Evan Schuman's Column in Computerworld

Why are CIOs who anticipate the future rarely allowed to do anything about it?

Wall Street’s obsession with quarterly earnings has made it extraordinarily difficult for most enterprises to spend on long-term investments, or even mid-term investments. Read full story

The food delivery driver identification dilemma

Ever use one of those mobile food delivery apps — only to realize your delivery person isn't who you expected? There's a lesson here about identity, authentication, and what happens when the best laid tech plan meets human beings. Read full story

The AI data-poisoning cat-and-mouse game — this time, IT will win

The IT community is freaking out about AI data poisoning. For some, it's a sneaky backdoor into enterprise systems as it surreptitiously infects the data LLM systems train on — which then get sucked into enterprise systems. Read full story

When a customer gets defrauded, should the enterprise reimburse?

The New York Attorney General's office sued Citibank for failing to reimburse customers victimized by fraud, raising serious issues all enterprises must figure out. When should a customer be reimbursed for fraud? And at what point do a customer's actions come into play? Read full story

Failed unsubscribes could be a clue your data's out of control

One of the oldest and most frustrating rules about email spam is that the unsubscribe link never works — all it does is confirm your email address is active. But what if the unsubscribe failure is caused by something far more problematic? Read full story

Will super chips disrupt the 'everything to the cloud' IT mentality?

It's no secret that enterprise IT in recent years has been disappointed in corporate clouds. But in general they've not done anything about it. That could soon change. Read full story

Choosing a genAI partner: Trust, but verify

As generative AI fever continues to mesmerize enterprise executives, those same execs are insisting that IT somehow make it happen. Read full story

Forrester asks a forbidden question: Are vendors lying or do they believe their own hype?

The idea that vendors lie a lot is, as the saying goes, “a tale as old as time.” But to suggest vendors are so persuasive because they actually believe their falsehoods — now, that's intriguing. Read full story

Zoom goes for a blatant genAI data grab; enterprises, beware

Zoom stirred up a kerfuffle this month when it amended its terms of service to make execs comfortable that it wouldn't use Zoom data to train generative AI models. In reality, it was really doing spin control worthy of the sleaziest politician. Read full story

Has Microsoft cut security corners once too often?

As details about the recent China attack against US government agencies come to light, two details stand out: Microsoft failed to store security keys properly — and the keys were used by attackers even though they'd already expired. Read full story

Lawyers and Incident Response can be a dangerous combo

In many ways, lawyers, CIOs and CISOs have the same mission: protect the enterprise from forces that want to do harm. But those two professions often approach the task in such polar opposite ways that they fight each other instead of the bad guys. Read full story

The shadow IT fight — 2023 style

Gaining visibility into anything IT—related is always difficult, but the age-old nemesis, shadow IT, remains a major problem — especially as the enterprise environment has changed. Read full story

Generative AI is about to destroy your company. Will you stop it?

If coders lied as often as ChatGPT, they would be fired immediately. Stunningly, some enterprise execs seem to be just fine with that — as long as AI continues to code quickly and for so little money. Read full story

Do the productivity gains from generative AI outweigh the security risks?

Using generative AI to code is dangerous for a variety of reasons, but its efficiencies will tempt corporate leaders — especially CIOs and business execs — to use it anyway. A senior AWS executive at Amazon argues the decision doesn't have to be an either/or calculation. Read full story

IT's lovefest with GPT-3 needs to meet reality now.

As we've seen with other highly-hyped technologies — such as the Web back in ‘95 and blockchain more recently — companies can get ahead of themselves when they jump into investments based on things other than strategic goals. Read full story

A compliance fight in Germany could hurt Microsoft customers.

A compliance fight between Microsoft and German regulatory authorities has gotten white hot, though it looks as though any penalties might bypass the company and take aim at its customers. Read full story

Biometrics are even less accurate than we thought.

Biometrics are supposed to be a fundamental pillar of modern authentication. Unfortunately, for a wide range of reasons and in a variety of ways, many biometric implementations are wildly inaccurate. Read full story

This would be a good time to test your cloud ROI.

As the COVID-19 pandemic slowly fades — and the rush to cloud solutions it hastened now seems less critical to business success — a question arises: Has anyone on your team recently run an ROI analysis to see whether the cloud truly saves your company money? Read full story

Sadly, IT can no longer trust geolocation for much of anything.

This goes beyond simply not trusting location data for cybersecurity authentication. Geolocation is now used for a wide range of business reasons — but it shouldn't be. Read full story

Planned 'fixes' for credit-card interchange fees will actually make fraud easier.

The US Federal Reserve and the US Senate are both looking to lessen restrictions on retailers — ostensibly to rein in card fees. What they actually are doing is inviting more fraud. Read full story

Will new EU crypto rules change how ransomware is played?

The European Union is cracking down on cryptocurrencies. That could have massive implications for enterprise IT. Read full story

Microsoft backs off facial recognition analysis, but big questions remain.

Microsoft is backing off its support for some AI-driven features, including facial recognition. Although it's good Microsoft is acknowledging discrimination and accuracy issues, it had years to fix the problems and didn't. Read full story

Are banks quietly refusing reimbursements to fraud victims?

There are disturbing reports that some major financial institutions are no longer crediting back all fraudulent transactions, even when the victim has filed a police report. This move by these financial institutions will soon come back to bite them. Read full story

Worried about burnout? Few enterprises are set up to fight the real causes.

C-level execs argue a fine game about caring about their employees — but those platitudes somehow never make it into the HR meetings about bonus benchmarks. Read full story

Let's put smartphone mics to better use.

What if smartphone sound-recognition could be tweaked to do core IT and operational chores? This would be an option to customize the phone to listen for sounds specific to your company. Read full story

How to master the diversity hiring challenge.

It's not often that you see two cybersecurity vendor CEOs agree on an issue — and yet get into a very public insult-fest with each other. Then again, this did start at RSA, so anything is possible. Read full story

Amazon to pass Walmart as No. 1 retailer by '24; the latter's store-based tack is to blame.

A June report from an analytics firm has Amazon knocking Walmart out of its No. 1 retailer slot by 2024. Walmart bet on a store-based approach years ago, but consumers changed their habits and Walmart is soon to pay the price. Read full story

Google's open-source security move may be pointless. In a perfect world, it should be.

Given that one of the uglier threats to enterprise cybersecurity involves re-purposed third-party code and open-source code, you might think that Google addressing the issue would be a big help. Think again. Read full story

DOJ reverses itself, says good-faith security researchers should be left alone.

The US Department of Justice last week reversed its own policy, telling prosecutors not to prosecute anyone who has engaged in "good-faith security research." Read full story

Apple's self-repair program is bad for consumers, but might work well for IT.

Apple has changed its self-repair program and has gone out of its way to make the program a horrible option for its intended audience: consumers. But it might make a lot of sense for enterprise IT wanting to do iOS device repairs. Read full story

Apple is the latest example of how the remote work fight has gone lunatic.

The recent corporate pushback against working from remote locations (referred to, unfortunately, as work from home) is both self-destructive and bizarre. Read full story

Expect to see more online data scraping, thanks to a misinterpreted court ruling.

In a case involving LinkedIn, a US appellate court has come to an obvious conclusion: scraping publicly-visible online data and content doesn't violate The Computer Fraud and Abuse Act. What does it mean? That's where things get interesting. Read full story

Think the video call mute button keeps you safe? Think again.

Have you recently been on a video call, muted and then said something nasty about a client — or maybe even the boss? Were you confident the mute button was protecting your secret? You shouldn't have been. Read full story

Apple quietly stops meaningful auto-updates in iOS.

Craig Federighi, Apple's senior vice president of software engineering, acknowledged Apple has dramatically slowed down auto updates — by as much as a month. Read full story

The Russian cyberattack threat might force a new IT stance.

With the threat of Russian cyberattacks still with us, companies need to be on a war footing when it comes to security. Read full story

When should the data breach clock start?

Time is of the essence when a data breach occurs. The tricky part is figuring out exactly when a company first knows about a breach, and how long it has before making it public. Read full story

CVS app glitch makes — then cancels — vaccine appointments. And it gets worse.

CVS Pharmacy has a widely used app and site to schedule various vaccinations, including for COVID-19. The problem? It has a glitch that allows customers to schedule appointments that are then cancelled without explanation. Read full story

Behavioral Analytics is getting trickier.

One of the best authentication methods today relies on behavioral analytics, especially when it's used as part of continuous authentication. But it is getting a bit trickier to do so reliably. Read full story

Signing up with a cloud provider? Don't forget to set an exit plan.

It's not simply about getting easy permission to go when it's time to part ways; it's about IT making sure any decisions don't complicate that eventual departure. Read full story

Rackspace is now the roach motel of cloud platforms.

Ever since its layoffs last summer and a plunge in quality, Rackspace lets customers in — but won't let them out. A cautionary tale of a business that had to fight like heck to escape. Read full story

Google finds a nation-state level of attacks on iPhone.

Much of mobile security advice these days is for users to be careful, not click on suspicious links nor open suspicious emails or attachments. But the growing popularity of no-click attacks sidesteps these defenses — and Google has drilled into one such attack. Read full story

Apple is sneaking around its own privacy policy — and will regret it.

