Data Security

When it comes to retailing in the digital era, technology is often hyped as the key to knowing the long unknowable, a means to reveal deeper truths about what shoppers want and how they want marketers to deliver it to them. Indeed, the party line on insights to be gained from big data — information gleaned from shoppers’ online and mobile purchasing patterns and activity on social media sites — would, in theory, nullify that iconic quote from department store inventor John Wanamaker: "Half the money I spend on advertising is wasted. The trouble is, I don't know which half."

Staples is investigating a possible breach of payment card data and has contacted law enforcement about the matter, making it the latest U.S. retailer to become a possible victim of a cyberattack. The office-supply retailer disclosed the investigation after security reporter Brian Krebs reported on his blog Krebsonsecurity.com that several banks have identified a pattern of payment card fraud suggesting that several Staples stores in northeastern United States had succumbed to a data breach.

Apple CEO Tim Cook loves to talk about the security features of his mobile payments system. Apple Pay won't collect information about what people buy — and it's designed to ensure no one else can, either. Merchants have good reason to be excited about Apple Pay, which goes live today at some 220,000 shops and restaurants. But some retailers are less than thrilled about Apple's anonymous infrastructure. To understand why, take a look Panera Bread. 

President Obama on Friday unveiled a series of steps aimed at improving the security of credit and debit card payments, including a pledge to shift government transactions over to the PIN-and-chip system and commitments from major retailers and credit card providers. In announcing the BuySecure initiative, Obama signed an executive order directing federal agencies to phase out magnetic strip credit and debit cards issued by the government, and to implement readers for the more secure PIN-and-chip cards in government retail locations such as national parks. 

In September, Google made changes to its sitelinks search box, and some merchants are unhappy with the change. They say it's another way for Google to increase the money it makes from advertising. Google explains that with its sitelinks search box, people can reach the site owner's content more quickly from search results. For instance, if you want to find a video on Youtube, you might go to Google.com, enter a search for Youtube, click on the link, and then conduct the search on Youtube. The sitelinks search box removes that extra step. 

We all lead such busy lives that anytime we can do something to save time we should consider doing so. This is why I'm writing today's column — to save you from having to read the stories about the latest hackings of retail stores that will continue to be repeated in the news in the months ahead. Since the hacking of Target that began around Thanksgiving 2013, we have seen the same story played out in store after store, including

Despite its size, Home Depot's data breach has been met with a big, fat yawn in many circles. Why? In September, Home Depot said that its payment systems had been breached, which may have impacted roughly 56 million cards, making it significantly larger than the Target breach, which impacted about 40 million cards. Already, card-issuing banks J.P. Morgan Chase and Capital One have announced that they will send out new credit cards to those potentially impacted by the breach. While the Home Depot story is certainly garnering attention, consumers seem to be less angry about it than the Target breach. 

"Hi, I'm planning to launch an e-commerce site for women's apparel. The price point for the merchandise is between $150 and $500. I know the hardest part is going to be getting the website discovered. Could you give some advice on how to do that?" 
- Dina Agam, Entrepreneur

Sheplers, a western-wear retailer, on Friday reported it had been victimized by a data breach in which customer credit card information was exposed to hackers. The company said the breach involved credit cards used at its stores between June 11 and Sept. 4. Sheplers said it doesn't believe the incident affected its online store. The company said it's working with law enforcement investigators, but "at the present time, we believe it's safe to use payment cards at Sheplers." According to the company, the customer information at risk includes names, account numbers for credit and debit cards, and card expiration dates.

Home Depot said Thursday that a data breach that lasted for months at its stores in the U.S. and Canada affected 56 million debit and credit cards, far more than a pre-Christmas 2013 attack on Target customers. The size of the theft at Home Depot trails only that of TJX Companies’ breach of 90 million records in 2007. Target's breach compromised 40 million credit and debit cards. Home Depot, the nation's largest home improvement retailer, said that the malware used in the data breach that took place between April and September has been eliminated.