News

Let the converged retailing evolution begin

BY CSA STAFF

By Michael Webster

The popular reference to “the new norm” in retail understates the significant transformation underway.

Even as the economy improves, consumers will continue to be driven by the search for value and the need to save time. At the same time, growing numbers of consumers are embracing not only the Internet, but also mobile and social networking technologies.

Today’s tech-savvy shoppers have more information and advice at their command. They have more choices in where, when, how and what they purchase. Their expectations are higher and they are less loyal to any particular brand or retailer.

Consumers also face an exploding assortment of retail interactions that often are confusing and chaotic. In addition to store associates, merchandising displays and other shoppers, consumers interact with kiosks, digital signage, the Internet, their mobile devices, social networks and more. The march of technology promises even more to come, from computer vision to location-based services. With this growing bombardment of information, much of it disconnected and not relevant to the individual, the shopping experience can be frustrating.

Evolving business model
Retailers who succeed in this environment — defined by digitally empowered, yet accessible, shoppers — are those who continue evolving their business models in ways that acknowledge and tap into the new consumer-driven reality.

Retailers that fail to evolve could see their brick-and-mortar locations become mere “browsing centers” where consumers verify product functionality and then finalize their transactions online to save costs. Multichannel consumers are changing the retail landscape.

The Internet provides a model for this evolution. What began as a content-sharing tool with the World Wide Web and email grew to become a driver of commerce. According to Forrester Research the web influenced $937 billion in U.S. store sales in 2009, a figure projected to reach $1.3 trillion by 2013, or about one-third of total retail sales. More recently, the Internet has expanded further, providing an environment that promotes and enables communities.

The Internet evolution has been driven by enthusiastic consumer acceptance and participation. All the while, the business community has evolved its business model to leverage, enhance and profit from this phenomenon.

Similar evolution is occurring in retail. First, point-of-sale solutions improved “assisted-service” shopping and operational management. Then online shopping and self-service entered the scene, providing more convenience and control for consumers. Now, mobility — or m-tailing — has joined the mix, allowing consumers anytime, anywhere access to information and offers.

To some extent, retail business models have evolved along with technology and consumer behavior. But the unfortunate fact is that for most retailers today, consumers remain completely anonymous — or at best, a loyalty number or a household identifier. More work is needed — by the retail community and solution providers — before we can fully take advantage of the changes that are occurring.

Consumers rule
This effort begins with recognition that the new retail business model is consumer-driven. We are moving from a conventional business-to-consumer model to one where consumers increasingly dictate the terms of their relationships with retailers. In tomorrow’s consumer-to-business (C2B) world, the successful retail model will have two significant characteristics.

First, the C2B model will be one where interactions are personalized, based on consumer presence and preferences.

  • Presence: How and where do I want to interact with you? Am I in a shopping mall or store, surfing the net at home, using a kiosk, texting on my mobile assistant, navigating with a GPS device?
  • Preference: Do you really know me? What are my favorite foods, my clothing sizes, my preferred brands? How important are discounts and other offers to me? Do I want a receipt?

The new C2B retailing model also will be defined by convergence.

Converged retailing brings structure to the chaos and confusion of consumer interactions. It will allow consumers to easily communicate their presence and preference via the channels of their choosing. It will deliver timely, personalized transactions, information and promotions. And it will do this seamlessly across all channels, including assisted and self-checkout, informational and transactional kiosks, digital signage, e-marketing sites and mobile technologies.

I believe the next few years will be a time of significant movement toward the promise of converged retailing — made possible, for example, by NCR’s c-tailing solutions — as once-separate technologies and channels converge. As we make this journey, we can maximize operational efficiency while we drive greater brand loyalty and enhance the consumer shopping experience.