Apple has a complicated relationship with privacy. It loves to tout its efforts, especially as a differentiator with Google. But actually delivering privacy? That's a different story. Read full story

When biometrics can be outsmarted this way, we need to talk.

It's a sad fact of mobile authentication: the industry tends to initially support the least effective and secure options. Take the recent case of the sleeping woman in China, for instance. Read full story

Latest Android security hole shows why IT should consider a mobile app whitelist.

The mobile app security headaches continue. This time it's spyware found by mobile security firm Zimperium that not only steals data, but can silently control mic and camera — and secretly delete security apps. Fun times. Read full story

Store your corporate card on an iPhone? Uh-oh.

Apple, Google, and especially Visa this month have given us yet another example of how security and convenience are at odds in the mobile world. Convenience seems to have won out. Read full story

Google now tells criminals when Chrome users are 'idle.' What could go wrong?

Another day, another revelation that mobile vendors might not always have users' needs in mind, but they sure are helpful to cyberthieves. Read full story

How one coding error turned AirTags into perfect malware distributors.

A security researcher found that an open area for typing in a phone number has unintentionally turned AirTags into God's gift to malware criminals. Read full story

Apple's latest right-to-repair trick is delightfully evil.

I've always been impressed by how clever Apple can get when trying to protect its repair revenue. A new report from MacRumors doesn't disappoint. Read full story

On app tracking, both Android and iOS have to do better.

While Google has announced plans to reset permissions for older, rarely used Android apps, Apple's app-tracking-transparency efforts in iOS have fallen short of the company's grand vision. Read full story

Apple's anti-porn overreach — good intent, bad execution.

Apple has unveiled plans to use its extensive powers to fight child pornography. Even though it has good intentions, the company's actual plan has given people dozens of reasons to oppose the move. Read full story

This Vultur app takes malicious to the next level.

As if IT needs more reminders that apps in app stores may not be secure, a Netherlands security firm has found a new Android dropper app dubbed Vultur. It offers, and delivers, legitimate functionality, then shifts into malicious mode when it detects financial activities. Read full story

It's time, IT — set the rules of the road for mobile.

When it comes to keeping everyone in the company on the same page, IT could be doing more. That's especially true when making sure mobile devices are secured. Read full story

About the Pegasus spyware, Apple's telling the full truth.

When spyware from an Israeli firm was discovered on a number of iPhones used by journalists, critics hit Apple over security and privacy concerns. But in this case, it doesn't look like the company did anything wrong. Read full story

Note to IT: Google really wants its privacy settings left alone.

It's deeply unsurprising that newly-released information from the Attorney General's office for Arizona — released when a judge agreed to unseal some of the data — shows Google trying to hide privacy settings and tracking users after they chose to not be tracked. Read full story

When is a cybersecurity hole not a hole? Never.

In cybersecurity, one of the challenging issues is figuring out when a security hole is a big deal or is trivial. Apple now has a hole that pushes the definition. Read full story

Google makes a big security change, but other companies must follow.

Google is moving — slowly — to make multi-factor authentication default, pushing FIDO-compliant software embedded within the phone, and even has an iOS version. Nice touch. Read full story

Google and Apple claim their devices deliver a better sleep; not true, university says.

A university study found that a frequently-heralded smartphone claim by both companies is non-existent. This raises a serious question: Don't they have to prove something works before shouting it from the highest virtual rooftop? Doesn't the FTC have anything to say about this? Read full story

Rethinking mobile security in a post-COVID workplace.

Remember all of the security corner-cutting forced on us in March 2020 as companies scrambled to deal with the pandemic? It's time now to go back and fix things. Read full story

Details of how the feds broke into iPhones should shake up enterprise IT.

Given that law enforcement can leverage a hole in Mozilla open-source code that Apple used to permit accessories to be plugged into an iPhone's lightning port, IT and enterprise security pros need to view mobile device security differently. Read full story

The case of the missing laptop RAM.

One of the best tech support programs in the industry has been Dell's ProSupport program, which routinely answers within 10 seconds and offers excellent techs who truly try to help. It also offers a next-day onsite repair program that's impressive. But (you knew there was a catch, didn't you?), no program is perfect. Read full story

Text authentication is even worse than almost anyone thought.

For years, security experts have been sounding the alarm about texting numbers for authentication. Now, due to some excellent work from Vice, it's clear the text situation is far worse than we thought. Read full story

WhatsApp's new 'privacy' policy is a gift to other messaging apps.

WhatsApp does not treat all interaction data the same. For now, user-to-user/customer-to-customer/consumer-to-consumer messaging is encrypted and considered private. But when a user communicates with a business, Facebook can do anything it wants. Users must assume that a message to a business is potentially open to all. Read full story

Apple tramples on security in the name of convenience.

Apple's upcoming iOS 14.5 and WatchOS 7.4 OSes will allow masked enterprise employees to access their iPhone if they happen to be wearing an Apple Watch that is unlocked. If companies don't stop workers from using this convenience, it will materially scale back security. Read full story

Have a pacemaker and an iPhone? Could be a deadly combination.

Apple itself has issued a warning that its newest iPhone could attack your heart — literally. Read full story

When cryptographers looked at iOS and Android security, they weren't happy.

In recent years, the feds have stopped asking for a workaround to get past Apple security. Why? It turns out that iOS, along with Android, is simply not as secure as those companies suggested. Read full story

SMS: Texting numeric strings is the best holiday gift to cyberthieves.

Multi-Factor Authentication has become so common a security tool that many users assume it must work well to protect data and communications. What it really does is provide false comfort. Read full story

Apple's iPhone slowdown ploy was ridiculous, even by Apple standards.

Now that Apple has agreed to pay $113 million to settle with iPhone users whose smartphone clockspeed was artificially slowed to boost hardware sales, it's worth examining why the move was so colossally stupid. Read full story

Should IT buy the new iPhone 12 Pro? Almost certainly not.

When it comes to whether enterprise IT should seriously consider this purchase — for those operations where BYOD hasn't yet alleviated the need to buy phones ever again — it doesn't make sense for most. Read full story

Zoom's new encryption approach is incremental, but better.

Max Krohn, Zoom's head of security engineering, detailed what users need to give up to get the better encryption protection that's coming. Read full story

How IT can use COVID-19 mobile crowdsourcing data to safeguard workers.

Mobile apps galore have used crowdsourcing techniques this year to fight COVID-19. Now, a new app wants to build on those efforts by identifying communities (often down to the Zip Code) that are being aggressive or lenient in mask-wearing. Read full story

Dual biometrics for banking: Double trouble or super-secure?

Two European banks are looking to boost security by layering a pair of biometric authentication methods — facial recognition and palm recognition — atop one another. That could mean more security, or more headaches for users. Read full story

Apple Watch's planned handwashing reminder feature? I don't trust it.

When Apple rolled out its planned changes for iOS 14 and its companion WatchOS 7, it included a variety of interesting tweaks. Two stood out as especially interesting: a COVID-friendly Watch handwashing app and an enterprise-IT-friendly facial recognition app for video cameras and doorbells. Read full story

Is 7-Eleven's mobile app a way to minimize COVID exposure?

Efforts by people to avoid getting COVID-19 are already affecting mobile payments, particularly contactless NFC payments. Since shoppers now want to avoid going inside stores, even briefly, app payments that happen far away from a POS system are picking up. Read full story

Mobile security forces difficult questions.

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. Read full story

Mobile payments may soar, thanks to COVID-19.

One of the most frequently asked questions these days is "When will things get back to normal?" And the fair and valid answers are generally "They won't. Good-bye handshakes" and "In stages, ending when a vaccine is approved and widely distributed." When it comes to payments, the answers are more complicated, but not any more comforting. Read full story

Telecommuting in a post-COVID U.S. will be radically different. And that's a very good thing.

IT execs need to start talking with other C-levels now and figure out what they want their post-COVID company to look like. Read full story

Amid the pandemic, MFA's shortcomings are clearer than ever.

The pandemic means there is no time for security niceties, such as properly processing RFPs for apps that were thoroughly vetted. That brings us to MFA and why it has to be radically re-envisioned. Read full story

Automated car happenings: Better lane tracking, but can you trust it?

Autonomous and semiautonomous vehicles are making serious progress, but they are going to run head on into a massive obstacle: human trust. Read full story

Will pay by palm be a thing? Should it be?

Amazon is experimenting with a way to allow shoppers to use a palm-print biometric to authenticate payments and to do so in physical stores far beyond Amazon-owned brick-and-mortars. Amazon is reportedly looking at QSRs (quick-service restaurants), especially coffee shops. Read full story

University's mobile app streaming idea has enterprise IT potential. But, oh yes, there's that security annoyance.

Purdue University has an interesting mobile concept, a means to free up lots of space that is now housing apps and app data. Why not, the university asks, stream the apps themselves from the cloud? Read full story

Mobile security: Worse than you thought.

The latest Verizon Data Breach Investigations Report eloquently argues that aside from wireless, the form factor of mobile in and of itself poses security risks. Read full story

When does protecting privacy morph into invading privacy?

Employees and consumers are being more careful about sharing information that goes beyond strict need-to-know. We ran into one company that seems to not get that. Read full story

How bad can text security be? One company just showed us.

A massive number of text messages were stored in plaintext, with no security at all. Read full story

Facebook's iOS 'bug' secretly filmed users. IT, take note.

