I just got back from the NRF’s big show in New York a little jet-lagged and a lot excited. I haven’t quite got back onto UK time yet but I couldn’t wait to get to work today to write about the good, the bad and the ugly bits of the show (and yes, to rub it in everyone’s face that I just spent five days in NYC!)

This year was my first time at NRF and it was also a record turnout for the show, with over 27,000 people in attendance despite the fact that Monday was a public holiday in America celebrating the life of Dr Martin Luther-King. It’s possible that all those people turned up because they were desperate to see the latest PoS innovations - however it’s more likely that keynote speaker - Bill Clinton, heard of him? - knows how to draw a crowd.

I went to see his keynote address; nothing to do with retail. It hardly mattered though, the man is so charismastic he could probably make accountancy seem exciting. Former President Clinton mostly spoke about ‘our common humanity’ and how globalisation means we all have to live together, support each other and lead by example - in business ethics, environmental committments and financial reform.

Oh sorry, I tell a lie, his speech had a tiny bit of retail in there - we found out what he bought Hillary and Chelsea for Christmas (jewellery) and that he buys his books at an independent book store in New York.

The show itself was vast, it took a good 15 minutes to walk from one end of the Javits Centre to the other, and that’s without stopping to checkout the hundreds of stalls. There was a huge mix of vendors on display, it was a veritable who’s who of the retail technology world - Oracle, Microsoft, HP, SAP, VeriFone, PayPal, Wipro, Fujitsu, Motorola, JDA, Verizon, Intel, NCR, Wincor Nixdorf, Retalix - anyone and everyone you could think of.

On the whole the new technology on display was impressive and really pushed the idea of a seamless customer experience. The in thing now is not cross-channel or multi-channel or even omni-channel - it’s no-channel - there’s just one seamless customer experience.

Digital signage was much lauded at NRF’s big show this week. Anyone who was anyone is hardware was pushing the idea of interactive, multi-touch screens inside and outside shops. The window signage boasted facial recognition technology which could determine the age and gender of a window shopper and then display tailored advertising and deals.

In-store the multi-touch, multi-user high-def screens were used as surfaces which customers could create shopping carts on while the compare and order items. There were also virtual fitting rooms where you could use a computer programme to try on clothes in 3D - it is thought that eventually this technology would be used by consumers at home on their own TVs.

All this was very impressive and readers will be able to see a full review of the expo in the next issue of Retail Systems, but there was one disappointing and crucial flaw at NRF. The free WiFi didn’t work! I mean, come on - it’s a technology show that can’t supply WiFi to visitors, how embarrassing!

Let’s get it fixed for next year guys, please.

Well I don’t know about you but my Christmas break wasn’t very restorative. In fact, I think I need another holiday to help me get over that one!

Anyway, back to reality. After three weeks off I’m feeling a little detached from my usual routine (just there now I tried to spell detached ‘detatched’ and realised it’s been too long since I typed anything.

I hope all our readers had a lovely Christmas and may 2012 be a better year for the UK’s High Street retailers. Although if today’s news is any indication of what’s to come then I won’t hold my breath.

Blacks Leisure have announced they are to go into administration. It is just a temporary measure, part of a takeover deal prepack arrangement they assure us, and none of their stores will be closed for the time being. The retailer was unable to find an outright buyer and now they hope that most of the business can be salvaged by several buyers.

And La Senza has also announced that it plans to enter administration this month after a disastrous year on the High Street.

But there is plenty to be hopeful about in 2012 - the London Olympics, the Diamond Jubilee. All these events will have an impact on the High Street and retail. Let’s hope it’s a positive one.

I’m not sure if this is really a retail related story, but I’m going to tell it anyway. I think it could definitely be put under the umbrella of e-commerce, and with that tenuous link - let the rant begin.

