beth McGarrity

The past few weeks have been a whirlwind of activity as we prepared for one of the biggest retail shows of the year.  More than 24,000 retailers, technology providers, suppliers and partners gathered for the retail industry’s premier event, NRF 2012.   For any professional in the retail sector, the “Big Show” is the go-to affair for networking, business development, educational opportunities and much, much more.

What is most exciting about an event like NRF 2012 is seeing, first-hand, key innovations and learning about the future of the industry.  As I walked the show floor, networked with colleagues and attended breakout sessions, several major themes resonated that will clearly shape the years ahead:

  • Developing More Customer-Centric Approaches: In today’s competitive marketplace, retailers need to better engage with customers, build stronger relationships and influence them through targeted and highly personalized communications and promotions – clearly tying back to the multi-channel theme.

  • Don’t Forget “The Brand:” In a philosophical reversal of the multi-channel approach, some thought-leaders played up the importance of brand, especially when consumers are faced with many choices and channels.  As CNBC pointed out: “Shoppers don’t think about shopping a ‘channel.’ They think about shopping, and if you’re lucky they think about shopping a specific brand.”

  • Big Data Goes Big Time: Retailers will step up their data gathering and mining processes to unleash the science behind truly influencing consumers.  This means that vast amounts of customer data, whether it is personal information, credit card data or purchasing patterns, will be collected, managed, sifted and acted upon.  While this data will certainly be used to develop more targeted marketing programs, it underscores the need for the most sophisticated data security solutions.

  • Customer Are Willing to Share: Along the lines of “big data,” many retailers are seeing that customers are actually willing to share more personal information these days. This will create the perfect storm of copious amounts of new data mining techniques and the use of algorithms for fully understanding how consumers interact with brands.

  • Going Mobile: While this one is clearly not a surprise, the development of next-generation mobile apps, and the payment security challenges that come with this new horizon, was top of mind at the event.  Convenience and efficiencies will certainly abound when retailers arm their sales associates with iPads and other mobile payment gadgets for instant credit card processing from any location within their stores.

  • Zappos Breach: The Zappos breach news certainly made waves at the event and reinforced the hard reality that data breaches can happen to any retailer.   Fortunately, customer credit card numbers were not compromised because they were stored on a separate server.   And, as our SecurityCents readers know we always urge merchants to securely store all necessary payment data in a server outside of their network.

  • Columbia Sportswear: Along the lines of payment security, we were very excited to announce that Merchant Link, along with our partners Equinox Payments and Voltage Security, has implemented a cutting-edge, reliable, cloud-based solution to protect sensitive payment data.  And, retail giant Columbia Sportswear served as pilot implementation partner – implementing this solution across its nationwide retail network.

  • Protect All Points: In support of the Columbia Sportswear announcement, we also developed a unique microsite called “Protect All Points,” which highlights all the key points about this implementation.

Finally, be sure to check out the sessions from the event streamed here.  It’s almost as good as being there in person.  And, NRF has a highly active blog, so be sure to check out posts like this one that highlights digital retail trends.

The “Big Show” certainly delivered and clearly there will be many exciting times ahead for the retail industry.  See you all back at the Javitz Center next year!

By Beth McGarrity

This week kicks off NRF 2012, one of the largest shows for retailers, where new technologies, solutions and offerings are announced all week long.  In fact, we just announced a new integrated solution for Columbia Sportswear to secure payment transactions across 54 retail locations.  So, when I was scanning headlines today, I was surprised to see that was in the headlines, but not in a positive way.  The major online retailer had fallen prey to data thieves.

Yet, as I continued reading, a statement caught my eye –

Zappos said that hackers gained access to customers’ names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.

Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.

Bravo! Well done. In most of the big retail breaches that we’ve blogged about here, our main message has been to remove sensitive card data from the network.  Most retailers continue to leave information on their servers that contain payment card details, and often this information is forgotten.  So when a hacker gets into the network, they hit a gold mine.

While Zappos is still a victim of a hack, they stored all payment details on a separate server and therefore were able to contain the impact to their customers.  Whenever we have discussions with merchants, we often make the recommendation that they securely store all necessary payment data in a server outside of their network, so that it can not be accessed by a thief that may break in.  It also reduces a retailer’s cardholder data environment, which eases the burden of PCI compliance.