And a very different bug, planted by cyberthieves, presents even more frightening camera-spying issues with Android. Read full story

Mobile security perceptions don't approach reality. And that's a problem.

The best security approaches — such as continuous authentication — are invisible to the user and therefore frictionless. That's good in practice, but it can be bad in terms of customer perception. If they don't see it, they assume it's not there. Read full story

A revealing iPhone 11 headache.

Sometimes, a mobile glitch is indicative of a much more pervasive issue. Our columnist's recent iPhone 11 iTunes headache perfectly illustrates how Apple's heralded focus on customer experience falls apart when doing upgrades. Read full story

The courts have ruled: Mobile sites must be accessible. But why did enterprises ever resist?

It's a mystery because being more accessible is just good for business. Read full story

IoT dangers demand a dedicated group.

The internet of things brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars. Read full story

Can an Apple Watch prevent fatal car accidents? It just might.

A new study questions the efficacy of car accident-avoidance systems, but it's possible that a simple smartwatch might be part of the solution. Read full story

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

In BYOD environments, users tend to supplement corporate security programs with free versions. That is a remarkably bad idea, and one analyst report suggests a way to stop it. Read full story

In mobile, does IT want more control or less work?

Would changing mobile warranty rules be a good or bad thing for enterprise IT? Read full story

Message to IT: Trusting Apple and Google for mobile app security is career suicide.

Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen testing various mobile apps, security holes were rampant. Read full story

Forrester: That malware with its own backdoor into Android's framework? Don't worry; Google's on it. (Gulp!).

Google confirmed that cyberthieves had managed to pre-install malware into the Android framework backdoor. In short, the malware appeared to be blessed by Google at the deepest point within Android. Read full story

Forrester: Bank mobile apps frustrating, confusing.

Mobile banking should be effortless, but Forrester Research says far too many banks offer frustrating apps and give little thought to how consumers should interact with their financial institutions. Read full story

Why I now hate my Apple Watch slightly less.

The Apple Watch is still a wonderful device that has maddening flaws. But we have now found some unpublicized ways around some of those flaws. Watch life is now slightly better. Read full story

Why I've learned to hate my Apple Watch.

In a perfect world, the Apple Watch Series 4 could be great. With a few easy settings, a glance at the watch would deliver time, temperature, the dial-in details for your next appointment or many other things that would be helpful. But we don't live in a perfect world. Read full story

Massive bank app security holes: You might want to go back to that money under the mattress tactic.

A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Read full story

Apple is learning why shortcut security is a bad idea.

With its enterprise developer certificate program, Apple chose convenience over security. You can guess what happened. Read full story

With latest mobile security hole, could we at least focus on the right things?

A bunch of apps from some major players were recently tripped up by a security/privacy hole from a third-party analytics app. But everyone is focusing on the wrong lesson. Read full story

Next Android OS might allow app downgrade. This is a BIG deal.

Making apps downgradable would give IT just a little of its environment controls back. Just a little bit, but it's a start. Read full story

The enterprise ROI/TCO argument for mobile is getting a lot more interesting.

In 2019, executives need to look anew at mobile and figure out what technology displacements make sense. For example, do companies need to buy expensive dedicated barcode scanners? Read full story

Apple's App Store privacy efforts are backfiring big time.

Although Apple is trying to position itself as the consumer-privacy-friendly company, some have complained that it is doing it in far too heavy-handed a way. Read full story

eBay's ApplePay stats show why mobile payments are struggling.

When eBay recently started giving customers the option to move away from paying with PayPal, something interesting happened. Read full story

When it comes to mobile, you pretty much have no privacy rights.

Police are very persistent in trying to gain access to suspects' devices. Read full story

Stats make iOS a hard OS to ignore.

Users are jumping to the latest iOS version faster than ever before. That means many things from an Apple marketing perspective, but for IT, it means far greater security. Read full story

Apple finally shares its automatic NFC launch capabilities, albeit in a very limited way.

With iOS 12, Apple wants to share the ease-of-use magic of Apple Pay with the industry, via an SDK. Well, not quite, but it's starting along that path. Read full story

Apple's mobile privacy letter to Congress omits an awful lot of context.

Apple's letter was designed to alleviate congressional fears about the company invading its customers' privacy. But a close reading of the letter does the opposite. Read full story

Google and banks are being less than truthful about customer tracking.

There are good and bad reasons to track someone's movements, but the best way to scream to users that you're spying on them is to lie about or not reveal what you're doing. Read full story

The limitless potential of mobile gesture communications — and how it will trip up users.

Gesturing in the air near a mobile device is going to become the preferred mode of interaction. Long term, ease of use will soar, but before we get there, expect a lot of user errors. Read full story

Is mobile sensor-based authentication ready for the enterprise? Some big players think it might be.

An Arizona security company is working on an interesting approach to mobile authentication, one that leverages the exact angle a user holds the phone as a means of making replay attacks a lot more difficult. Read full story

With cashier-less checkout, retailers should be careful what they wish for.

As the battle for cashier-less stores rages on, it's worth questioning whether an employee-less checkout system is something that retailers should truly want. Read full story

The game-changing potential of smartphones that can smell.

Sniffing smartphones won't merely replicate what a human nose can do. They will be able to detect aromas far more precisely. What is the enterprise IT potential here? Quite a bit. Read full story

Amazon's Echo privacy flub has big implications for IT.

Amazon has confirmed that one of its Echo devices recorded a family's conversation and then messaged it to a random person on the family's contact list. The implications are terrifying. Read full story

BJ's baffling mobile right-swipe machine-learning move.

When BJ's Wholesale Club on Thursday (May 3) said that it would leverage machine learning in its mobile app, it joined the crowded club of companies boasting A.I. capabilities while remaining vague on the details. Read full story

Has a U.K. company figured out how to fix the loyalty problem with its mobile banking app?

One of the longest-running retail problems involves loyalty points and gift cards and the fact that shoppers tend to either forget about them or find them too much of a hassle to redeem. Read full story

Walmart's mobile checkout trial is a major advance.

In-aisle checkout gets a big push from the world's largest retailer. Read full story

A bad day with mobile 2FA.

Texting confirmation numbers is a very weak link; texting them to my landline is just dumb. Read full story

IT beware: University finds new 4G security holes.

Researchers from Purdue University and the University of Iowa have found quite a few new security holes in the popular 4G mobile networks. Read full story

Will an EZPass mobile payment partnership work? It very well could.

With a smartphone and an RFID tag on the window, shoppers may be able to forgo using plastic at all gas stations and drive-through restaurants. But will they? Read full story

PCI's embrace of mobile PIN is a real game changer.

The PCI Council is allowing the most sensitive part of a payment card transaction to happen on a device that it acknowledges is highly dangerous and unstable. Read full story

Mobile privacy policy becoming a truly big deal.

Now comes yet another reason to respect the heck out of your privacy policy: The U.S. Supreme Court is considering making it a determining factor for whether your customers have an expectation of privacy. Read full story

Embrace mobile, or it will run over you.

Visa has learned this lesson, but Kroger is still resisting. Read full story

Apple makes its intent on the battery fiasco clear. And not in the way it wanted.

What Apple did not choose to say is far more illuminating than what it did say. Read full story

What do you get when you merge a lie detector, a job application and a mobile app?

A U.K. firm is pushing mobile software that watches you while you fill out a form and tries to determine truthfulness and emotion. George Orwell would be proud. Read full story

How smart was it for Williams-Sonoma to drop $112M for an AR firm?

AR is a nice retail mobile add-on, but what Williams-Sonoma needs more is to address retail fundamentals. W-S, look to Amazon for an example. Read full story

Questionable strategy: Mobile sites that thwart ad blockers.

In the world of online publishing, there are two enemies that must be respected: the unsubscribe button and the ad blocker. Although both can be circumvented or ignored, how wise is it to thwart the stated intentions and desires of your visitors? Read full story

With Amazon's AR mobile app, you don't need a depth-sensing camera to sense depth.

Sorry, iPhone X, but Apple's ARKit allows AR sizing without needing depth-sensing. Read full story

Target Pay's holiday launch is good for shoppers, bad for retail.

Will forcing shoppers to use a different payment mechanism for every retailer be a good thing? Or will it just dampen mobile payment enthusiasm overall? Read full story

Amazon wants to deliver groceries to your car trunk — not a good idea.

Amazon's mobile app-based delivery system sounds convenient. But has anyone thought about the security concerns? Read full story

MasterCard's virtual reality purchases deliver not-so-virtual headaches.

MasterCard's new effort in virtual reality purchasing takes the worst aspect of in-store shopping and skips the best of online. And they throw in easy unintended purchases. Read full story

CISO: Think about how your customers actually use your mobile apps.

It's not every day that a veteran chief information security officer writes a book that blasts the mobile community for torpedoing enterprise security. Read full story

And the award for worst mobile idea of the year goes to Walmart.

Walmart is setting itself up for trouble with an app that lets employees into your home unattended to put away groceries you ordered. Read full story

Can Amazon truly become a mobile payment power?

One longtime Wall Street financial analyst tracking retail thinks that Amazon may indeed be positioned to disrupt mobile payments just as it has disrupted retail. Our columnist isn't so sure. Read full story

Apple's clever strategy for forcing partners to use Face ID.

