Evan Schuman

About the Author Evan Schuman


Are you sharing more data with Google than you have to?

Whether your concerns are privacy, security, competitive advantage, intellectual property or risk avoidance, your enterprise needs to be sharing — literally — as little data as possible with employees, contractors and third parties. As obvious as that statement is, it’s stunning how much data is unnecessarily shared with cloud providers and others.

There are two reasons for this. First, the time and effort needed to be remove data that the third party doesn’t truly need from the data that is needed can make the ROI seem unattractive. This is especially true when executives play down the risk of anything bad happening.

As in “I’m probably safe trusting Google/Microsoft/Amazon/Rackspace, etc.” Really? Even if you choose to assume that their security is stellar — it isn’t — what about competitive issues? Are you really willing to trust that they will handle your data with your best interests at heart?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Facial recognition in the new iPhone would make huge waves

With several sources that traditionally have been reliable about such things reporting that Apple is preparing to abandon the fingerprint biometric authentication that it’s been using for five years in favor of 3D facial recognition coupled with iris scans, the mobile industry is preparing for authentication upheaval.

The most likely scenario is that Apple will include this new biometric approach on perhaps one model of the new iPhones, with the others continuing to use Touch ID.

+ Also on Computerworld: Dual biometrics may just be the authentication answer we need +

The driver for this move, according to analysts tracking the company, is a desire to free up space on the phone to allow for a larger screen in a similarly sized device. Keeping the phone pocket-sized means that phones simply can’t get much larger than the current iPhone 7 Plus. (Yes, you scoffers out there. The iPhone 7 Plus—at 6.23 inches tall, 3.07 inches wide and 0.29 inches deep—does fit in my deepest pockets, but just barely. Fits into suit jackets, too, but, again, just barely.)

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Memo to IT: You do know that a mobile phone is still a phone, right?

Technologists have always been drawn to bright and shiny objects. That’s why mobile development has focused on geolocation, streaming video, biometrics and impressive app gymnastics. But the core of the mobile phone — at it’s heart, it is a telephone, capable of making voice calls — has generally been ignored. As Zappos has discovered, that can be very bad for business.

What the retailer figured out is that texts, emails and other customer communications are far less effective at closing sales than what Alexander Graham Bell thought up. This is one of those surprising conclusions that, if you think about, shouldn’t be surprising at all. Texting and email force the customer to type everything they are saying, instead of just talking about it.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Supreme Court to look at mobile privacy. Uh-oh.

Does the prospect of your company’s worst enemies getting access to full tracking information on your employees’ mobile phones freak you out? If so, you’ll want to track something yourself: a case the U.S. Supreme Court just agreed to consider. 

Although the case involves criminal law and the question of whether police need a court-issued search warrant for intimate mobile records, one former federal prosecutor points out that the Court’s ruling could open the door to civil discovery and subpoena access. In other words, the ruling could make such mobile data available to anyone who chooses to sue your company, for any reason, whether the claim is legitimate or not. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Amazon Go is a great mobile solution, but for the wrong problem

A long-held retail IT fantasy is that complete item-level RFID will be deployed. In theory, this would allow both merchant and shopper to know precisely where every item is, making both inventory and finding that wayward box of strawberry-flavored corn flakes quite easy. But the economics of placing an RFID tag — the cost of which still tends to plateau at about five cents each — have made it nonviable for all but the most expensive products.

Hold that thought for a moment. Now let’s consider Amazon Go, which is Amazon’s attempt at an entirely automated physical store. But instead of RFID tags, it uses cameras and video analytics. It presumably starts with a perfectly accurate snapshot of every item in the store and knows exactly where each one is situated.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Amazon Go is a great mobile solution, but for the wrong problem

A long-held retail IT fantasy is that complete item-level RFID will be deployed. In theory, this would allow both merchant and shopper to know precisely where every item is, making both inventory and finding that wayward box of strawberry-flavored corn flakes quite easy. But the economics of placing an RFID tag — the cost of which still tends to plateau at about five cents each — have made it nonviable for all but the most expensive products.

