2017 Privacy and Security Awareness in Retail

JEREMY SCHWARTZ | April 24, 2017

article image
Almost 3/4 of retail employees in a new MediaPro survey could stand to benefit from enhanced awareness of privacy and security risks.We polled 847 retail employees in the U.S. on their data privacy and cybersecurity know-how across eight common risk areas and found that:71% were profiled as “risks” or “novices,” meaning their actions could lead to a leak of sensitive customer information Only 29% of respondents were classified as “heroes,” meaning they had strong knowledge of security and privacy best practices and are likely well-prepared to deal with many cyber threats Despite the increased focus on payment card industry (PCI) compliance in recent years, the retail industry remains an attractive target for cybercriminals. The results of this survey strongly suggest retailers need to rethink cybersecurity and data privacy as matters of risk management, not just check-the-box compliance.

Spotlight

Gordmans

Founded in 1915, the Omaha-based apparel and home fashions retailer operates 106 stores and over 3.8 million square feet in 22 states. Gordmans features name brand apparel, accessories, footwear, home decor, gifts, designer fragrances, furniture, and more at everyday savings of up to 60 percent off department and specialty store prices. While the company operates within the value segment of the industry, Gordmans differentiates itself by offering department and specialty store name brands, fashions and styles in a more upscale shopping environment. Gordmans was sold to Sun Capital Partners, one of the largest private equity firms in the country, in September 2008. A successful initial public offering of common stock for Gordmans occurred in 2010, as well as a secondary public offering in 2012.

OTHER ARTICLES

Is It Too Early To Buy Retail Stocks?

Article | March 29, 2020

The coronavirus outbreak has been particularly lethal for the retail sector. The industry has been dealing with a variety of problems from store shutdowns to declines in tourism to a drop in demand for products considered non-essential. The SPDR S&P Retail ETF has fallen 25% this month, compared with a 14% decline for the S&P 500 Index. Before answering that question, we should take a look at the status of the current pandemic and its impact on the economy. Cases of COVID-19, the illness caused by the new coronavirus, have reached more than 600,000 worldwide. The U.S. now has the largest number of confirmed cases in the world, surpassing China and Italy. On a seasonally-adjusted basis, U.S. jobless claims surged to more than 3 million for the week ending March 21 a new record due to disruption from the outbreak, according to the U.S. Department of Labor.