To make sure that companies use Face ID in their apps, Apple simply didn't give them any practical choice. Read full story

Time for IT to take control of mobile apps.

IT is seeing a very dangerous collision of two trends: BYOD and mobile apps. IT's job is to protect corporate data — and it's an app-download away from failing. Read full story

Is mobile killing the LAN?

The LAN infrastructure may not be with us for much longer, and that's due to cloud and mobile changes. Nonetheless, authentication needs to be changed immediately. Read full story

NIST: In mobile authentication, think hardware, not software.

The National Institute of Standards and Technology is trying to bolster e-commerce authentication on desktops and mobile devices. Read full story

Retailers can go Google, or they can go mobile.

Being able to track shoppers as they move from online to in-store has been a marketing goal for years. Google says it has an answer. You just have to trust it blindly. Read full story

What does Amazon Prime Day tell us about mobile app loyalty?

What does it mean that users of the Amazon app were less likely to venture into a physical store on the day of Amazon's big sale? Read full story

Are you sharing more data with Google than you have to?

A new approach to limit how much of your data you need to share is being offered it to companies for free. Read full story

Memo to IT: Facial recognition in the new iPhone would make huge waves.

Will Apple embrace facial recognition and iris scans? The mobile industry is preparing for authentication upheaval. Read full story

Memo to IT: You do know that a mobile phone is still a phone, right?

While other retailers hide their phone number, Zappos encourages its shoppers to call. There are good reasons to remember that a mobile device is still primarily a phone. Read full story

Supreme Court to look at mobile privacy. Uh-oh.

A criminal-case ruling favoring law enforcement would have implications for companies facing civil complaints. Read full story

Amazon Go is a great mobile solution, but for the wrong problem.

Mobile-accessed video analytics could be a wonderful retail technology, but only if it's used to attack the right problem. Read full story

Dual biometrics may just be the authentication answer we need.

It solves a big problem with biometric authentication and opens up some intriguing possibilities. Read full story

Self-checkout: What shoppers want to do is rarely what they end up doing.

One of the first things retail executives learn is that shopper surveys are horrible indicators of what shoppers will do in stores. Read full story

Amazon successfully fights off pricebots.

When Walmart found its price-tracking software blocked, it was reminded how fierce a competitor Amazon can be. Read full story

Missing protection: Corporate B2B privacy policies.

The general lack of such policies is a major security hole. Read full story

Walmart.com's transformation: Too little, much too late.

The biggest obstacle to Walmart.com being successful is Walmart itself. Read full story

With security awareness, money talks.

The precautions we urge on employees interfere with their jobs. Read full story

Apparel chains can fight back against Amazon, but it won't be easy.

Amazon has clothing chains panicking. Read full story

7-Eleven thinks it can go cashier-less. It's wrong.

There's a massive difference between retailers using technology to free up associates to do more hands-on work and using that technology to replace those associates. Read full story

The real meaning of a merged channel strategy.

The underlying assumptions in almost all of the online vs. in-store arguments are flawed. Read full story

Use LinkedIn a lot? Read its new privacy policy — carefully.

At the very least, it's a reminder that social media embarrassments are forever. Read full story

How one personal cyber insurance policy stacks up.

As policies designed for consumers emerge, the example from AIG is surprisingly comprehensive. Read full story

Mirror, mirror on the wall, will you leave me any shoppers at all?

This magic mirror could be a great sales tool. More likely, though, it will just siphon sales to an online rival. Read full story

Bank gets lesson in the security failings of third parties.

Brazilian bank was an easy target after its DNS provider was compromised. Read full story

Adidas figures out how to win with physical stores.

It's focusing on what in-store can do best: Deliver unique experiences. Read full story

Neiman Marcus data breach settlement tells us plenty about the ROI of security.

When breaches cost so little, there's not much incentive to avoid them. Read full story

Insecure security cameras sound like a joke, but aren't.

They're an example of big tech companies' failure to take security seriously. Read full story

Saks self-leaked customer data unencrypted, violating multiple rules.

Who needs thieves? Saks last week made clear that it can breach itself quite efficiently. Read full story

Feds struggle with regulating banking's use of big data.

Some highly sensitive data is going to be set loose. Read full story

If the CIA can sidestep encryption, what makes you think cyberthieves can't?

New Wikileaks documents show agents simply refining standard techniques of cybercriminals. Read full story

Whole Foods illustrates the challenge of late-stage CRM integration

What happens when a $16 billion, 37-year-old chain wants to tackle CRM for the first time? Whole Foods is about to find out. Read full story

A better security strategy than 'know your enemy': Know your co-workers

Something as simple as an uncharacteristic turn of phrase can clue people into an email's illegitimacy. Read full story

Mastercard needs to think about unintended consequences.

U.S. retail payment processors seem to act before considering what is likely to happen next. Read full story

True privacy online is not viable.

You can hide from casual observers, but a motivated person will see through your attempts at anonymization. Read full story

Panera finds digital helps recruitment, in unexpected ways.

Panera Bread found that mobile payments significantly helped recruit drivers. Why? Fewer robberies. Read full story

Why do merchants let their payment processors get away with so much?

For decades, merchants have signed agreements that force them to blindly trust their processors. Read full story

Dead men may tell no tales, but IoT devices do.

Real privacy laws are needed in the U.S., and now more than ever with the advent of the IoT. Read full story

Heads up, processors: Feds declare consumers' right to access their money.

In fining Mastercard and UniRush, CFPB officials specifically focused on a lack of prelaunch testing, which is typically an IT role. Read full story

Could web rental efficiency gut DIY chains?

If specialized do-it-yourself tools can be rented, easily and efficiently, for two hours, will that start to hurt Lowe's and Home Depot? Read full story

Amazon enjoys a very happy holiday season.

Holiday stats gave Amazon an amazing 46% of all U.S. e-commerce dollars, which is three percentage points more than the prior year. Read full story

What is behind far too many security leaks? Laziness.

Although segmentation is to be applauded, it's not the panacea for the cardholder data problem. Business processes are. Read full story

Bots may send your liability risk soaring.

Judges and juries may think that a company should be better able to eliminate errors in responses with automation. Read full story

KFC's facial-recognition trial is a disaster in the making.

A new facial-recognition trial from KFC China and Baidu has more potential to alienate customers than to help them. Read full story

A potentially fatal blow against patent trolls.

Forcing law firms to pay defendants' legal bills could undermine the business model of patent trolls. Read full story

Making gas stations safe for fraudsters again.

Mastercard and Visa have announced a three-year delay for EMV rollouts at gas stations. May the gas crimes commence. Read full story

Human-less stores are now possible — and it might be the end of retail.

Are retailers really willing to consider disassociating from associates? Read full story

Amazon Go has tremendous potential — once it fixes a few things.

Amazon last week introduced a new approach to in-store technology and strategy, with its Amazon Go experiment. On the plus side, it offers a vision of the possible, once it deals with some key LP hurdles. Read full story

Merchant sites open door to Visa fraud.

Visa dismisses the issue as a hypothetical attack method — but security researchers tried it and it worked. Read full story

With A.I. announcement, Mastercard goes for the hype.

Problems: Mastercard's approach is nothing new, and its usefulness is extremely limited. Read full story

Court clears up some in-app purchase uncertainty.

Mediating a battle between Amazon and the FTC, a federal judge offers some well-thought-out limits on in-app purchases for children. Read full story

Walmart's better tracking for recalled items is a wonderful first step.

Walmart's new attempt to use blockchain to help it contact buyers of recalled, dangerous products faces up to a long-neglected reality. Read full story

Macy's China experiment shows the potential — and limits — of retail VR.

Macy's this month made its debut appearance within Alibaba's Singles' Day in China. Well, sort of. Its appearance was only virtual. Read full story

Disputing Citi's dispute change.

There is no reason for Citi to aggravate a big chunk of the merchant community. Read full story

Home Depot reminds us why store-centric will be the death of retailers.

Customer-centric retail is not a buzzphrase. It's the only path to survival. Read full story

Rent-A-Center's POS glitch is a great ROI argument.

When revenue dropped, the CEO blamed a new POS system. That's bad for the company's IT department, but could be good for yours. Read full story

The FCC's new privacy rules are toothless.

If opt-in agreements can be hidden within T&C documents, consumers will have little choice than to sign away their privacy rights. Read full story

The limits of encryption.

The latest WikiLeaks revelations included a reminder that there are revealing things that just can't be encrypted. Read full story

Does privacy exist anymore? Just barely.

The sphere of privacy continues to shrink. Read full story

Can Vodafone Pay work when the phone is dead? Depends on how you define 'dead.'

A long-standing complaint about NFC phone payments has been, "What happens when the phone battery dies?" Vodafone has come up with a way around that — albeit with a lot of caveats. Read full story

Amazon and the hazards of inadequate app testing.

Amazon quietly updated its app last week and confessed that its iOS shopping cart would freeze when a shopper tries to switch between apps. Read full story

Let's get serious about IoT security.

The threats posed by IoT devices are real and have to be addressed with structural changes. Read full story

Target's voice-recognition effort: How natural does natural language have to be?

Target's voice-recognition trial misunderstands the allure of Amazon's Alexa and Apple's Siri, and also how shoppers think and communicate. Read full story

Mobile is part of e-commerce, not a rival.