Online ticketing sites - could they be any more useless? Seriously, I’ve never found one that wasn’t infuriating to use in every way. If there’s a really popular act on then it gets even worse. I remember once trying to buy tickets to see Flight of the Conchords at Wembley. They were playing three nights at the massive venue, but the morning the tickets went on sale at 9am they were all gone by 9.01am. I know because I sat there waiting and waiting for the clock to hit 9am and then pounced with the reflexes of a mongoose.

But alas. I even phoned Ticketmaster, sure there had been some mistake, and was informed that most of the tickets were gone as they were sold as ‘advance tickets’.

More recently this happened to me again while trying to buy tickets for a gig last Friday. Again I had to eventually buy the tickets for twice the price on eBay.

But the whole ‘advance ticket’ thing wouldn’t bother me so much if it weren’t for the 20 guys down outside the arena or theatre with a hundred bundles of tickets hawking them for three or four times their face value. It is outrageous that anyone should be allowed to purchase more than 10 tickets in advance, and ticket sites should be going to greater lengths to ensure they aren’t selling to the same people over and over who are just using different mates’ names and credit cards.

One of these days bands will find themselves playing to completely empty arenas while all the hawkers outside hold all the tickets and the fans just stay home, tired of being ripped off.

Recent research revealed that the next five years will see mobile commerce grow by 55 per cent, to £19.3 billion in 2021. Mobile devices are set to supersede the PC as the principal means by which people connect to and use the internet, and amongst other things, it will change the way we shop. This could be very good news for the retail industry and smart retailers need to ensure a first-mover advantage by learning how to exploit this.

Innovations such as mobile coupons and vouchers play a key role, enabling bricks and mortar shops to incentivise consumers to come in and spend. Mobile coupons that can be redeemed digitally are cheap to deploy, take all the work out of rapid-response activity and promotions, and make it very easy for the customer to say ‘yes’. Unlike their paper-based cousins, mobile coupons can also be tracked in real-time, giving retailers an instant overview of the return on investment of individual campaigns.

Whilst most retailers have recognised just how attractive discounts can be to today’s money conscious consumers – both on and offline –it’s time that they now fully embrace mobile coupons as a marketing tool for luring customers into their high street stores.

But what about consumers - will they embrace mobile coupons? Well, experience with the likes of Comet, Aurora and Blockbuster, who employ this kind of mobile coupon technology in the UK has proved that consumers love the technology, with redemption being much higher than with paper-based alternatives.

Mobile coupons have clearly come of age and retailers now have the chance to get in there quickly and decisively in order to make it an opportunity for shop-based retail rather than letting it become a threat. Retailers that have yet to embrace the ‘smartphone revolution’ must get with the programme fast or risk falling behind the competition.

Simon Burke is chairman of Eagle Eye

According to Amazon.com, Monday 5 December at 9pm will be the busiest point of this year’s online Christmas shopping spree in the UK and online retailers will need to ensure their systems and activities are operating at optimum levels to make the most of this lucrative sales period.

Michael Ross, director of eCommera, the leading provider of optimised ecommerce solutions, urges retailers to focus on the controllable inputs to their business, and to measure the trading data that will have most impact on profit; and provides his top tips.

Ensure your trading team meet often enough to make a difference. If your competitor is out of stock on a popular line then make sure you can immediately capitalise on the opportunity.

Don’t be fooled by averages. A strong overall stock position can mask the fact that you’re out of stock / out of key sizes / colours on those lines that are most popular.

Look at the outliers. Which products are not moving and why? Make sure they’re actually visible in the search results and maybe review your sort order.

Beware the bounce rate. Make sure your marketing spend is not wasted because of broken links or inadequate product attributes.

Keep your promises. Make sure your operations team can meet your commitments and ensure you have a plan to compensate for the unforeseen eventuality.

Are you missing a trick with overseas visitors? Is there an opportunity to increase business by offering more international delivery options?

Plan ahead. Make sure you can concentrate on maximising your trading success without worrying about whether your site has the capacity to cope with the increased traffic.