Hold that thought for a moment. Now let’s consider Amazon Go, which is Amazon’s attempt at an entirely automated physical store. But instead of RFID tags, it uses cameras and video analytics. It presumably starts with a perfectly accurate snapshot of every item in the store and knows exactly where each one is situated.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Dual biometrics may just be the authentication answer we need

A major problem with biometric authentication is that, when it doesn’t work, there are few good options to proceed with the authentication. When the system says that’s not your eyeball, there’s no fallback akin to “Forgot your password?” You have to revert to some less discerning authentication method, such as a PIN. 

Some vendors are trying to deal with this by using a simultaneous, multi-biometric method. “Simultaneous” is important because using two methods consecutively would take more time, resulting in end users’ resistance and lower participation rates. 

One vendor, Sensory, is making serious headway in figuring out interesting ways to use dual biometrics.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Self-checkout: What shoppers want to do is rarely what they end up doing

One of the first things retail executives learn is that shopper surveys are horrible indicators of what shoppers will do in stores. Asked if they would make purchases at a breached retailer, they’ll routinely say no. But quarterly earnings betray the truth that being breached has just about zero influence on revenue. (Blame zero liability, but that’s a column for another day.)

The issue for today is self-checkout. Surveys show that shoppers love the idea. Retailer experience shows that shoppers don’t love self-checkout the reality nearly as much as they love self-checkout the concept. Reality messes things up, with fruits and vegetables that need weighing and age-restricted products and long lines and filled-to-the-brim shopping carts that were never supposed to be handled at self-checkout. Shoppers are quick to dismiss the value of an associate at a staffed checkout lane, ignoring the fact that their experience of scanning millions of SKUs makes them awfully good at it and impressively fast.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Amazon successfully fights off pricebots

One big downside of the plethora of e-commerce shopping bots out there today is that they create the impression of a difference when there may not be one. If I may give my two cents’ worth, is a two-cent difference meaningful, especially when shipping prices are far more than that?

Significant difference or not, shoppers love them. And even more importantly, they act on them. When a bot lists a product and shows 20 different sites, the ranking by lowest price is almost always selected. After price, reputation and customer reviews can play a role, but none persuade as effectively as price.

That’s why Walmart, which wears its tagline about having the lowest prices the way Marley’s Ghost wears his chains (each one is weighed down by bad decisions made years ago), takes pricebots so seriously. Unfortunately for Walmart, so does Amazon. And Amazon doesn’t seem to care one bit for Walmart’s price trackers — and chose to block them all.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Missing protection: Corporate B2B privacy policies

Read more 0 Comments

With security awareness, money talks

According to a recent report, academics have been analyzing brainwaves of computer users to improve how they are alerted to cybersecurity dangers. I’m sorry, but getting users to pay stricter attention to security isn’t brain surgery: It’s all about money and job security. Come to think of it, job security itself is all about money, which makes money the only carrot and the only stick that IT needs.

That report, courtesy of Bloomberg BNA, said, “Many computer users automatically swat away repetitive dialogue box warnings of impending doom, especially when they are engaged in another activity. Now, engineers are using data analytics based on user tracking to discover what might help users pay attention to warnings. Software engineers are exploring promising techniques, such as changing background colors in warning notifications and switching formats to distinguish substantial security warnings from mundane messages. Tapping people’s brains helps the engineers design more effective user interfaces.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Apparel chains can fight back against Amazon, but it won’t be easy

With recent reports that Amazon is preparing to make a major play in custom clothing — as well as apparel in general — clothing chains are panicking. To be fair, when many physical chain executives hear the word “Amazon,” panic seems to be the default response.

The good news is that panic is not needed, because there are some fine defense options. The bad news is that those options are painful, and I’m not at all certain apparel chains are scared enough to actually take meaningful actions.

This column has repeatedly argued that the best way physical chains can fight Amazon is to do what Amazon can’t: Deliver a wonderful physical experience. Use that which is unique to the physical experience and deliver a show that no virtual retailer can.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: 7-Eleven thinks it can go cashier-less. It’s wrong.

There’s a massive difference between retailers using technology to free up associates to do more hands-on work and using that technology to replace those associates. Freeing up will work but replacement won’t. 7-Eleven’s plans to rid itself of the need for store associates, by leveraging RFID-tagged merchandise and relying on payment cards and mobile purchases, is one Slushee too far.