For years, retail has clumsily struggled with various merged channel strategies. No changes in commission structure or bonus requirements have proved effective. Read full story

The ultimate unanswerable question: Are we PCI-compliant?

When you most need to be able to say that you are PCI-compliant is when it's taken away. Read full story

Your users have porous passwords? Blame yourself, IT.

Your efforts at raising security awareness could be making users feel that it's pointless to try to protect themselves. Read full story

A new channel challenge for retailers: Dual-screening.

In retail, we have seen merged channel, omnichannel and multi-channel, but here's an interesting twist: We are now seeing concrete marketing evidence from dual-screening, one courtesy of a new eBay U.K. report. Dual-screening is where a shopper watches television while also interacting with a mobile device. Read full story

The best way to doom a holiday retail trial to failure: Don't brief employees.

The combination of seasonal help and tech trials -- when combined with a lack of training -- is a holiday recipe for disaster. Read full story

Walmart's self-driving shopping cart magic.

Envision opening the Walmart app and summoning a cart to wherever you're standing and having it drive right to you. Read full story

Chase Mobile grasps the obvious about biometrics.

Chase has quietly stopped asking for passwords for sensitive transfers on its mobile app, concluding that a fingerprint-scan is quite sufficient. Read full story

Amazon's crackdown on third-party sellers is the right approach.

If demanding receipts is too much bother for fraudsters, so much the better. Read full story

Why EMV is making fraud soar.

EMV deployment struggles are keeping in-store fraud rates high while pushing online fraud much higher. Worst of both worlds for the moment. Read full story

New Siri commands smarter, but not smart enough.

Promise of easier ways to catch a ride falls short. Read full story

Google Wallet gets that speed is everything.

The developer mindset is light-years from how consumers actually interact with apps. Read full story

Amazon's wacky workweek hours experiment.

Amazon's rationale — there are people who want to work fewer hours at a price of lower pay — is old-fashioned. Read full story

Home Depot's magic value: Returns.

During an August investors call, Home Depot CEO Craig Menear let loose a stunning stat: 90% of all online returns are processed in-store. Read full story

Amazon's Hyundai move shows deep understanding of shoppers.

The magic of retail centers is on knowing and understanding shoppers better than they know themselves, and Amazon is brilliant at it. Read full story

The CVS go-it-alone app suffers from the pharma payment pain.

Few retailers have as complicated and painful payment systems as do drugstores. CVS is struggling to do the best it can. Read full story

All-digital customer service is not perfect.

Consider Jack in the Box, which a year ago shut down all of its customer call centers, pushing customer service online. Read full story

Walmart's Jet move: Is IT magic enough on its own to take on Amazon?

When Walmart said that it was buying Jet.com for $3 billion, it was widely interpreted as it getting serious about competing with Amazon. That's not what is happening. Read full story

There's never a shortage of security holes.

New reports last week highlighted some novel ways for information to get into the wrong hands. Read full story

Target CIO's request to do far fewer things is heresy — but really good heresy.

At a Fortune 500 company, money — and the number of projects under your command — is power. Target's CIO has a very different view. Read full story

PayPal's better way to count authentication failures.

Websites use the baseball rule to thwart authentication thieves: Three strikes and you're out. PayPal argues that there's a better way, one that customizes the rules to the user. Read full story

A familiar face: Snapchat's patent suggests path for retail.

With CRM, merchants try to understand shoppers as much as possible. In today's social-media-oriented world, that goes far beyond a list of products purchased and website pages visited. Read full story

Will 7-Eleven build on feat of completing first retail drone delivery?

One small step for man, one giant leap for flying Slurpees. Read full story

Surefire security fail: One. App. At. A. Time.

A centralized approach that governs how apps interact and what they are allowed to do is essential. Read full story

What's holding back EMV?

Visa has new stats showing that nearly three-quarters of U.S. merchants still can't handle chip cards. Read full story

Mastercard's new logo spits on plastic.

The change from 'MasterCard' to 'Mastercard' is part of a play for a role in a digital marketplace. Read full story

Get off my lawn: Federal panel says websites can ban anyone.

Envision using this against a spammer, someone whose comments you don't like or a bargain-hunter that is cutting into your margins. Read full story

Starbucks burned by aggressive pricing automation.

Starbucks software rolled out a price increase weeks before it was supposed to. Read full story

Google quietly brings forgetting to the U.S.

Seeing all your Google activity in one place can be eye-opening, and having the ability to delete any of it carries some far-reaching implications. Read full story

Amazon challenges retail on what a sale means.

Consumers love sales, and yet the concept itself is oddly unclear. Read full story

Walmart Pay vs. Apple Pay: Hardware age dictates all.

Walmart Pay is about to go national, but why didn't it embrace NFC payments? Read full story

For Facebook, violating users' privacy is going to backfire someday.

Eroding trust is a lot easier than restoring it. Read full story

Whole Foods trying out whole new ways of retailing.

It's rethinking retail. Read full story

Think in-store is dying? Check out Ulta Beauty.

In-store can still work well, but experience must reign supreme. Read full story

Are QR codes more useful in hiding information than displaying it?

A senate bill raises frightening questions. Will retailers and manufacturers use QR codes to hide need-to-know consumer information, by being vague about what the code will deliver? Read full story

Target learns that customized offers need to be in your face.

Customized offers are great, but the line between perfect match and creepy is nuanced. Read full story

Apple Pay's Mac move: Less friction? No, but slightly less fraud.

Shoppers won't have to enter their credit card details — but the number of times it will be truly useful is small. Read full story

The retail EMV quagmire.

Home Depot's lawsuit against Visa and MasterCard tackled the security problems of the EMV rollout. But what the retailer conveniently forgot to mention is far more germane. Read full story

Walmart went nuclear and banned Visa from Canada.

Walmart's decision was both surprising and long overdue. Read full story

Target's war on suppliers could be averted through more creative IT.

Better analytics and mobile crowdsourcing could deliver better pricing. Read full story

NRF's attack on PCI is strong on theory, weak on specifics.

After 12 years of operation, shouldn't NRF be able to point to better and more concrete examples? Read full story

Amazon's arbitration attack of its own merchants is system gaming at its best.

The move is an attack against bogus reviews, but there's a lot more going on here. Read full story

Target kills curbside pilot because it was never a fit.

Experimentation is great, but a retailer needs to understand how it is perceived. On that point, Target failed. Read full story

LinkedIn's disturbing breach notice.

What is hard to understand is why LinkedIn didn't feel the need to force password changes until four years after the breach. Read full story

Chili's sees table-based tablet as way to recapture dinner.

The chain may be radically rethinking how business can be done. Read full story

EMV rules ruining Apple Pay.

Trader Joe's and Whole Foods are the latest retailers to see the Apple Pay experience bedeviled by EMV rules. Read full story

Green Dot's Walmart outage should scare all retailers.

A grim reminder of how interconnected the payments world is these days. Read full story

Bringing shopping malls into the 21st century.

If all its stores consolidated their technology and resources, a mall could deliver a shopping experience that even Amazon couldn't match. Read full story

Target's 'pay less for old produce' trial has serious risks but even better potential.

In a sense, this is the ultimate in transparency, giving shoppers who want to pay for fresher produce that choice. Read full story

A purchase protection bot that delivers, albeit it in a less-than-comforting way.

Price protection programs depend on shoppers not bothering to check after the purchase is done. This app changes all of that. Read full story

How the Siri team could change retail.

Could virtual assistants soon be calling retail stores directly and handling complicated discussions? If so, the implications are tremendous. Read full story

Kohl's Apple Pay deal illustrates why mobile wallet is a lot harder than it looks.

The cool part here is Kohl's integration, which makes it just about effortless for the shopper. Or does it? Read full story

Appellate court ruling will make a lot more work for Web designers.

The decision from a case involving a company's method of presenting its terms and conditions is otherwise fairly meaningless. Read full story

PCI's new rules focus on the chiefs.

Far too often, the levels above CIOs and CISOs don't understand PCI and find the ever-increasing cost of security frustrating. Read full story

If the shoe fits: Prada shows how to master in-store sales.

When it comes to apparel, footwear has generated some of the most powerful sites, but a personal component to shoe shopping transcends what is possible online. Read full story

Visa's EMV struggle: PCI is going to impose new payments security rules this week — and they don't go nearly far enough.

Either wall off your payment data so that no one beyond a small set authorized persons can get access, regardless of network privilege, or force everyone to play by PCI rules. Here's the kicker: They already should have been playing by PCI rules. Read full story

Visa's EMV struggle: Is better preferable to consistent?

When Visa introduced its Quick Chip for EMV on Tuesday, it placed retailers in an awkward — but interesting — position. Read full story

Need more proof of mobile's impact? Look to AMC CEO's statements.

The CEO publicly said that he wanted to allow texting and other mobile interactions during films. That's how powerful the idea of mobile has become. Read full story

Microsoft's lawsuit, and retail's data-disclosure secrecy problem.

Microsoft doesn't want government seizures of its data, done in secrecy, to jeopardize the trust its customers must hold toward it. Retailers have the same problem. Read full story

Let's not make secure encryption illegal.