Revenue is vanity and profit is sanity. Tie all your trading data together (using eCommera’sIntelligent Trader online decision making tool) to ensure you’re making money on every order, not giving it all away in delivery promotions and marketing spend.

It is also worth thinking about on-site functions to interact with customers such as live chat for problem resolution, personalisation of packaging and delivery, click and collect and offering free gifts for orders over a certain value.

Michael Ross is director at eCommera

The American Express purchase last month of Sometrics is the latest example of how virtual currency is a real revenue stream we increasingly have to manage in mainstream business. No longer the preserve of video games our kids are playing, virtual currency is hitting the high street.

The money we use to outfit an avatar is increasingly being integrated into our real world lives. Cashing in and out of virtual currencies for things we buy on the high street is on the horizon.

Sometrics’ virtual currency and loyalty offering is like an online shopping mall for gamers, where they can buy various virtual currencies and virtual items in the games they’re playing. This offering will be integrated into Serve, the American Express digital payments platform. In return, it also delivers AmEx access to some 225 million gamers currently using Sometrics.

The integration of virtual and old world brands is picking up speed. Last Christmas saw well over 1,200 high street stores – including Tesco, Game and Gamestation – selling Facebook credits. The gift vouchers, priced at £10 or £20, are only redeemable as virtual currency for non-existent, digital, objects.

This year, Devon hacker Ashley Mitchell was jailed for a very real two years after stealing Facebook virtual currency from game publisher Zynga’s mainframe. Zynga claimed the stolen chips were worth £7 million, forcing the criminal justice system to decide on the relative value of virtual money in determining a sentence. The former council accounts clerk sold about a third of the chips for £53,612 before being caught.

Even in the cut and thrust of real finance, live pricing of the Ven virtual currency is due to start this month on Thompson Reuters’ institutional desktops (http://www.hubculture.com/groups/237/news/581/). Ven is used in, among other things, real commodity trades and carbon credit trades. It uses a basket pricing structure, based on a portfolio of real world global currencies, commodities and carbon futures.

Back at AmEx, we can expect virtual currencies to go even more mainstream through the Sometrics acquisition. I can easily imagine a time when AmEx decides to integrate Sometrics’ GameCoins virtual currency into its highly popular membership rewards programme as a stand-alone ‘gift’.

More strategically, this could lead to AmEx increasing its end-user acquisition opportunities by giving virtual currency – currently represented solely by its Membership Points – a greater value among the real world merchants it partners with. This takes virtual currency into a mind-boggling array of real world good and services. Just think of the breadth of AmEx’s merchant partners.

While AmEx will have the obvious challenges of determining the economic implications of more closely tying virtual currencies and real goods and services, the fact that it can create greater opportunities for consumers to transact on its platform will give them the ability to increase both acquisition and longer-term loyalty – the ultimate goal for any business.

Did you ever think your Avatar would be putting it on AmEx?

Sanjay Sarathy is the Chief Marketing Officer at Vindicia

Whether to implement so called ‘Best of Breed’ (BOB) solutions to manage different business operations, or adopt an integrated ERP approach such as SAP, is often a difficult decision for retailers to make. Add the future role of cloud computing or SaaS (software as a service) for one’s organisation into the mix and it’s even more complicated. From experience, evaluating which strategy to follow needs to take 3 key requirements into account.

1. The importance of visibility across different operations. The whole point of smaller retailers implementing integrated ERP systems is to achieve better visibility and operational control. Contrast this with implementing a BOB solution, where there is a clear trade off required between having very specific departmental functionality and information that can be shared across the business. What is more important to the future success of the business? Could you live without some of the enhanced functionality to have the benefit of real time information, visible across your operation. Do you want to create silos of operational excellence or improve all round business performance with seamless data exchange? If your preference is the latter, you need an ERP solution.