By Michael Ryan

As the world’s largest retail trade association, National Retail Federation (NRF) is not afraid to hunt big game.  In late November, NRF and other industry leaders took a stand and sued the Federal Reserve Board over their alleged failure to comply with the Durbin amendment requirements. Specifically, the suits alleges that the Fed did not act in accordance with the law setting debt card interchange higher than the “reasonable and proportional” mandate in the amendment and by not providing sufficient network flexibility for merchants.

I’m not a lawyer, judge or jury, so I won’t attempt to debate whether or not they complied with the law. In fact, I support the NRF’s attempts to lower processing fees in general but as I have mentioned before the execution has led to all sorts of unintended consequences. Price fixing will always produce unintended results and even negatively affect some segments of the population it intends to help.

Case in point: Convenience stores, vending machine businesses and other merchants with a small average ticket.  The intent of the Durbin amendment was to lower rates for all but in the end it actually raised rates for these groups. USA Technologies, a provider of card solutions for the vending industry, was affected and it was announced a few weeks ago that they struck a deal with Visa to normalize their rates post-Durbin.  While not every merchant has the size and power to secure a deal like this one on their own, I applaud their efforts to use negotiation instead of litigation.

And this is nothing new.  For over 30 years, the card associations have worked with large merchants and industry groups to negotiate and adjust interchange rates to meet the market’s needs. We’ve seen this in the grocery, convenience and small ticket markets, each of which managed to persuade the associations to create industry-specific interchange categories and lower their rates. While those efforts may not have reduced the issuers’ margins to zero, they have been effective. Yet, the government mandate negates all previous negotiation by applying a one-size-fits-all method, wiping away any past progress made by small ticket merchants and other groups.

That brings us to network exclusivity the second major allegation in the suit. This is where the law can help level the playing field by introducing real competition. The associations wield a lot of power when it comes to signature debit.  Had the Fed required multiple PIN and signature network affiliations on each card, as was discussed early in the negotiations; merchants might have really gained some negotiating power. That almost certainly would allow them to affect price adjustments more naturally through competition rather than price fixing.

Who knows what will come out of the lawsuit but let’s hope it gets us closer to natural market competition than the first attempt has.

By Michael Ryan

A little over one year ago, I authored a blog post in response to a new trend that was impacting retailers: skimming of credit card information in-flight directly from payment terminals in retail locations. It was around this time last year that Aldi, a discount grocer which operates 1,100 stores in 31 states, announced that terminals in 11 stores had been tampered with and were funneling credit card and PIN data to cyber criminals.

Despite the situation at Aldi, raising awareness of this problem, it’s still an issue for retailers one year later.

According to a recent article, Save Mart, a chain of grocery stores based out of Modesto, Ca., issued a consumer advisory warning customers that 20 of its locations were found to have card readers that were compromised. It wasn’t clear whether the devices were replaced or simply tampered with. Regardless, there was the potential for sensitive customer information to be stolen.

In today’s retail environment, where getting customers in and out of the store quickly with their purchases is paramount, many retail chains have installed self-checkout counters. It was the credit readers at the self-checkout counters that Save Mart had compromised, which raises red flags for other retailers utilizing similar technology.

With data thieves getting increasing bold and physically altering credit card readers, it’s becoming increasing important that retailers remain vigilant and alert. This is especially true right now during the busy holiday shopping season.

As we discussed in a recent post, retailers that have even suspected that data thieves have compromised sensitive financial information about customers have seen a significant impact on their wallets. From public relations campaigns to clear up negative press, to credit monitoring services for customers, companies are seeing the price tag of a data breach continue to increase.

Despite high profile breaches like the ones at Aldi and Michaels, POS systems and card readers at retail locations remain a significant security vulnerability for retail chains. With the cost of a breach skyrocketing and the sheer masses of holiday shoppers flooding retail outlets, now is the time to ensure that businesses do everything they can to protect themselves and their customers.

By Michael Ryan

While many of us were sitting on the couch, fighting our food-induced comas during the Thanksgiving holiday, merchants were scrambling to prepare for an onslaught of customers that were eager to take advantage of Black Friday deals.