Restrictions are abhorrent and a draft bill in the Senate is overly broad and ambiguous. But if Congress insists on restrictions, let's add some critical limits. Read full story

The best reason for never giving in to ransomware demands.

There are many reasons not to pay ransom to regain access to your data. Let's opt for the selfish one. Read full story

In-store QR videos need to go way beyond ads.

It seems a shame to waste the ability to show shoppers any imagery or video you want on commercials. Read full story

Apparel maker meshes RFID, NFC and QR together — and makes it all work.

This is an impressive piece of engineering. By combining RFID, NFC and QR, Moncler is trying to deliver the best of all approaches. Read full story

Don't let embarrassment about a data breach cost you even more.

Cyberthieves prey on human nature for even more profit. Read full story

Domino's pizza robot is giving tech a bad name.

This robot saunters to your home at 12 mph and insists that you leave your house to meet it on the sidewalk to get your cold pizza. Domino's stresses that you can't pay it a tip, but there was never much risk of that. Read full story

The new Apple Stores show how compelling in-store can be.

If your stores look and function as they did 10 years ago, you need to rethink design. Read full story

Why McDonald's CRM effort won't work.

McDonald's CRM program may just prove to be a great case study for when a CRM program costs more than it helps. Read full story

Retail's struggles with improving in-store checkout.

With all of the effort by retailers to lure shoppers into their stores, one would think that granting those customers an easy and painless exit would be a priority. One would be wrong. Read full story

Lowe's, Bloomingdale's take wacky approaches to mobile marketing.

Grabbing a young shopper on mobile or social today goes far beyond what it says. Engagement today is meant quite literally. Read full story

How to catch a thief, e-commerce style.

The latest testing reveals some non-intuitive computer profile details for spotting the bad guys. Read full story

Retail's gift card crackdown self-defeating.

The thieves will find other tactics and the shoppers will shop elsewhere. Congrats, retailers: You'll have succeeded in becoming less popular for all. Read full story

Will the FTC's PCI probe do any good?

Even for merchants — who typically express bitter resentment about the paperwork-intensive and labor-expensive PCI process — it's an uncomfortable area to probe. Read full story

Sports Authority's post-bankruptcy plan won't work.

Sports Authority's post-bankruptcy plan won't work. Read full story

Why don't sports retailers get what Reebok understands so well?

It's all about giving customers a reason to visit the store. Read full story

Beware of iOS hiding your email messages.

As enterprises rely ever more deeply on mobile devices for email, CIOs beware. A bug in iOS is periodically hiding email messages, in a way that makes the messages appear to have been deleted. Read full story

The encryption quicksand into which Apple is sinking.

As the encryption argument takes center stage in the ongoing Apple vs. the U.S. Government squabbles, a very important—and potentially destructive—change is taking place in security strategy. Read full story

Domino's again uses technology illusion brilliantly.

A custom-built pizza delivery car is the chain's latest masterly stroke at distracting from the core product. Read full story

Nordstrom discovers the high cost of merged channel.

Has the chain that best understands customer service figured out merged channel and enterprise IT, too? Read full story

No matter how hard Walmart tries, it can't shake being store-centric.

Even as the chain tries its hardest to sound channel-agnostic, it somehow always comes back to getting shoppers into its physical stores. Read full story

Match.com learns that encryption alone isn't enough.

Without obfuscation, Android app encryption security doesn't help much. That's a lesson Match.com learned, but it took long enough. Read full story

Payment options can complicate e-commerce ROI.

Under the best of circumstances, figuring out e-commerce ROI is challenging. The e-commerce chief at RainbowShops.com found that PayPal support adds a lot more complexity. Read full story

What Amazon is doing with its supply chain could devastate the competition.

A huge planned global supply chain move by Amazon could disrupt product access, sharply lower Amazon's costs and accelerate product delivery to shoppers. Read full story

Why is retail afraid of voice recognition for mobile apps?

Retailers have overwhelmingly avoided any attempts to dabble with voice recognition, but that is a huge error. Read full story

Making shoppers happy for the right reasons.

New Accenture research says retailers are not delivering for their customers. It's the right conclusion, but for the wrong reasons. Read full story

EU, U.S. data-transfer deal will never work.

And there's no way the negotiators didn't know that. Read full story

Enterprise CIOs, think it's OK to ignore SMB security holes? Think again.

The CIOs, IT Directors and CISOs for large companies have enough to worry about without having to take on the mountains of security holes infesting small- and medium-sized businesses around the globe. But a new report shows a direct connection between SMB security flaws and those of their Fortune 1000 neighbors. Read full story

Rebecca Minkoff's RFID trial painted itself into a corner--deliberately.

The apparel and accessory chain gets creative with its RFID magic mirror trial-and leverages special dressing room paint to block both RF and mobile signals. Read full story

In the retail battle of the drones, Google's the pragmatist, but Amazon's the dreamer.

If you want to understand how these companies differ, study their drone filings. Read full story

Does anyone really want the government deciding encryption policy?

Security and privacy debates are highly nuanced, allowing for much interpretation, balancing acts and differences of opinion. For that reason, I try and be tolerant of a wide range of views on the subject. Every so often, though, some executive says something so divorced from logic and reality that silence is not an option. Enter AT&T CEO Randall Stephenson and his attack on Apple's encryption efforts. Read full story

Nordstrom's magic foot sizer.

Laser measurements are far more advanced than the shoe industry. But it will give Nordstrom's shoppers a reason to believe the customer service magic. Read full story

The power of touch could — but won't — be Amazon's Achilles' heel.

Physical stores need to be re-envisioned to let the feel, smell and sounds of products sell themselves. It's a shame that retailers won't ever do that. Read full story

Has Victoria's Secret figured out the secret to retail social campaigns?

Using social to create the illusion of intimacy is good, but it's never forgetting the brand that is the magic. Read full story

Amazon: Can't afford something? We'll loan you the money.

Does Amazon really want to get into the loan business? That's the part of shopping that customers hate. Read full story

Girl Scout move shows Visa at its craftiest.

Visa's Girl Scouts program is about many things, not the least of which is converting one of the last bastions of cash sales. Read full story

Data convenience isn't a crime, but treating it as one should be.

It's self-defeating to try to protect data by treating it all as if it's equally sensitive. Read full story

SnipSnap wants to be the price-match ruler of rules.

It says something really bad that a company can make a living interpreting retail price-match rules. Read full story

An IT lesson from Anonymous: Even lawless groups need rules.

Recruit a bunch of anarchists and — surprise, surprise — you get anarchy. Read full story

Does security knowledge make you comfortable or more paranoid?

A new Deloitte survey suggests that younger consumers are more aware of mobile security and data risks than any other segment. What do they know — or not know? Read full story

Target prepping stores with 'no shopping cart, no bag'

Target has a vision of a new kind of physical store to compete with online rivals, one that attempts to sidestep the drudgery of shopping by wiping out the need for customers to lug around their purchases through the store's aisles. Read full story

A neglected retail IT trial is worse than none at all.

A neglected trial is expensive in ways far beyond out-of-pocket costs. Read full story

Will shoppers use Ralph Lauren's RFID dressing room?

Giving shoppers an easy way to summon an associate is bad news if you don't have associates to respond quickly. Read full story

Judge applies common sense to question of what constitutes a data breach.

A breach that doesn't result in anyone compromising any data is something like the proverbial tree that falls in the forest with no one around. Is it truly a data breach? Read full story

Domino's tests brilliant one-click buy for the physical world.

Domino's has proved itself adept at mastering sales via online, mobile and social media. Read full story

Why Wall Street is so interested in Square.

Square is one of the few companies truly trying to change retail payments. This may be the only chance to buy in. Read full story

Amazon, and Wall Street's shortsighted stupidity.

Wall Street has no collective memory. Consider Amazon's infrastructure investments. Wall Street is drooling now, but not so long ago it thought they were a terrible idea. Read full story

Anonymous just might make all the difference in attacking ISIS.

The hacking group's activities have always seemed dubious, but in this case, success will be quite welcome. Read full story

Macy's, Walmart still trying to balance in-store, online holiday sales.

It's time to fully embrace merged channel. Read full story

What's the truth behind Walmart's failed facial recognition trial?

Was this project really just an effort to flag shoppers who had previously been suspected of shoplifting? Read full story

Amazon's Machiavellian same-day delivery trial.

No one in retail is more manipulative about free offers than Amazon — or more successful at it. Read full story

Retailers, why not set up multilingual call centers?

With a video connection to any store in the chain, foreign-born customers could deal with sales associates who speak their language. Read full story

Don't throw out that old phone — turn it into a privacy device.

An idea aimed at consumers just might work for enterprises that want to safeguard communications too. Read full story

Walmart undermines its online strategy — again.

When you watch Walmart, as I have done for years, you start to wonder where it wants to go with its business model, and whether it has any chance of ever getting there. Read full story

Amazon's attack of fake reviews is as brilliant as it is necessary.

It's a rare lawsuit that achieves good. Amazon's might just end up doing that. Read full story

Retailer gets naughty, blames software.

Apparently, an evil programmer elf came up with a clever way to bypass supervisors checking pages before they went live. Read full story

John Lewis coins new name for treating shoppers poorly.

The chain says adding a fee to click-and-collect didn't hurt sales. First, that's not at all clear. Second, anti-shopper moves never ever work in the long term. Never. Read full story

FBI EMV gaffe is the latest setback for payments security.