This decision also needs to be made in context of what the business’ likely position is going to be in the future, with cloud and SaaS. If retailers ultimately switch to a cloud model, which looks likely in the longer term because of cost issues, a best of breed approach does not lend itself because of the difficulty of integrating the systems. If you cannot easily make traditionally hosted BoB applications talk to one another, how are they going manage in the cloud? So retailers making business systems investments today should be asking themselves whether they want integration or disparate functionality. Ask the different vendors what their strategy for the cloud should be, and whether they might be better adopting a single solution to allow them greater flexibility in the future if they do decide to migrate some aspects of their systems.

2. Practicalities of customisation. It’s impossible to implement an ERP system without any level of customisation. Indeed it is the customisation of the solution to suit a particular business that gives the retailer its competitive advantage. In any ERP implementation 80% of the software implemented could be based on fully standard applications and therefore offered through the cloud, but the remaining 20% would need to be customised. And this is where problems can occur. The issue with taking a pure cloud solution is that there are no opportunities to customise the system, which long term is not going to be beneficial. This is because as a retailer expands, its requirement for customisation will increase. The preferable model therefore would be for a retailer to move to a ‘halfway house’ model and be able to implement the majority of its core ERP system (80%) in the cloud and then implement operational, functional enhancements to the same solution locally. Potentially, these could also reside in the cloud but this adds a considerable layer of complexity.

3. Security levels. One reason why the adoption of cloud systems among retailers is still slow and in its infancy is because of security fears. Although some of the consumer brands are offering cloud services, not all of them are actually using the cloud themselves internally, which doesn’t bode well for improving consumer confidence in such systems. It is time for the big vendors to start practicing what they preach if uptake levels among retailers are to accelerate. Added to this scepticism we continue to see problems with hackers, which fuels the security debate, especially where the safety of consumer data is concerned. For instance the Sony hacking, and now most recently, with the hacking of The Sun newspaper - both organisations with a reputation for embracing technological innovation.

It is early days still for cloud and SaaS, traditional hosted applications are still the preferred option in the retail sector. But decisions today relating to ERP and BoB should be made with an eye on the future. Understanding your position in relation to this choice and how it might affect your future prospects of using the cloud are important to understand.

Richard Pascoe is ERP Solutions Director at Zetes.

Yesterday I went to the E-commerce Expo in London’s Kensington Olympia where, among other keynote speakers, I heard from Ivan Henneghan of Facebook.

I was one of the lucky ones - I actually got a seat.

Honestly, I have queued up to get into gigs and hear DJ sets with less apprehension of not getting in than I felt standing in that queue to hear from the social network’s head of e-commerce partnerships in the UK and Ireland.

I had to get there half an hour before the talk started, and the queue was already 70 people deep.

By the time the organisers had filled the keynote speech theatre there were still hoards of people trying to get in. The friendly organisers had to turn bouncers to keep people in check!

There were avid listeners sitting on the floor like some kind of Facebook love-in, people lining the walls of the theatre standing up and expectant people standing outside, craning their necks, trying to catch a glimpse of the guy from Facebook.

Any minute now, I thought, we’re going to have a riot on our hands as mild mannered expo visitors in the grip of Facebook fever tear down the flimsy faux walls of this makeshift auditorium.

Even the speak, Ivan Henneghan, looked surprised at the level of interest in his talk. Looking every inch the dotcom era exec in jeans. a suit jacket and a Facebook t-shirt, he said: “When I arrived today one of the staff here at the expo asked me: ‘Are you the guy from Facebook?’. I said: ‘Yes I’m the guy from Facebook.’ And his face just lit up and he said: ‘Like, the guy who invented Facebook?’ I would just like to point out that I am not Mark Zuckerburg.”

I take no pleasure in HMV’s current troubles. Admittedly, this is based more on nostalgia than any great love for their current offering - website not bad, stores - muddled, not one thing or the other IMHO, a mish mash of movies, music, games, books, gadgets and iPods, iPads and PS3s Growing up in the 80s, HMV was always my go to music retailer, along with a bunch of now sadly defunct indies. In the battle of the High Street retailers, it was certainly infinite cooler than the naff Our Price.