We’ve dealt with this before, with Amazon and with Lawson in Japan. Like Lawson, this 7-Eleven tale involves a convenience store chain in Japan. The reason behind the Japan connection is less technological than demographic: Japan has a serious shortage of workers who are interested in manning the POS in retail. The U.S. suffers a similar problem, but it’s far more pronounced in Japan.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Amazon enjoys a very happy holiday season

Although retailers know only too well how incredibly massive a rival Amazon has become — it’s annualized revenue last year hit $131 billion, which is almost pure online dollars — it’s scope is sometimes difficult to internalize. Holiday stats from Slice Intelligence, for example, gave Amazon an amazing 46% of all U.S. e-commerce dollars, which is three percentage points more than the prior year.

Let’s put that into context. The generally accepted assumption in e-commerce has been that Amazon would dominate for the indefinite future but that major chains such as Walmart, Target and specialty players such as Apple would slowly increase their collective market share.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: What is behind far too many security leaks? Laziness

When the PCI Security Council last month rolled out new, and quite useful, scoping/segmentation guidelines for retailers, the council’s CTO made an interesting comment.

“For years, we have preached the need to simplify and minimize the footprint of cardholder data,” said Troy Leach in a statement. “One way to accomplish this is through good segmentation. It allows an organization to focus their attention on a limited number of assets and more readily address security issues as they arise. As a result, it should also reduce the level of effort to comply with PCI DSS.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Bots may send your liability risk soaring

Artificial intelligence bots are all the rage these days, as companies try to figure out the best ways they can be used. But using them to interact directly with customers forces some interesting questions about legal liability. 

What happens when a wrong answer causes financial harm to a customer? Does it make a difference if the answer was delivered by a human call center representative or an automated bot? In most cases, it absolutely will. 

Consider a typical fintech company, a bank. It uses a bot to cover the most commonly asked retirement fund questions, but someone programmed the wrong answer into the system. Let’s assume that the error causes a customer to miss a key deadline, which causes that customer to have an opportunity-loss of a lot of money. If this matter goes to litigation and a jury or judge is deciding an appropriate resolution, will they view this differently than if an associate gave that wrong answer? 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

A potentially fatal blow against patent trolls

For years, patent trolls have been the best evidence that pure evil exists. And like most evil entities, they are almost impossible to stop. Even a 2014 U.S. Supreme Court decision that was highly critical of patent trolls has done little to slow their slimy, reptilian-like existence. But a federal judge on Dec. 19 crafted a novel tactic to curb patent trolls when she slapped a half-million-dollar bill on the lawyers and said that they were personally responsible for paying it, not their client. This could truly be a game-changer. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Making gas stations safe for fraudsters again

Security is the ultimate point/counterpoint effort. But instead of a one-for-one ratio — instead of a 50% increase in security here reducing fraud attacks over there by 50% — many of the security measures adopted in retail result in a net increase of fraud success. Such a situation exists with EMV, and Visa and Mastercard have just made it worse.

Let’s start with the good security news. EMV, executed properly, should pretty much block all cloned cards. In the olden days of retail fraud, that was the most popular means of cashing out stolen payment card credentials. As expected, as EMV slowly makes its way into physical retail storefronts — and by slowly, we mean that today, more than a year after the deadline for EMV came and went, the vast majority of stores have yet to activate EMV — online fraud has increased.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Human-less stores are now possible — and it might be the end of retail

Are retailers really willing to consider disassociating from associates? I hope that’s not the lesson that merchant executives take away from two recent self-checkout moves.

The first, from Amazon, was a fully self-checkout store, where items are logged as they are placed into a cart. It uses a network of cameras and motion sensors to guess when something is purchased. The flaw? There are no people to clean up the mess when the software guesses wrong. It’s like the world’s largest vending machine.

The second move was revealed a few days ago in Osaka, Japan, courtesy of Panasonic and the Lawson convenience chain. According to a report from The Wall Street Journal, which attended the Osaka unveiling, the reduced-associate stores are powered by an unspecified kind of electronic tag. The article didn’t say whether they were RFID tags or not, but that is a likely candidate. It’s item-level tagging, which is more accurate — and more expensive — than Amazon’s camera approach.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Merchant sites open door to Visa fraud

Security researchers have confirmed that Visa has no mechanism to prevent attackers from using multiple merchant sites to make unlimited guesses on the values for fields such as CVV2. The potential for real harm from coordinated attacks is huge, but such attacks could also be blockable, now that the flaw has been identified.

