Kmart targeted in data breach — again
For the second time in less than three years, Kmart was hit by a malicious hack.
On Wednesday, May 31, Kmart’s parent company, Sears Holdings revealed that the chain was the victim of a security incident. The company became aware of the attack, which involved unauthorized credit card activity, following certain customer purchases made at some of its Kmart stores. Shoppers were alerted to the breach via email Wednesday evening.
The department store chain did not reveal the duration of the attack or how many stores were involved in the breach. However, it did confirm that no Kmart.com or Sears customers were impacted.
Specifically, store payment data systems were infected with a form of malicious code — similar to a computer virus — that was undetectable by current anti-virus systems and application controls. Upon learning of the breach, Sears immediately launched a thorough investigation and engaged leading third-party forensic experts to review its systems. Once the chain was aware of the malicious code, “we quickly removed it, contained the event, and secured the affected part of our network,” Sears said.
According to the forensic investigation, Sears reported that no personal identifying information — including names, addresses, social security numbers, and email addresses — was obtained. However, certain credit card numbers may have been compromised.
“Nevertheless, in light of our EMV compliant point-of-sale systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited. We are confident that our customers can safely use their credit and debit cards in our retail stores,” according to Sears.
The department store chain and Kmart will continue to work with federal law enforcement authorities, its banking partners, and IT security firms. “We are actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats,” according to the company.
Kmart was the victim of another breach in 2014. Similarly, Kmart’s in-store payment systems were infected with malware, and an unknown number of credit and debit card numbers were stolen. That investigation also suggested that no personal information was affected, according to the Consumerist.
This is another blow for Sears. While the embattled retailer reported its first quarterly profit since 2015, it attributed this gain largely to the sale of its Craftsman brand, and lower expenses due to its $1.25 billion cost-cutting plan.
Overall, Sears posted net income of $244 million in its first fiscal quarter ended April 29, compared with a loss of $471 million in the year-ago period. However, Sears posted a loss of $230 million when adjusted for special items, compared with a loss of $199 million a year earlier.
As for revenues, the company continues to bleed. Revenue fell 20.3% to $4.3 billion in the quarter, down from $5.4 billion last year. The retailer said the year-over-year decline was primarily driven by having fewer Kmart and Sears full-line stores in operation, as well as an 11.9% drop in same-store sales.
Study: E-commerce fraud is declining — but the battle continues
E-commerce fraud as a percent of sales dollars may be on the decline, however losses still account for billions of dollars.
This was according to the “Q1 2017 Global Fraud Index,” a report from Pymnts.com and Signifyd. The study measures and benchmarks innovations and trends that are reshaping the payments and commerce ecosystem.
E-commerce fraud is on the decline, dropping 34.7% in first quarter 2017, compared to first quarter 2016. One of the main reasons behind the drop is due to the use of machine learning in fraud prevention solutions. Besides raising the bar against a global network of cybercriminals, machine learning surpasses the capabilities of previous solutions that use static rules to distinguish real orders from fraudulent ones, according to the report.
While these tools have contributed to a decline in fraud rates across many retail segments since first quarter 2016, there are exceptions. Specifically, apparel, department stores, and jewelry and precious metals remain targets. In fact, department stores have seen a whopping 146.5% increase in online fraud between first quarter 2016 and first quarter 2017.
Apparel e-commerce merchants were also targeted by fraudsters during 2016. However, retailers that began fighting back saw their efforts pay off. By first quarter 2017, the segment’s fraud rates were only slightly higher than they were a year ago: increasing from 8.78% during first quarter 2016 to 8.89% during this quarter.
Overall, fraud still accounts for billions of lost dollars — and as expected, fraud rates rise significantly as order values increase. In first quarter 2017, orders over $500 had a total fraud rate of 10.93%. This is more than 20-times higher than orders that were under $100, which had a total fraud rate of 0.52%, the study said.
Kitchenware retailer cooks up delivery service
A new partnership is helping Sur La Table take the term “farm to table” to a new level.
Sur La Table is the go-to source for all things culinary — from cooking tools and kitchen gadgets to tableware. All it was missing was a way to be at their shoppers’ beck and call — and at a moment’s notice — as they prepared a stellar meal.
The retailer, which operates more than 100 stores, a website and catalog, had no problem connecting with shoppers, and delivering merchandise through its omnichannel operation. But it wanted more.
Eager to provide same-day delivery of its merchandise to its clientele of foodies, the chain began creating a business model to make that happen. It’s top criteria — to digitally align itself with grocers.
The next step was to evaluate the best courier partner. While it explored a variety of options, including programs from FedEx and UPS, the partner that made the most sense was Instacart, a third-party grocery delivery service that uses a team of “personal shoppers” who pick and deliver groceries from local supermarkets.
Sur La Table is the first non-grocery partner that InstaCart has aligned with. However, both companies believe the synergies they share make sense.
“This service solves two issues,” Ben Rosenfeld, the retailer’s senior VP of stores, told Chain Store Age.
“First, we now offer a logistics solution. It is not uncommon for customers to be in the middle of preparing a meal and realizing they are missing an ingredient, tool, roasting pan, or cooking gadget,” he said. “Rather than leaving the house for an item, they can get what they need the same day — even in two hours in some markets.”
Meanwhile, Sur La Table is known for its high-end small appliances, from espresso machines to cast-iron cookware. However, customers visiting stores in urban neighborhoods find it difficult to efficiently bring home cumbersome merchandise purchased in-store.
“The way people enjoy a dining experience is with their senses. Our shoppers experience our stores that same way — it is very tactile and visual,” Rosenfeld said.
“Rather than carry bulky items on a bus, train or Uber, people in participating markets can now go home, order it online, and get it quickly,” he said. “It is a way to ensure we don’t lose that face-to-face connection with our customer, and still create instant gratification during the last mile of delivery.”
All shoppers need to do to use the service is enroll in an Instacart Express membership for $14.99 a month. The subscription entitles members to free deliveries over $35.
Once enrolled, shoppers sign into Instacart online or via mobile app. By entering their ZIP code, the app’s geo-location technology serves up different grocers in the shopper’s region. Participating La Sur Table stores within the proximity will also be displayed.
Here, shoppers can browse virtual aisles, add merchandise to their shopping cart, pay, and select a delivery window. These include one- or two-hour, or same-day options.
Sur La Table launched their Instacart deliveries on April 26, in three markets: San Francisco, Portland and Chicago. By June, the company plans to expand the service to cover 70% of its store portfolio.
While the service is still new, the value of average orders are already double those purchased in-store. “When customers shop, they shop big,” Rosenfeld said.
“Even though the service has only been available a short time, we are happy with the program,” he added. “As it progresses, we hope to learn from our shoppers’ behavior, optimize the visit and push merchandise to shoppers in less clicks.”