Robin Adams, Director of Security, Fraud and Risk Management at The Logic Group

I returned from holiday to find another attack vector has raised its ugly head. Reading the latest news, at least two hundred fraudulent SSL certificates (and possibly over five hundred) have been issued from a trusted root certificate authority (CA). In this case, it appears that Diginotar, the Dutch trusted third party has been breached and spoof certificates for common domain names including google.com have been issued. This follows on from a breach at Comodo earlier in the year.

What are the implications of this? Well the Diginotar root certificates are included within the trusted root authority stores of all common browsers, meaning that the fraudulent certificates would have been trusted when creating a SSL connection. These can be used to create encrypted tunnels to spoof sites where sensitive information could be transmitted, or leading to potential Man in the Middleattacks.

There has been a scramble among the leading providers to remove the Diginotar certificates from trusted stores. Microsoft and The Mozilla Foundation have reacted quickly publishing security updates, and Google have also updated Chrome, by adding the issued certificates to a blacklist. No news yet on Safari.

What does this mean? Well it means the hackers are getting better and more sophisticated as the counter measures themselves have improved.

The certificate model used for e-commerce has always been one area of concern. Once a root certificate is added to the trusted root store, it is difficult to remove and the model of certificate revocations, based on a Certificate Revocation List (CRL) has always relied on end user intervention, even when it is available; consequently is rarely used. The better technology, Online Certificate Status Protocol (OCSP), which provides real-time validation of a certificate is available now in browsers, but not all, and not always by default. However in either case, if the breach wasn’t discovered, the certificates wouldn’t have been revoked, so the response from the CA would have been positive.

So for end-users it adds another level of confusion. Now, even if they connect to a site which apparently provides a trusted secure link, they must confirm that this trust hasn’t been established through a Diginotar root Certificate Authority – either by validating the certificate chain, ensuring that the relevant security updates have been installed or OCSP validation is enabled.

Once again the hackers have found a weak link – and Diginotar have some hard questions to answer. The initial report on the breach states that the hackers obtained full domain administrator rights to the domain where the CAs were located. The password for this account was described as “weak” and the compromise of this one password led to full access to the CA estate.

Malicious software has been discovered on the servers, which could have been picked up by Anti-Virus software – if only it had been installed. Not only that but the web server software was stated to be outdated and not patched.

In addition there appears to be no central secure logging server, meaning that local logs are likely to have been compromised. Although the Payment Card Industry Data Security Standard (PCI DSS) does get bad press occasionally for being prescriptive and dogmatic, if Diginotar had gone through a Level 1 Service Provider PCI DSS audit, each of those weaknesses should have been identified and resolved. For example:

• · PCI DSS 8.5 requires that strong passwords are
  
• PCI DSS 6.1 requires a patching policy involving maintaining upto date software with installation of security patches

• · PCI DSS 6.2 requires a process to identify new security vulnerabilities when they are discovered

• · PCI DSS 5.1 requires anti-virus software on all systems commonly affected by software (including servers)

• · PCI DSS 10.5 requires secure audit trails held centrally

I suspect I could go on finding controls which would have failed.

Looking at the current PCI DSS service provider lists there don’t appear to be any SSL certificate authority providers on the Visa Europe Service Provider list, and currently no requirement at this time. Since these SSL certificates are commonly used for e-commerce, perhaps Visa Europe and Mastercard should consider asking these companies to undergo such an audit to provide some level of confidence to the general user community.

Certainly all providers of root certificates which are added to trusted root stores should have undergone some form of security audit. If I was a provider of a root certificate I think I would be running a risk assessment and validating and increasing my security to an appropriate level. Being centre stage to the hacker community is never a comfortable place to be.