Michael Webster is senior VP and general manager, Retail and Hospitality, NCR Corp.

keyboard_arrow_downCOMMENTS

Leave a Reply

duyentran607 says:
Apr-20-2013 07:35 pm

I believe the next few years will be a time of significant movement toward the promise of converged retailing -- made possible, for example, by NCR’s c-tailing solutions -- as once-separate technologies and channels converge. As we make this journey, Chatrandom.com

P.Lopez says:
Apr-10-2013 07:26 pm

The Internet evolution has been driven by enthusiastic consumer acceptance and participation. All the while, the business community has evolved its business model to leverage. ChatRandom

P.Lopez says:
Apr-10-2013 07:26 pm

The Internet evolution has been driven by enthusiastic consumer acceptance and participation. All the while, the business community has evolved its business model to leverage. ChatRandom

J.Lavoro says:
Apr-09-2013 03:58 pm

I find that there is alot of different views based on the comments from your blog, this only happens when someone writes on a toical subject in a way that creates discussion..well done! ads dating.

J.Lavoro says:
Apr-09-2013 03:58 pm

I find that there is alot of different views based on the comments from your blog, this only happens when someone writes on a toical subject in a way that creates discussion..well done! ads dating.

D.Spencer says:
Mar-16-2013 08:04 pm

I cannot imagine the high tech market today other than supported by the most advanced technologies, learning platforms, information management tools and devices. I mean, look for example at the byod threat reduction method. This is how things followed their course and we got used to new systems coming up to bury the old ones. I trust this is all for good.

D.Spencer says:
Mar-16-2013 08:04 pm

I cannot imagine the high tech market today other than supported by the most advanced technologies, learning platforms, information management tools and devices. I mean, look for example at the byod threat reduction method. This is how things followed their course and we got used to new systems coming up to bury the old ones. I trust this is all for good.

K.Perro says:
Jan-28-2013 08:50 am

I would really like to read more about this because I just realised that I did not know some things on this subject. I am waiting for more! Thanks! Kris from www.yachtcharterpula.com.

K.Perro says:
Jan-28-2013 08:50 am

I would really like to read more about this because I just realised that I did not know some things on this subject. I am waiting for more! Thanks! Kris from www.yachtcharterpula.com.

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

Containing — and reducing — the burden of PCI DSS

BY CSA STAFF

By Craig Tieken, [email protected]

According to VeriSign Global Security Consulting Services, the leading reason why companies fail their PCI assessment is the failure to protect cardholder data. This comes as little surprise; the charge to protect such sensitive data is quite a broad challenge that can increase exponentially. Not only is cardholder data used to authenticate a transaction, but it is also used for settlements, reconciliation and chargebacks, as well as in other business processes such as loyalty rewards programs, marketing, sales auditing and loss prevention.

Understanding cardholder data vulnerabilities
Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem. This includes point-of-sale (POS) devices, PCs or servers, wireless hot spots, Web-based shopping applications, paper-based storage systems and the transmission of cardholder data to service providers. Vulnerabilities can extend to outside systems operated by service providers and often lead to the exposure or theft of sensitive cardholder data, especially at the merchant level.

Merchants need to understand that sensitive data is vulnerable in the following three states:

  1. In transit: When moving from one device, application or system to another — such as from the POS endpoint device to the POS server — data can be surreptitiously copied and sent to a thief’s computer.
  2. At rest: Whether stored online (e.g. file server) or offline (e.g. file cabinet) for later use or archival purposes, data is vulnerable to accidental exposure or loss and to intentional theft.
  3. In use: When used in purposes other than simply authorizing a transaction (e.g. a marketing department’s loyalty rewards program) or analyzed for loss-prevention purposes, data may be replicated or used in ways in which the company isn’t even aware.

The PCI Data Security Standard (DSS) provides guidelines to help merchants understand how to protect or limit the exposure of the data.

Defining the cardholder data environment
Every computer system and filing cabinet, along with every application, that uses or stores sensitive card data is part of the overall cardholder data environment (CDE) and in scope for PCI DSS compliance. Even if sensitive data is encrypted within the CDE, it is still within scope of PCI DSS requirement No. 3: Protect stored cardholder data. As cardholder data is used beyond the POS and for more purposes beyond transaction authentication, the CDE grows, and likewise PCI DSS compliance and validation grow more complex and costly.