Read More

Card Payments for Dummies

Article | August 18, 2021

At my current company Monizze, we issue social vouchers, like meal, eco and gift vouchers. These vouchers are consumed using a specific Monizze payment card via a physical terminal. As a result, I come into contact with card payments on a daily basis. Unfortunately, I am still far from being a card expert, but along the years I can say I have built up a good basic understanding of how a card payment happens. As I had to collect information from different sources to get this first good understanding, I thought it might be interesting to share my summary for "dummies" of how card payments work. First let us have a look at the card itself. A card is just a plastic carrier on which a design is printed. Afterwards a chip (an embedded microprocessor) is attached to the card, on which 1 or more applications can be deployed. A card with such a chip is often also called a smart card or an EMV card, with EMV an abbreviation for "Europay MasterCard VISA", which are the 3 companies that originally established this global electronic transaction standard. A card does not need to have a chip, some cards only have a bar code or QR code on them, while others have a magnetic stripe. Obviously an EMV chip card is more secure than those other models. Most EMV chip cards today are Dual Interface chip cards. This means the card can be used in both contact (i.e. the card is put in the terminal to read the chip) and contactless (i.e. the card communicates via an NFC antenna with the terminal) mode. This should not be confused with co-branded / co-badged cards, which exist quite a lot in Europe. As many countries still have their local payment method (like Bancontact in Belgium, Girocard in Germany, Cartes Bancaires in France, PagoBancomat in Italy, MultiBanco in Portugal…), most banks in those countries issue such a co-badged card, which supports both this local payment method and a more international payment method. E.g. in Belgium almost all debit cards are co-badged with Bancontact and Maestro (Maestro being an international payment method owned by MasterCard). When fabrication of EMV chip cards starts, all cards are the same. Of course by printing the design on the card and personalizing the card (with the name, card number…) you get a specific card. Additionally there is a personalization of the EMV chip. On the chip the specific application(s) of the card is deployed, as well as the specific personal information. This personal information stored on the card consists of the card number (also called the PAN number = Primary Account number), the expiration date, a security code (also called CVV = Card Verification Value or CVC = Card Verification Code), a number of cryptographic keys and the list of CVM checks (CVM = Card Verification Methods). This list indicates which type of security check should be applied and can depend on the type of payment (e.g. contact versus contactless), what the terminal supports and the amount. E.g. the CVM list can indicate that a contactless transaction can be executed up to 50 EUR without asking for a PIN. The cryptographic keys ensure the necessary security. E.g. they are used to calculate a cryptogram (based on one of the stored secret keys and the info of the transaction), which is sent along to the issuer. The issuer can then verify that the transaction message was not altered along the way by calculating itself the cryptogram and comparing it with the provided cryptogram. In the same way, it is possible to encrypt a PIN code and send it to the issuer for verification. The PIN code can be stored on the chip and verified by the chip directly. This so-called PIN offline verification is however only possible when the chip can be read by the terminal. In case of a contactless transaction requiring a PIN, card issuers usually work with PIN online, which means the PIN is sent in an encrypted way to the issuer, who verifies the correctness of the PIN, before authorizing the transaction. The information on the chip of a card can also be virtualized. This means that instead of the card sending the NFC signal (in contactless mode) to the terminal, it is also possible that your smartphone sends out this signal (and emulates the card). This can be a specific app, using HCE (= Host Card Emulation), but this technique is only available on Android phones, as Apple does not give access to the NFC antenna. A more common technique is of course Apple Pay and Google Pay, where you onboard your card on the Apple/Google infrastructure and your smartphone emulates the physical card. Now that we have clarified what the card does, it is good to have a look at how a payment works. The first step is of course telling the terminal (POS = Point of Sales terminal) how much the customer needs to pay. This can be inputted directly on the terminal, but large retailers have of course an integration with their cash register (= ECR = Electronic Cash Register). This integration allows to pass immediately info like the amount, which card types can be accepted (cashier can select a specific payment method) and potential other reference information. Obviously, a lot of cash register systems exist (e.g. Lightspeed, Square, Casio, Toshiba…) and also a lot of protocols to integrate ECRs with terminals (e.g. VIC protocol) and finally also a lot of different terminals (e.g. Wordline, Ingenico, CCV, Adyen, SumUp, VIVA Wallet, Cetrel, Loyaltek…). All these differences make those integrations quite a mess. The terminal will then read the card (contact or contactless) and determine which verification methods need to be applied. Once the verifications on the terminal are ok, the payment is sent to the Acquirer (often the merchant’s bank), which sends the payment to the Issuer (usually the bank of the card holder, which issued the card). This Issuer validates if the card is still active, if the PIN code is correct (in case of PIN online), if the customer is allowed to do a transaction at this merchant (e.g. card might be disabled for foreign transactions) and whether the customer has sufficient funds to execute the payment. In case of a positive reply, the payment is considered as successful, even though the actual settlement will usually happen later. This settlement consists of the acquirer requesting payment to the issuing bank, the issuing bank debiting the cardholder’s account and transmitting the money to the acquirer bank and the acquirer bank crediting the merchant’s account.the cardholder’s account and transmitting the money to the acquirer bank and the acquirer bank crediting the merchant’s account. For the communication between the terminal, acquirer and issuer a "Payment Network", like VISA, MasterCard, American Express, UnionPay, Bancontact… is used. This payment network sets all the rules of how these different players should interact. Additionally there are multiple protocols of how terminals can communicate with the Acquirer, like CTAP, EP2, Nexo (EPAS), IFSF, STD70, ABI-CB (Italy)…, making it for international players very hard to support all local payment methods. It is also important to understand the difference between a "Four Corner model" (also called a Four-Party scheme, Open Scheme or Open Loop payment model) and a "Three Corner Model" (also called a Three-Party scheme, Closed Scheme and Closed loop payment model). The first model is the model described above and is the most widely used. E.g. VISA, MasterCard and UnionPay use this model. In the second model ("Three Corner Model"), the issuer, acquirer and payment network are the same party. This means the payment network provides the card to the card holder and contracts with the merchant to configure/setup the terminal. Typical examples are Diners Club, Discover Card and American Express, but often also niche payment methods, like the social vouchers (e.g. meal voucher payments) of Monizze fall in this category (even though in many countries, social vouchers are also handled via an "Open Loop" model based on VISA or MasterCard). As you can see a card payment involves a large number of parties. While cash registers and terminals are bought or rented by merchants and typically include also a monthly service fee, the other players are usually paid per transaction. The Acquirer will recover those transaction fees from the merchant through a "Merchant service charge". The Acquirer however keeps only a small part of this fee, as around 20% of this fee (the so-called scheme fee) is going to the payment network (e.g. VISA or MasterCard) and up to 70% (the so-called interchange fee) to the Issuer. Part of this interchange fee is often used in the form of rewards (e.g. cashbacks) to the customer, thus encouraging the card holder to use his card as much as possible. Card payments are clearly undergoing a major transformation. On the one hand, there is a strong push towards a cashless society. This trend, strongly accelerated by the Covid crisis, increases the use of card payments. On the other hand, there is a trend to replace the physical cards by payments with smartphones. This includes the exponential rise of the use of Apple Pay and Google Pay, but also new payment techniques, often based on QR code scanning (like e.g. Payconiq in Belgium). Additionally due to the aggressive take-over strategy of the 2 major American players (VISA and MasterCard) in the last decade, there is a strong feeling, especially in Europe, that there is need for more competition and a new European player. As a result, several large European banks are joining forces to create a European alternative. It is however doubtful that this new initiative will be successful, as new technologies and payment methods, like PSD2 Payment Initiation, SEPA Request to Pay (SRTP), instant payments, CBDCs… can likely give better (more frictionless and cheaper) alternatives to the traditional card payment schemes.