Mohammed Ali, a Ph.D. student in Newcastle University’s School of Computing Science and lead author of an IEEE paper on the topic, said the security hole involves two separate problems. 

“The current online payment system does not detect multiple invalid payment requests from different websites. This allows unlimited guesses on each card data field, using up to the allowed number of attempts — typically 10 or 20 guesses — on each website. Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it’s quite easy to build up the information and piece it together like a jigsaw,” Ali said. “The unlimited guesses, when combined with the variations in the payment data fields, make it frighteningly easy for attackers to generate all the card details one field at a time.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

With A.I. announcement, Mastercard goes for the hype

Corporations and politicians share a tendency to say things that are narrowly true, though a lack of context renders the statements misleading. Mastercard on Nov. 30 offered a terrific example of this in the security arena.

On that day, the card brand rolled out something it calls Decision Intelligence, which it said “uses artificial intelligence technology to help financial institutions increase the accuracy of real-time approvals of genuine transactions and reduce false declines.” That sounds pretty good. It then elaborated why it saw this as news: “This is the first use of AI being implemented on a global scale directly on the Mastercard network.” It also labels Decision Intelligence as “a radical new approach,” one that “takes a broader view in assessing, scoring and learning from each transaction. That score then enables the card issuer to apply the intelligence to the next transaction.” Mastercard’s Ajay Bhalla, president of its enterprise risk and security efforts, is even quoted as saying, “We are solving a major consumer pain point of being falsely declined when trying to make a purchase.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Walmart’s better tracking for recalled items is a wonderful first step

Walmart’s new attempt to use blockchain to help it contact buyers of recalled, dangerous products faces up to a long-neglected reality. That reality is that almost any meaningful improvement in how quickly and completely retailers contact impacted customers and retrieve recalled products — an act that can literally save lives — will deliver the best ROI of any technology change.

Let’s set aside, for the moment, that the ability to use CRM to quickly tell shoppers, “Don’t eat those mushrooms! They’ll give you botulism,” is about the best way to generate rock-solid customer loyalty. It will also give shoppers an unbelievably powerful reason to sign up for your loyalty program and use it every time they shop.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Macy’s China experiment shows the potential — and limits — of retail VR

Macy’s this month made its debut appearance within Alibaba’s Singles’ Day in China. Well, sort of. It participated via a virtual reality shopping tour app featuring Macy’s New York City flagship, which bills itself as the world’s largest department store.

But making this Chinese entry with a virtual reality app — here’s a small sampling of it, via YouTube — is a decidedly odd move. Although virtual reality is a wonderful way for surgeons-in-training to safely explore a body or for pilots to learn the intricacies of flying a new aircraft, it’s hard to see how it’s either an efficient means of shopping or an impressive way to experience a department store.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Disputing Citi’s dispute change

On Nov. 2, Citi proclaimed itself the first financial institution to allow cardholders to dispute charges from within a mobile app. I applaud the effort, but one aspect of the way Citi did it is certain to aggravate a big chunk of the merchant community.

Many cardholders who call their card issuer to dispute a transaction simply don’t recognize the charge, though it may be legitimate nonetheless. This happens when, for example, you buy gas on a trip and don’t realize that charges from that gas station are going to show up on your statement as something such as “Acorn Properties,” a name that was nowhere in view at the gas station. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Home Depot reminds us why store-centric will be the death of retailers

As we start the sprint to this year’s holiday shopping season, I had hoped to start to see the disappearance of the store-centric mentality that has hurt so much of retail for years. This is best illustrated by complaints — from the likes of Target, Walmart and Home Depot — that they are being victimized by showrooming with Amazon. It was a bogus argument from the start.