It's bad enough when the FBI announces to the world that you're not secure enough. It's even worse when it then reluctantly takes it back. Read full story

Apple's 3D Touch system may be useful — someday.

The system is counterintuitive, and its usefulness is yet to be demonstrated. Read full story

If Abercrombie wants to become a mobile brand, then it should really do it.

Item-level RFID, geolocation, cross-retailer CRM and true associate integration are the initial elements. Read full story

Fair pricing blows away low pricing.

Deliberately making shoppers jump through hurdles to get "better" pricing is arguably retail's most self-defeating idea ever. Read full story

Security companies shouldn't be this thin-skinned.

FireEye, like all companies, wants to protect its intellectual property. But it needs to realize that security companies aren't perceived like other companies. Read full story

Data breach costs go way beyond chargebacks.

In security circles, hype and marketing — and the security complacency they encourage — can be more dangerous than a well-funded cyberthief. Read full story

Best Buy's robot reinforces the chain's perceived weakness.

There's no doubt that this robot will prove to be an attention-generating novelty in Manhattan, but will it ultimately prove counterproductive for Best Buy? Read full story

Merged channel's maddening paradox, Bed, Bath & Beyond style.

Increasing digital sales doesn't mean you need fewer stores. Paradoxically, it can mean you need a lot more of them. Read full story

Walgreens thinks claiming IT ignorance is better than admitting an error.

Instead of saying that unplanned manual efforts across more than 8,000 stores caused some transactions to fall through the cracks, Walgreens prefers to say it has no idea whether all transactions went through or not. Read full story

Mobile apps: Publish first, test never.

When a user-experience company recently tested mobile apps from pharmacy chain Rite Aid and restaurant chain Applebee's, both apps greatly frustrated focus-group users. Is mobile development being ignored? Read full story

Walgreens wants to use wearables to give instant discounts for exercising.

Consumers love the idea of being healthy far more than they love doing what it takes to be healthy. For Walgreens, that's a win-win. Read full story

Is Target leading in non-echo-chamber thinking?

To a greater extent than others, Target is trying to be creative about finding approaches that resonate. Read full story

Kaspersky: Great product, dreadful installation/upgrade process.

All companies need to pay more attention to the experience that ordinary users have when they try to install new products and upgrades. Read full story

Faustian bargain: Regret awaits Metro/Alibaba deal.

This global Faustian bargain assumes that this deal will last forever. Didn't Borders/Amazon teach us anything? Read full story

Responsive Web design makes an inefficient design too darn easy.

Is easy design too easy? More importantly, is it costing e-commerce sites serious dollars? Read full story

No more on-call in retail? Then why do you need that traffic analytics license?

The reversals by Gap, Victoria's Secret and Abercrombie & Fitch move should cause IT to re-evaluate quite a few decisions. Read full story

Inside the head of your company's cyber traitor.

Employers misjudge how potential insider cyberattackers will judge the risks and payoffs from their crimes. Read full story

The right way to tackle Amazon.

Brick-and-mortar retailers can't beat Amazon at its game. Instead, they must force Amazon to play theirs. Read full story

Can mobile save the mall? Yes, but not how you think.

It's not about bringing customers into the mall. It's about giving them reasons to come all the time — and not wanting to leave. Read full story

Coke's movie theater trial shows beacon potential.

Coca-Cola is starting to get creative about beacons. Read full story

Bloomingdale's gift card glitch illustrates lack of oversight.

Zero oversight is bad, especially given that there's almost no way of getting the money back. Read full story

Using clues to move paper coupons to mobile.

Printed coupons and mobile devices are as far apart as Bitcoins and silver dollars. One company has been specializing in bridging the gap. Read full story

The best and worst performing retail mobile apps — but no reasons why.

A report tells us what apps we like, but not why. Read full story

Are we safe from self-aware robots?

A breakthrough in A.I. has been reported that suddenly makes all of those apocalyptic predictions about killer robots seem less crazy. Read full story

The Bot That Cried Wolf: Battery tracking poses no real privacy threat.

If we worry about every possible privacy invasion, we will end up not paying enough attention to the ones that really need to be addressed. Read full story

Target gets smart about beacons.

Target has revealed some clever twists. Read full story

Google's in-store traffic predictor.

Counting people inside the store is a service that could be very powerful — if done with shoppers and merchants in mind. Read full story

The real message behind Walmart's supplier pricing memo.

As any Walmart supplier knows, there's no such thing as an innocuous memo from Bentonville. Read full story

Amazon's drone zone effort is the perfect retail domination play.

Amazon tries to enlist NASA in effort to control the skies. Read full story

Privacy and the data toothpaste problem.

Two court rulings basically maintain that we can't expect privacy on the phone or on social media. George Orwell would be proud of the judges. Read full story

Can networked lighting find you a great parking spot?

Perhaps a journey of 1,000 SKUs starts with a single parking break? Read full story

Self-checkout psychology: Don't scare away shoppers.

Retailers really want shoppers to use self-checkout, but many underestimate the psychological deterrents they put in place. Read full story

High rent and e-commerce didn't do in FAO Schwarz.

They were just excuses for the closing of the chain's flagship toy store. Read full story

How should an underage cyberthief be dealt with?

If our goal in sentencing is to reduce such crimes, you have to ask how sending kids to prison accomplishes that. Read full story

Apple stands alone in controlling the in-store experience.

Would-be copiers have to understand that Apple's circumstances actually fit the word 'unique'. Read full story

Walmart buy-online-pick-up-in-store train wreck.

A single experience shouldn't condemn the tactic, but shoppers use one-time experiences all the time in deciding what shops and services to use in the future. Read full story

Ranking of retailers stays static — so why is that worth deep analysis?

The Stores Magazine editors want us to believe it was all about IT. Read full story

Will Trump cyberattack actually be good for security?

Reports have some of Donald Trump's hotels being hit by a payment card-seeking cyberattack. This could lead to a very high-profile exploration of how little a company can do to prevent being breached. Read full story

Social-media policies: You can't say that!

The sad truth is that "That's not what I meant" isn't a defense that can save anyone's job. Read full story

New e-commerce model: Where everybody knows your name — and everything else about you.

An app that sets up a profile of you for all the e-tailers you visit could be convenient, but it carries some troubling privacy implications. Read full story

Price comparison engines have become so relevant that they're now irrelevant.

A bad price can't hide, marketing magic notwithstanding. Read full story

QR codes and porn: Heinz learns a domain renewal lesson.

As companies use more domain names, this problem will crop up more frequently. Read full story

CVS's Target deal: Prescription for a privacy disaster.

Lost amid all of the mega-drugstore talk sparked by this acquisition are some extremely likely data security and privacy problems and HIPAA horrors. Read full story

Digitization: Making the post office meaningful again.

USPS executives see it as salvation for the service, but can anything make the post office relevant again? Read full story

What is behind retail's $1.1 trillion inventory losses?

Retail research house IHL in June estimated an industrywide loss of $1.1 trillion. But IHL is not limiting itself to traditional metrics. Read full story

Woolworths' $1M lesson from gift card blunder.

Accidental data breaches might be the most dangerous. Read full story

Will Tesco shoppers freak out at six-foot tall RFID robots?

As Tesco clothing shoppers rifle through the chain's apparel assortment, they'll be sharing the aisles with six-foot-tall RFID robots, rolling up and down, scanning clothing tags for inventory. Read full story

The database integration rainbow: What Priceline has figured out.

The next step in mobile magic starts with cross-comparing all of the data already collected. Read full story

Yahoo tries legal pirouettes in court, breaks neck.

One of the company's arguments: Yahoo Mail customers should notify anyone who emails them that any email they send to the customer could be scanned by Yahoo – presumably including the original email already sent before the customer could warn the sender. And that argument didn't work? Read full story

Amazon's free same-day delivery offer sounds great, unless you think about its customers.

Amazon is trying to better local stores at their own game, but it looks like what Amazon gains in ideas is being lost in deployment. Read full story

FTC cracks down on mobile shopper tracking service, but could it possibly matter less?

The FTC could have made a statement about what limits and notifications need to be in place. Instead, it focused on a narrow phrasing issue, while buying into industry marketing arguments that are truly misleading and dangerous. Read full story

Besides RFID, will Target take credit for penicillin?

Retailers, don't take credit for a technology that's been around for a while. Read full story

Domino's tweet-to-eat campaign is sneaky social media at its best.

Ordering a pizza via Twitter isn't faster or more convenient than submitting the same entry through the company's mobile app. But it does have one huge advantage – enjoyed almost entirely by Domino's. Read full story

Mobile payments: What will it take for beacons to take the next step?

To move from discount-pitching to sale-closing, a few hurdles have to be cleared. Read full story

Who's flying the plane? The latest reason to never ignore security holes.

Companies make excuses for not addressing security holes that seem unlikely to be exploited. The problem is that they often do get exploited. Just ask United. Read full story

Time's up for putting off IPv6 decisions.

With the Internet of Things, we're going to be needing a lot more IP addresses. That's exactly what IPv6 has in mind. Read full story

Whole Foods, Nordstrom: To thy own brand be true.

Retailers need to think about how the ways they use new technology could damage carefully crafted brands. Read full story

Apple Pay 2.0: Phones with benefits.