Black Friday, which seems to start earlier and earlier each year, not only marks the busiest time of the year for merchants, but also predicts shopping trends, consumer confidence and the state of the economy for the coming year.

And this year’s Black Friday was in no way a disappointment. Shoppers showed up in droves and spent a record amount of money over the weekend. Black Friday spending this year was up 16% from the $45 billion consumers spent last year, according to a recently released survey by the National Retail Federation.

And that sales momentum continued into Cyber Monday, as many shoppers took to retailer’s sites looking for the best deals. Eight in ten retailers were prepared, offering special promotions to please these online shoppers.

Even more interesting is the number of shoppers that relied on their smartphones and other mobile devices to shop online. Compared to last year, the number of mobile users shopping online doubled.

And we don’t doubt that all these numbers are real. We saw it in our own operations. For example, our retail transaction volume for one of our large retail chain clients was a whopping 44% higher on Black Friday this year as compared to last year, and 38% higher on Cyber Monday.

In light of the retailers’ success, both in stores and online, it is importance to stress that consumer confidence drives continued sales and brand trust. During the busiest shopping season of the year, retailers cannot afford to suffer from a data breach and leaked consumer credit card information.

Now, more than ever, retailers must be diligent, which is why we’ve developed these three simple tips for merchant to keep in mind:

  • Know the network. Every retailer should understand where cardholder data is stored on the network. Are there proper security controls in place to protect this data? Ensure data is properly protected according to PCI standards.
  • If it is not needed, remove it. Many retailers keep cardholder data on the system even when it is not necessary.  Nothing is more exciting to potential attackers than hitting the jackpot of payment information.
  • It’s not just technology, its people and processes. Merchants must educate and train staff to understand network security issues.  Yes, the IT department must be aware, but it is just as important for cashiers to understand the risks and be trained to spot suspicious activity.

Retailers have a lot on their plate as they strive to hit their numbers during this holiday shopping season, but security shouldn’t be a leftover thought. The cost of a breach can not only cost retailers millions of dollars, but will hurt consumers’ confidence and trust in the retailer’s brand. With such a significant impact, can the retail industry  afford not to unwrap some extra security this holiday season?

The top executives of retail companies have a list of business functions, products and services that they’ve been told they, “just have to have.”

Public relations, marketing, advertising…all considered a necessity if you want consumers to know you exist. Information security hasn’t always been at the top of that list, but retail executives are starting to wake up and realize the negative impact a data breach can have on their company.

Why the change? Data breaches are hitting retailers where it hurts – in their wallets.

Just this week, the Financial Times featured an article on the cost of data breaches and the need for data security. The article references British mega-chain, Marks & Spencer, which operates hundreds of M&S department stores and Simply Food markets in the UK, as well as more than 325 locations in countries such as China, India, Indonesia, and South Korea.

Marks & Spencer, which touts that around 21 million people visit its stores each week, was the victim of data thieves that stole customer email addresses from one of the company’s email marketing vendors. The exact cost of the breach wasn’t listed, but the company had to email all of their customers and warn them about the theft, which was undoubtedly a blow to their brand reputation.

Many other retailers that are the victims of data theft don’t get off that easily. Should financial or credit card information get compromised, credit monitoring services are often offered to customers at the company’s expense. Public relations, and crisis communications staff or vendors are then needed to help control the situation and make it “go away.” Information security experts are needed to find vulnerabilities and ensure they are resolved.

It’s this cost to the company that has retailers looking at data security much more seriously. According to the Financial Times article, retailers are even looking at insurance policies designed to help offset the cost of a data breach. However, technology has created an even better “insurance policy” against data theft. Retailers are eliminating the data from their networks completely by utilizing tokenization and encryption solutions. These solutions ensure that the data, should it be stolen, is useless to data thieves.

For retailers of all sizes, data security is more than something that the company “should look into.” As more globally-recognized brands and small merchants alike fall victim to data thieves, the need for data security becomes increasingly apparent. If the Financial Times article is any indication, retailers are starting to wake up and embrace data security, and that can only mean good things for customers all over the globe.