Read More

5 Shopify Alternatives in 2020-21 that Make Ecommerce Simple for Beginners

Article | October 16, 2020

In 2004, Tobias Lutke, Daniel Weinand, and Scott Luke established an online website to sell snowboards. They tried a bunch of online store builders but were not satisfied with the status quo. So, they decided to build a tool that could operate their website. Soon, they realized that the tool was more powerful than the website's business. And hence, Shopify was born. Eventually, Shopify became one of the largest eCommerce store builders in the world. By 2009, the company had $100 million in sales and decided to launch its own API as well as an app store. More than a decade later, Shopify is now supporting over 800,000 stores globally and is a $125 billion company. While the company has shown remarkable growth in its business, it would be ignorant to say the market's needs have been fulfilled by the Shopify platform. Shopify's eCommerce platform works for a lot of businesses, but that does not mean it will work for every business. Here is why Shopify is Not the Right Fit for Every Business: Shopify's growth over the years shows that the company has taken several steps to address the market's inherent needs. However, the presence of several other companies and the issues still faced by merchants show some significant gaps in Shopify's offerings: 1. Cost of Setting Up: Each price-point offers a fixed set of features and functionalities. If you want anything over and above that, you will have to buy the subsequent package. For instance – something as conventional as a Gift Card is not available in the $29 per month package; to get it activated, pay as much as $299 per month. 2. Cost of Operations: The additional functionalities and features cost extra in your package. Even basic features like transaction or credit card processing attract an additional fee. To add to that, you have to purchase the app to activate the feature from the Shopify app store. Even though some apps are free, the apps that offer maximum value tend to cost north of $39.99 per month. 3. Limited and Expensive Themes: The entire Shopify store has a total of 73 themes, with the prices going as high as $180 a theme. This means that as a merchant, even after paying the high price, you may end up with an eCommerce platform that hardly stands out from the crowd. In short, while Shopify was started with great intentions, the cost of using it has started outweighing the probable value it has to offer. This issue gets further highlighted when one starts looking at the Shopify alternatives. Best Alternatives of Shopify While Shopify suits the needs of a certain set of merchants, here are the alternatives that can suit the merchants looking for more tailored, affordable, or customizable solutions: 1. Quick eSelling Quick eSelling is one of the most affordable and easy to deploy ecommerce store builder among the Shopify alternatives. It can be deployed in under 10 minutes for the basic variant. Its free variant has some prolific features like a native Android app, responsive website, and a catalog that can support up to 1000 products. The free package requires a 5% transaction fee, which gets eliminated the moment you upgrade to a paid plan. All the paid plans have a fixed monthly fee and no setup costs. The list of standard features includes a wide set of functionalities like customizable web-store themes, SMS & Email marketing, comprehensive payment gateway integrations, detailed analytics reports, inventory management systems, social media plugins, discount coupon codes, and even live chat. The premium package which costs around 50% the price of the $299 Shopify package, comes with a dedicated account manager and enterprise-level integrations. Ideal for: Merchants who are seeking an affordable, easily usable, and quickly deployable solution. 2. WooCommerce WooCommerce is popularly considered one of the most preferred alternatives for Shopify. It is quite convenient for website owners as it is a plugin for WordPress. Unlike other tools in the list, WooCommerce is designed to make WordPress sites work as functional eCommerce platforms. And in that particular aspect, it does a great job. However, if you are not already using an established WordPress site with high traffic, running WooCommerce can become quite expensive. On average, a website owner has to spend as much as $1000 in setting up a WooCommerce store with a moderate degree of customization. Even if you are not customizing a lot, running a WooCommerce store can cost you as much as $150 in a month. This would cover your hosting, themes, shipping plugins, security, and SEO. You will pay additional 2.9% + $0.30 per transaction. Ideal for: Someone who has a successful WordPress website and now wants to convert it into an eCommerce store. 3. Yo!Kart: Yo!Kart is a popular self-hosted multi-vendor platform for building online marketplaces. Unlike Shopify, it is a standalone platform that comes with a lifetime license and rich ecommerce features. The platform is fully customizable and scalable. Yo!Kart packages start from $999 and every package comes with a 1-year free technical support, free installation, and full source code. There are no monthly or yearly recurring fees. Considering it is a comprehensive platform, you may need some technical training to understand the system. Ideal for: Business owners who want to start ecommerce websites like Amazon or ebay where multiple sellers are selling under the same roof. 4. PrestaShop PrestaShop runs on the basic premise that creating an online eCommerce store should be an affordable exercise for any merchant. That is the reason why it is available for free and comes without any additional monthly fees. Its features include eCommerce functionalities like CRM & Email Marketing, Inventory Management, Multi-Store Management, and SEO Management. You can get a basic eCommerce store running by paying the registration fee for the domain and the hosting fee dues. While this may seem like a great alternative, given the fact that it is practically free, there is one major caveat – you cannot deploy or personalize your PrestaShop eCommerce store unless you know how to code. The entire platform has been designed, keeping in mind people who can code at professional levels of proficiency. The cost of hiring a developer who can add features to your store or modify the theme can be very costly. In addition to this, some basic features like promotions & reviews management, data security, and mobile access are not available on the platform. Ideal for: The merchants who have access to programming talent and don't mind a basic eCommerce store. 5. Wix Wix became popular as an online website builder. It also offers interesting eCommerce functionalities. For as low as $35 a year, you can have the Business Basic package that comes with a free year of using the domain, analytics reports, and 20 GB of storage. If you want greater control of your eCommerce platform but are not a professional programmer and are not interested in hiring one, Wix can be a great alternative. Its most expensive package costs about $80 a year. It comes with features like email marketing, SEO management, inventory management, data security, and promotions management. The challenge is – most of the charges marketed by Wix are very affordable for the first year in operations. After a year, many of these features, like the domain, will become payable elements. This way as soon as the first year of your operations is over, your cost of running the eCommerce platform will dramatically go up. Ideal for: Merchants who want to have greater control of their website's design without the need for coding skills and those who want the first year of operations to be largely affordable. Conclusion: Shopify can work for you if you are seeking a limited set of features. However, for lesser price-points, the alternatives for Shopify offer great functionalities. Quick eSelling is good for cost-effective and rapidly deployable eCommerce websites that come loaded with native features. WooCommerce is a viable option if you have a WordPress site and want to convert it into an eCommerce store. Yo!Kart specializes in building multi-vendor marketplaces. PrestaShop can be handy and very budget-friendly if you have access to coding talent. And Wix is good if you want greater control over what your store looks like, without getting into the programming aspects.