It's becoming increasingly clear that what all mobile wallets have lacked so far is a good reason to use them. Read full story

Digital Dumpster diving: A trashcan that reports on what you throw away.

An early Internet of Things entrant demonstrates some of the problems the IoT will bring. Read full story

Is Amazon a lousy retailer? The answer truly is in the cloud.

How Amazon is using cloud dollars to freak out every retailer in the country. Read full story

The realities of security crash into the realities of business.

CFOs and CEOs want guarantees, and none exist in security. Read full story

Security extortion? When legit disclosure morphs into a shakedown.

How a company handles people telling it about its own security holes says an awful lot about how that company views itself. Read full story

Target's under-stocked sale: Lessons not learned.

There's a nuanced distinction between having a very popular sale and arranging for far too little merchandise. And between crashing and having a slow site. Target needs to learn those distinctions. Read full story

Is Amazon trusting tech too much?

Amazon envisions a retail floor with no checkout, run by an array of cameras and scales that will identify shoppers and the products they grab. Read full story

Sony reminds us all what a pathetically weak link email is.

We all rely on email too much to share and archive sensitive information, and we're all at risk. Read full story

Pot luck: Facial recognition gets boost from marijuana kiosks.

Between iPhone's fingerprints and a kiosk's face check, biometrics may be getting its day. Read full story

Macy's mobile app tackles local store search — and demonstrates why it's so difficult.

We tested the app and couldn't get very far before it glitched — repeatedly. Read full story

Let's rethink email.

One startup is trying a new approach. Will other new ideas follow? Read full story

Where's the data?

The U.S. government wants access to an alleged drug dealer's emails, but Microsoft says, sorry, they're in Ireland and out of bounds. This is what happens when we apply non-digital rules to digital situations. Read full story

Some email truths for Hillary Clinton.

One thing she should know is that armed guards aren't really equipped to stop a data breach. Read full story

LLAP, Star Trek tech!

The death of Leonard Nimoy brings to mind how far-reaching the Star Trek legacy has been. Read full story

Uber shows how not to do a privacy report.

If you only let the investigators look at your policies and not at what your employees actually do, you're telling us a lot more about your real privacy views than you realize. And it's not pretty. Read full story

Can you trust Amazon's WorkMail?

The company is being coy about what it can do with your enterprise's email if you sign up for its cloud-based service. Read full story

Let's not make patent trolls stronger.

Bill proposed by National Retail Federation wouldn't shut them down, and it might simply legitimize them. Read full story

Same-day delivery's big chance.

This Christmas, Amazon made a delivery when not a creature should have been stirring. That could herald great changes on the retail landscape. Read full story

Hold the phone, McDonald's.

The fast food giant's drive-through Apple Pay implementation is kludgy and uncomfortable for both the customer and the employee. Is anyone testing this stuff? Read full story

Getting in customers' faces.

When retailers use IT analytics to get close to their customers, they need to do it the right way. Read full story

OK, BlackBerry, what else have you got besides security?

The once-dominant mobile-email player's latest pitch is irrelevant for today's smartphone buyers. Can the company's BYOD pitch save the day? Read full story

Are fingerprints PINs or physical artifacts?

A judge's ruling that a person can be forced to open his phone with his fingerprint ignores the fact that the fingerprint scan is just a substitute PIN, which can't be required by law enforcement. Read full story

Tracking and the law

As courts continue to rule on what is and is not acceptable when it comes to tracking, a lot of what we do with our smartphones could become illegal. Read full story

Google's takedown policy: Celebrity nudes today, your right to know tomorrow?

Google patted itself on the back for being responsive to a request to take down nude photos of celebrities. But it should have stressed that all such requests are subject to intensive due diligence. Read full story

Apple outsmarts the thieves

The Apple Pay approach to mobile payment turns the security conundrum upside down by keeping data out of thief-magnet servers. Read full story

Apple's mobile payment rolling out despite problems

If lack of data visibility is crippling Apple, what chance do mere IT mortals have? Read full story

Google eyes the preteen set

No marketer wants to leave a potential market untapped, and Google hates to disappoint marketers. That could explain why Google is going to start offering Gmail, YouTube and other accounts to kids younger than 13. Read full story

Barnes & Noble plays into Amazon's hands

Same-day delivery is a boon for the online leader, but it will only help doom B&N. Read full story

The data dangers of free public Wi-Fi

New York's plan to turn pay phones into free Wi-Fi stations could be a template for other cities, and bad news for IT departments trying to protect corporate data and intellectual property. Read full story

What if you can't trust your inbox?

Goldman Sachs is taking Google to court to force the cloud vendor to delete an email accidentally sent to a Gmail user. The consequences of a ruling for Goldman would be devastating. Read full story

Supreme Court on obvious patents: Common sense isn't so horrible.

Unanimous decision won't shut down patent trolls, but it will curb worst abuses. Read full story

Do you know whom you're following on Twitter? Neither does Twitter, apparently.

Fake accounts that troll for followers' contact info just might be a problem. Meet 'Alex Van Pelter.' Oh, and LinkedIn is great, except when it's annoying. Read full story

Is Google forgetting that interactivity pays its bills?

As Google gears up for the Internet of Things, its vision seems a bit off. Thermostats as billboards? Read full story

Killer robots? What could go wrong? Oh, yeah...

The UN wants to talk about killer robots as 'conventional weapons.' Someone needs to learn the IT facts of life: If something can go wrong, it will. Read full story

One law to rule all data breaches -- but let's make it a real law

The White House's big report on big-data privacy has several shortcomings. Read full story

Snapchat's reputation is vanishing (unlike its images)

FTC takes it to task for misleading privacy policy, other transgressions. You should take another look at your company's privacy policy. Read full story

Snapchat's latest feature shows why IT must tame marketing's inner monster

Marketers will want to use tools like Snapchat's Here feature to bend consumers to their will. IT has to inject rationality into the resulting discussions. Read full story

With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix. Read full story

Social media endangers corporate secrets

Employees can unintentionally share more than their employers want anyone to know. Read full story

Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief

The alternatives to an independent list like Full Disclosure can't match it for stopping new cyberattack tactics. Read full story

Wal-Mart is latest big company with mobile-app security problems

Walgreens also joins the list, as it becomes increasingly obvious that companies aren't doing enough security testing. Read full story

Can Starbucks get people to use its app to pay for dry cleaning?

The coffee purveyor has indicated it wants to move in that direction. But so do other companies, and they all have some hurdles to overcome. Read full story

Is MasterCard's fraud program just another data grab?

It offers slightly greater payment convenience, but at what cost? Read full story

Mobile IT Roach Motel: Data checks in, but it won't check out

Even if a company were willing to expunge personal data that it had been authorized to collect, the realities of IT systems mean it probably could never completely do that. Read full story

Transparency about data retention requires knowing what you have

A new call for transparency about what data mobile apps are retaining sounds fine and noble, but too many companies don't even know what their apps know about consumers. Read full story

Your data exposed -- Delta, Facebook, others latest to fall into mobile app trap

Match.com and eHarmony also among those now saying, 'We didn't know our mobile apps did that'. Read full story

Get ready, IT; here comes the Internet of Things

You might see security and privacy pitfalls, but the advantages of the Internet of Things mean there's no stopping it. Your smart fridge is going to miss you when you're working every night. Read full story

Bluetooth bras and bumping bozos

Tech overreach now has its mascot: the True Love Tester bra. How do companies green-light such hare-brained product ideas? Read full story

App testing and sins of omission

Starbucks released a mobile app that stored passwords in clear text. There's a good chance that a lot of other companies just don't know whether they could find themselves in the same situation. Read full story

Fear of Glass

Google Glass is just the latest technological advance to elicit fear and dread in some quarters, including law enforcement. Read full story

Hijacked by social media

Why would anyone be comfortable with social networking sites sending out messages in their name? Read full story

Starbucks sat on its clear-text password problem for months

The company is dancing around the question of what it knew and when it knew it, but the security problem was not a revelation for it this week. Read full story

Starbucks caught storing mobile passwords in clear text

In a case of convenience for users trumping security, Starbucks has been storing the passwords for its mobile-payment app, along with geolocation data, in clear text. Read full story

Starbucks and the art of persuasion

The coffee chain was smart enough to push mobile by not initially pushing mobile. It's an approach that can work for your business too, internally and externally. Read full story

What to include in your mobile privacy policy

If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work. Read full story

2014: Time to rethink privacy

Companies have to fully confront the privacy issues they face and rethink their policies from the bottom up. Read full story

Target's security: Better than I thought

The way Target deployed triple DES encryption for debit card PINs makes its statement about the unlikelihood that they were in danger much more believable. Read full story

Target: Deceive first, answer questions later

Issuing deceptive statements is no way to win back customers' trust. That's a lesson for anyone who might find itself in Target's position someday. Read full story

Target's 'We've Been Breached' sale is a little cynicism for the holidays

A sale, right before Christmas? What an extraordinary step for a retailer to take! And that hefty 10% off is available to everyone. Target's millions of breach victims must be feeling very special. Read full story

Instagram Direct: Your data, direct to marketers

Instagram is going to let you send messages and images to small subsets of your friends and family. It's a clever way to get more of your data into the hands of marketers. Read full story