Kroger Chief Earns $7.47M in 2006
Cincinnati, Kroger Co. chairman and CEO David B. Dillon received compensation in 2006 valued at some $7.47 million, an analysis of a regulatory filing showed.
The filing with the Securities and Exchange Commission Tuesday showed Dillon’s salary at $1.56 million, with incentive compensation of $2.12 million, and stock awards valued at $4.05 million. Dillon also received other compensation of $142,437, including life insurance premiums and tax offsets.
The filing said Kroger’s compensation committee uses comparisons with 10 other retail companies that sell food and drugs, including Wal-Mart Stores Inc. and Target Inc.
Hardening the Target
Following the release of new standards for payment-card-industry (PCI) compliance in September, 2006, many retailers were confused about what was required. Issued by the PCI Security Standards Council, an independent organization based in Wakefield, Mass., that provides management of the Payment Card Industry Data Security Standard, the updated and expanded requirements were intended to harden the target against breaches of card data.
Recent breaches at retail organizations such as TJX and Stop & Shop, and the ensuing collateral damage that ranged from consumer withdrawal to lawsuits and financial penalties, have reinforced the critical need for PCI compliance and increased security. To help retailers gain a better understanding of the topic, an educational Webinar was presented by Chain Store Age, Denver-based Accuvant and Aruba Networks of Sunnyvale, Calif.
“Demystifying PCI Compliance” may be viewed in its entirety by visiting www.chainstoreage.com and clicking on the icon for this Webinar.
Following the presentation, retail attendees had an opportunity to pose questions to the panelists. Aruba Networks representatives Manav Khurana, product manager, retail solutions, and Joshua Wright, senior security researcher, along with Brian Serra, PCI program manager of Accuvant, offered the following answers to attendee questions:
Q: Is becoming PCI-compliant enough to defend against network exploitation?
A: PCI compliance is the minimum requirement for what is necessary to protect networks. It is a good first step for protection, but there are always more steps that can be taken to mitigate emerging threats. How much a retailer does usually correlates to the cost-risk analysis—the cost of securing the network vs. the cost of recovering from a breach.
Q:How long does it take, from start to finish, for a retail organization to become PCI-compliant?
A: The overall timeline differs with the size of an organization and the complexity of its cardholder environment. We have seen retailers that have little to no security in place take about a year to get up to speed. Retailers with some security in place may achieve PCI compliance in as little as two months.
Q:What are the most common problem areas retailers should focus on securing?
A: Areas where retailers are most often out of compliance involve the absence or inadequacy of data encryption. It is not just about protecting the card number; many retail organizations retain the track data from the magnetic strip on the back of credit cards. Retaining that data is forbidden.
Another big hurdle retailers face centers around the audit and tracking of security breaches. Retailers must be able to determine and retrace what happened and what was stolen, as well as establish what can be done to prevent future breaches.
Q:What are the ramifications to PCI compliance when additional applications are introduced in the network?
A: PCI compliance is not a one-time project. If you are the compliance manager within a retail organization, it is your responsibility to understand new applications that are added to the network and determine if they are PCI-compliant or what has to be done to make them compliant.
Q:How do you protect against problems such as the duping of credit-card data at the point of sale?
A: There are no controls within PCI compliance to address theft at the point of sale or securing POS hardware. We often hear about “skimming” techniques in restaurants that facilitate theft of credit-card data, and we’ve seen similar problems with devices at ATM machines. However, establishing physical security checks would help to some extent.
Q:Does the PCI requirement for securing wireless networks include every store in a retailer’s portfolio as well as its headquarters?
A: The requirement is to monitor the cardholder environment, which suggests retailers do need to secure their stores as well as their headquarters, distribution centers and other ancillary facilities—basically any environment where wireless applications are used, because rogue attacks could penetrate the corporate network through those connections.
Q:Who is responsible for auditing to confirm PCI compliance and what are the monetary fines?
A: Typically the fines are imposed by the card brands—Visa, MasterCard and Discover. They may fine the retailer’s third-party processor or the acquiring bank, but because of merchant contracts, retailers are likely responsible for payment.
When retailers are dealing directly with the card companies, the minimum fine for data loss is $500,000. For non-compliance without data loss, fines start at $50,000. Additionally, if cardholder data is stolen in mass quantities, the retailer will likely be required to pay a re-issue fee of as much as $200 per card.
Aldata Solution introduced a series of enhancements to its Aldata G.O.L.D. Core Retail Suite. First, the company added product information management capabilities to its item- and price-management module. The addition will enable buyers to bring items into their supply chain more quickly, as well as locally manage items, sites and vendors.
The suite’s new Distribution Center Capacity Planning Module supports accurate forecasting of promotional demand and allows for better allocation of forecasting quantities based on store need.
Aldata also upgraded the suite’s mobile functionality to bolster store ordering, inventory management, out-of-stock management and retail price management to be executed via handheld devices. These enhancements also support integration to most label printers so companies can print new price tags in real time. www.aldata-solution.com
Innovative Office Products
Retailers now have three new point-of-sale mounting arms to support front-end peripherals. The options, provided by Innovative Office Products, Easton, Pa., promise to save space, protect technology and enhance the store-level landscape.
The 9183 adjustable countertop mount can be adjusted with an integrated knob on its telescoping tube, and can be pivoted or turned to suit the user’s needs. It is available in three telescope heights: 11 to 15 inches, 15 to 23 inches and 23 to 29 inches.
The 9189 adjustable through-counter mount has an arm tube that passes through the counter to provide a secure mount for displays. The unit, which can be pivoted or turned, also comes in three sizes: adjustable from 7 to 12 inches, 7 to 24 inches and 7 to 36 inches.
Finally, the 9190 compact countertop mount is perfect for smaller work areas. The unit’s space-saving arm allows for quick adjustment of monitor tilt.
All POS products feature secure cable management to protect IT hardware investments, quick and easy installation, adjustable heights and angles to accommodate users of all sizes, and durable, retail-hardened products to withstand intense usage. www.lcdarms.com
Come to the Supply Chain Summit and Climb Aboard a Container Ship!
The Supply Chain Summit will cap its program with a tour of the Port of Oakland, Calif. Attendees will tour APL’s Middle Harbor Terminal to get a firsthand view of operations and the technologies involved in making it all work. They will board the APL Thailand, a U.S. Flag, C11 Class, 4800 TEU container vessel, to get an up-close and personal look at how goods are transported from the far corners of the globe. Don’t miss this opportunity to see and experience global logistics in action!
The theme of the Supply Chain Summit is “Supply Chain for Retail: Creating & Enhancing the Customer Experience.”
The Summit will feature presentations from Best Buy, Walgreens, Tractor Supply, Crate & Barrel, Welch’s, VF Corporation, New Balance, Marks & Spencer, ChainLink Research and more.
The Summit will be held June 25-27 at the Claremont Resort & Spa, Berkeley, Calif., overlooking San Francisco Bay.
The Supply Chain Summit is jointly produced by Chain Store Age and ChainLink Research. Sponsors include Avery Dennison, GT Nexus, Marsh, Red Prairie and T3Ci.
For more information on the Summit, visit www.csasupplychainsummit.com.