I mention this disheartening thought because I just tried — unsuccessfully — to give money to Home Depot, only to have Home Depot’s store-centric — not even chain-store-centric but individual store-centric — mentality drove me into the waiting HTML arms of Amazon. This time, I really was determined to buy the item from Home Depot, but Home Depot’s suicidal store-centric policies defeated me.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

The FCC’s new privacy rules are toothless

When the Federal Communications Commission (FCC) voted last Thursday (Oct. 27) to accept new privacy rules for ISPs, the move was heralded by many as an important step forward in U.S. privacy protections. But a closer look at the particulars shows a decision that has so many exceptions — and and that makes it easy for ISPs to hide customer permission deep within lengthy terms and conditions documents — it amounts to a big backward step for privacy, one that will likely embolden any ISPs that was inclined to violate privacy anyway.

The FCC made changes to the privacy requirements of Section 222 of the Communications Act for broadband ISPs. On the bright side, here’s part of a statement of FCC Commissioner Mignon Clyburn, who voted for these changes: “Why has this Commission, received more than a quarter of a million filings, of which the vast majority show support for the adoption of strong privacy rules? Because consumers care deeply about their privacy — and so should we. Ninety-one percent of Americans believe, consumers have lost control of how their personal information is collected, and used by companies. That’s ninety-one percent. With news seemingly breaking every week, about a cyberattack, massive data breaches, and companies collecting and selling customer data to government agencies, that number should come as no surprise to anyone. So when faced with the question, of should I support requiring companies to give consumers more notice, more choice, and more transparency, you hear no double speak from me. Simply put, additional consent here means, that consumers will have more of a say, in how their personal information is used — and I for one, think that is a good thing.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: Rent-A-Center’s POS glitch is a great ROI argument

Anyone in retail IT looking for a good ROI argument should simply refer to an advisory to shareholders that Rent-A-Center issued earlier this month. The $3.3 billion, 2,600-store chain on Oct. 11 advised that its revenues were dropping — and then it pointed the finger at POS problems.

I needn’t point out that IT never wants to be discussed that way. But if you don’t work for Rent-A-Center, the explanation it put forward could be useful in making arguments for systems purchases with the CFO.

Explaining a 12% drop in same-store quarterly sales, CEO Robert Davis said, “Following the implementation of our new point-of-sale system, we experienced system performance issues and outages that resulted in a larger than expected negative impact on Core sales. While we expect it to take several quarters to fully recover from the impact to the Core portfolio, system performance has improved dramatically and we have started to see early indicators of collections improvement.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

The limits of encryption

As we say goodbye to privacy, some people are putting their faith in encryption. But there’s only so much that encryption can do.

I’m not arguing that encryption is weak and in danger of being busted wide open. I’m not even arguing that companies such as Apple will reverse their stances and give up encryption keys to law enforcement.

I’m simply observing that not everything can be encrypted, and the things that can’t be encrypted can reveal plenty about us. And even Apple has no problem giving law enforcement that kind of information.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Does privacy exist anymore? Just barely.

Privacy is a critical area for IT, and as social media and mobile extend potential privacy invasions into areas once considered safe, reasonable safeguards must be taken. But it has to be acknowledged that many restrictions — you’re not allowed to save this or to track that — are simply not going to work. If data can be accessed, it will be used and retained, and no rules or laws to the contrary will make any difference.

Two recent events make it clear how such attempts are futile. In Germany, a country where privacy is generally valued much higher than in the U.S., a mini-uproar erupted when the government was asked to not store the IP addresses of web visitors. A European Union court ultimately told the government it could go right ahead and save the addresses. And if the court had gone the other way, are we supposed to believe that thousands of government employees would have simply done without the data?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Let’s get serious about IoT security

No one doubts anymore that internet of things (IoT) devices pose a huge security threat, as a recent massive IoT-fueled DDoS attack made clear. But what many enterprises have yet to wake up to is that major structural changes are needed, involving IT and C-level executives above IT. IoT is a new and different kind of threat that can’t be effectively battled in an old-fashioned way. 

From an enterprise’s perspective, there are three sides to the IoT threat: 1) being attacked by an IoT army from around the world; 2) allowing enterprise-owned IoT devices to participate in such an attack against others; and 3) allowing your IoT devices to attack your own company. Making structural changes to your business will do nothing to help you defend against the first scenario, but it could make a profound difference in blocking attack scenarios two and three. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments