Data Security

In J.C. Penney's latest annual report, gone are references to becoming "America's favorite store." Its "Fair and Square" low everyday prices and jcp.com website descriptions have also been scratched. Replacing them are a return to promotional pricing and the resurrection of its old Jcpenney.com website. But that's not all. The company has also overhauled its list of risk factors. Following Target's big data breach, J.C. Penney has joined other retailers flagging data security as a major new risk factor. The economy also continues to menace the company's turnaround efforts.

The massive cyberattack on Target last year unleashed efforts to protect consumers from crooks swiping credit card data from in-store transactions. But as retailers and regulators scramble to develop a solution, hackers have already moved on. Most hackers are focusing their efforts on online transactions — increasingly with an eye on those conducted over smartphones or other mobile devices. In other words, retailers are two steps behind the criminals.

Sally Beauty, a seller of hair and beauty products, said data from fewer than 25,000 customers’ payment cards was illegally accessed and may have been stolen. The U.S. Secret Service and Verizon Communications are helping investigate the incident, the Denton, Texas-based company said in a statement. Sally also said it's working to mitigate and remediate the issues caused by the breach. U.S. retailers including Target and Neiman Marcus are working to recover from hacker attacks that exposed the data of tens of millions of customers during the holiday season.

Target's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday. "With the benefit of hindsight, we're investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement. The disclosure came after Bloomberg Businessweek reported on Thursday that Target's security team in Bangalore had received alerts from a FireEye Inc. security system on Nov. 30 after the attack was launched and sent them to Target headquarters in Minneapolis.

Cross-channel success in retail is all about coordination of data in an era where the number of channels and the amount information flowing through them keep growing. Think of the data streams from a variety of channels, including brick-and-mortar, websites, pay per click, email, direct mail, mobile devices, catalogs and more, and it's easy to see how the combined flood of information can reach the multiterabyte scale in a company's data network. The challenge comes in making sense of all this "big data" and teasing out important relationships and patterns from the noise.

Visa and MasterCard are partnering to create a new group that will focus on improving payment system security. The group will include banks, credit unions and retailers, and initially focus on adoption of EMV (Europay, MasterCard, Visa)-compliant card technology in the U.S. in advance of the October 2015 liability deadline. The group will also study tokenization — the replacement of customer account numbers with unique digital payment codes. "The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," said Ryan McInerney, president of Visa.

While many retailers ask how to attract more shoppers, the better question is how to increase your conversion rate. Why? Because you can do promotions and marketing gimmicks until the cows come home, but if you haven't done all you can to convert those consumers who are in your four walls — the only place you can truly affect your sales — from lookers to buyers, then you're like a poor marksman constantly missing the target. Bigger retailers know that high conversion rates are their salvation and low conversion rates are the death knell of their operation.

The corporate hacks keep coming. The latest target, according to cybersecurity blogger Brian Krebs, is the beauty supply chain Sally Beauty, a retailer that draws customers from salons and other stylists. A new batch of 282,000 stolen debit and credit cards were posted for sale this week on underground marketplaces, and Krebs believes they have been used at one of Sally Beauty's 2,600 stores. It's the latest scoop from Krebs, who has managed to penetrate the criminal underground to break major stories, including the Target and Neiman Marcus hacks.

Target Chief Information Officer Beth Jacob is resigning as the retailer overhauls its information security and compliance division in the wake of a massive pre-Christmas data breach. Target Chairman, President and CEO Gregg Steinhafel said in a statement released to The Associated Press that the company will search for an interim chief information officer who can help guide the company through the transformation. Jacob had been in her current role since 2008 and oversaw teams in the U.S. and India. 

McAfee President Michael Decesare discusses retail cyber crime on Bloomberg Television's "Bloomberg Surveillance."