Impact on PCI DSS compliance
The extent of CDE is frequently underestimated when merchants conduct their initial appraisal on the resources needed to achieve PCI DSS compliance. In many cases it’s not known that actual cardholder data is used in various business applications until the first thorough PCI DSS assessment is conducted. According to Verizon Business Risk Team research, two-thirds of data breach cases involved data that the organization didn’t know was on the compromised system. When the data is discovered, the scope of the CDE grows to incorporate the data’s host systems and applications, and the requirements and costs to meet PCI DSS grow as well.

For example, data encryption may need to be employed on a tape storage system used by the marketing department, which uses cardholder data to evaluate marketing campaigns. Even though the tape storage system is not connected in any way to the POS system, it still holds data that is required to be protected under PCI DSS.

Limiting — even shrinking — the CDE
Every merchant accepting payments cards has a CDE under PCI DSS purview. However, merchants can limit — and even shrink — the scope of the CDE in order to reduce or minimize the merchant’s PCI DSS compliance and validation burden.

For example, merchants can restrict the use of cardholder data to only those applications directly pertaining to payments: transaction authentication, daily settlements, chargebacks, add-ons for items such as gratuities or recurring payments, and so on. Such restrictions can help limit the environment of the data to the POS system, related applications and a storage system. The specifications of PCI DSS 1.2 provide guidelines on how to secure this rather than limited CDE.

Each business application that uses the cardholder data pushes the boundary of the CDE outward. That is, these applications and their related storage and data flows are now in scope for all PCI DSS assessments. But what if these applications could function exactly as they need to without the use of actual cardholder data? What if some representation of the cardholder data would act as a suitable stand-in? This is the principle behind tokenization technology.

“Token” solution advantages
In the process of tokenization, a credit card is used in a transaction and, once authorized, the cardholder data is sent to a centralized and highly secure server called a “vault.” Immediately after, a random unique number is generated and returned to the merchant’s systems for use wherever the cardholder data would be used. Essentially, credit-card data has been removed from various business applications and replaced with a token. The token can be used by an authorized application to retrieve the stored cardholder data if necessary; otherwise the business application simply uses the token instead of the cardholder data.

There are two significant advantages of this approach. First, the token has no meaning whatsoever to a hacker who might siphon it from a server or application, thus dramatically reducing the impact of a data breach. Second, the business application using the token data is not included in the CDE, since there is no cardholder data present. Merchants that replace cardholder data with tokens in all their business applications can significantly reduce the scope of the CDE, and subsequently reduce the scope and cost of PCI DSS compliance and annual assessment/quarterly scan.

Further benefit is achieved if the merchant outsources the data vault to a third party. Removing the data vault from the CDE — and handing the responsibility (and liability) for it over to the third-party service provider — even further shrinks the environment that is subject to PCI compliance.

Many industry experts believe that tokenization and other up-and-coming techniques and technologies offer the promise to reduce the scope of the CDE in far more extensive ways than current solutions, allowing potentially significant savings to merchants striving to meet PCI DSS requirements. I encourage all merchants to learn more about PCI DSS compliance, and to develop and implement a strategy to reduce and protect the cardholder data environment — or the ramifications of a breach could become a reality.

Craig Tieken is VP merchant product management, First Data. He can be reached at [email protected].

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

Blockbuster gets ready for ‘New Moon’

BY CSA STAFF

DALLAS Blockbuster announced that it will keep its stores open past midnight on March 19 for the 12:01 a.m. March 20 release of “The Twilight Saga: New Moon.”

Select Blockbuster stores will host midnight DVD release parties and carry collectibles, including exclusive tote bags with “Team Edward” and “Team Jacob” slogans and Edward/Jacob two-sided pillows and two-sided door posters.

 

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...