Read More

How retailers can be ready for busy sales seasons with proactive maintenance

Article | February 25, 2020

In the retail industry, holiday shopping accounts for about 20 percent of annual sales. In the final few weeks of the year, it’s easy for retailers to feel overwhelmed with not only an influx of shoppers but the added pressure of needing to tie up loose ends before January 1st. These weeks can make or break the year and creating a positive customer experience that’s memorable is essential for continued success. For this reason, retailers need to strive for 100 percent Brand Uptime in order to meet customer expectations, maximize sales and revenue, and deliver a positive customer experience. The preparation must have an omnichannel focus. It starts with digital realms such as ensuring your website can handle the influx of visitors in the weeks leading up to the new year as well as the months following. But for most retailers, the key factor will be how well they prepare brick-and-mortar stores for increased inventory and foot traffic.

Read More

Spotlight

Gordmans

Founded in 1915, the Omaha-based apparel and home fashions retailer operates 106 stores and over 3.8 million square feet in 22 states. Gordmans features name brand apparel, accessories, footwear, home decor, gifts, designer fragrances, furniture, and more at everyday savings of up to 60 percent off department and specialty store prices. While the company operates within the value segment of the industry, Gordmans differentiates itself by offering department and specialty store name brands, fashions and styles in a more upscale shopping environment. Gordmans was sold to Sun Capital Partners, one of the largest private equity firms in the country, in September 2008. A successful initial public offering of common stock for Gordmans occurred in 2010, as well as a secondary public offering in 2012.

Events