Stores Magazine - October 2007 - (Page 31)

A STICKING POINT O ne of the real sticking points on the road to PCI compliance is chargebacks. For decades, retail companies have been required to hold on to credit card and receipt data for up to 18 months in the event of chargeback claims. Holding on to all this customer and transaction data is an onerous task, particularly for the chains that process millions of transactions each year. Retailers contend that bank authorization of a processed sale should be sufficient proof that a purchase was approved. The credit card associations and the banks see it differently; they argue that it’s the retailer’s responsibility to hold on to all the data – the credit card number, the expiration date, the authorization code and the receipt – for a significant period of time in case the purchase is disputed. With PCI requirements clamping down on how customer data is stored, retailers feel as though they’re caught in a quagmire. “Retailers are trying to do the right thing; they’re taking the required steps to secure customer data,” says Dave Hogan, senior vice president and CIO for NRF. “But, ultimately they feel that they shouldn’t have to shoulder the burden for storing all this sensitive data once the bank has provided an authorization code. Their contention for years has been, ‘Why can’t the banks or the credit card companies be responsible for storing their information?’ It seems to be a way for the card associations and the banks to shift liability and risk to the retailer. And, needless to say, we don’t think it’s an equitable solution.” Here’s a typical scenario that would prompt a chargeback: A customer purchases a big-screen television. Eight months later the customer calls his credit card company and says he never made the purchase. The credit card company sends the disputed claim to the retailer, requiring it to present evidence (such as a signed receipt) that the purchase occurred or risk a chargeback. If the retailer is unable to gather the data to prove the transaction occurred, it not only loses the merchandise and its value, it’s charged for the purchase, too. Dean Sheaffer, senior vice president, credit and customer relations management for Boscov’s Department Stores, explains that there are a number of reasons for chargeback – from dishonest customers and delivery problems to duplicate billing and the quality of the merchandise. He says that if the customer calls the bank with a dispute, it’s the bank’s obligation to track down the authorization. If the transaction didn’t have an authorization number or the bank can’t locate the data, the responsibility for tracking down the data is shifted to the retailer. “Tracking down this information is a costly and time-consuming task – not to mention dirty and grueling,” says Sheaffer. “The problem around PCI is that we’re forced to operate within the confines of a system that was created in the ’50s or ’60s when 16-digit credit card numbers and four-digit expiration dates were established. It’s almost insane that they haven’t found a better paradigm for us all to work under.” Sheaffer notes that many retail companies have little choice but to keep the data stacked in cardboard boxes in a warehouse. “Tracking down information in this environment qualifies as a Discovery Channel Dirty Job,” he says. tailer out there who would argue otherwise,” says Dave Hogan, senior vice president and CIO of the National Retail Federation. “Data breaches have continued to occur at an unacceptable rate. There have been numerous instances of hackers targeting sophisticated retail computer systems that store or process credit card data, stealing the data and then using it to commit fraud.The problem is that the PCI security mandates are difficult to interpret and the requirements for achieving compliance are proving to be elusive at best. “The relatively low rates of success bear out the magnitude of the task. Retailers are frustrated by the complexity of the project and amount of liability they will continue to bear in securing credit card data — even after they’ve got the piece of paper hanging on their wall that says they’re certified,” Hogan says. “Data security is an ongoing, ever-changing problem that can’t be solved with a checklist.” Describing retail CIOs as being “frustrated” hardly scratches the surface; often, their demeanor toward PCI DSS compliance is downright prickly. Although the sensitive nature of a company’s security procedures precludes most IT executives from speaking on the record, the chance to share their views anonymously opens a floodgate of grievances. They gripe about the costs involved and the fact that devoting so much time and capital to this task has forced them to shelve critical and/or innovative business projects. They also convey the gut feeling that no matter what they do, WWW.STORES.ORG they will still have to store some customer data and bear more risk than do the banks or credit card associations they’re working in partnership with, particularly with respect to resolving chargeback issues (see box, above). Needless to say, retail CIOs are fully cognizant of the financial stakes of non-compliance and the potential damage that could be sustained by their brand if a breach were to occur. No one questions the importance of protecting customer data: Still, they’re quick to point out that this exercise yields zero ROI, which is burdensome for an industry that operates largely on small margins and small IT budgets. “There’s no business benefit here,” says Stefano Gaggion, vice president of MIS for Retail Brand Alliance (RBA), the parent company of Brooks Brothers, which received its initial PCI Compliance Certification in December 2006. “Typically, we make IT investments in the context of improving the customer experience or customer satisfaction,” he says. “This does neither. Retailers have to absorb the brunt of the cost and we have all the liability.” Six years . . . and counting he origins of PCI can be traced to 2001, when each of the major credit card companies sought to create data security standards. There were four programs: Each was slightly different, but the main objective they shared was the creation of an additional level of protec- T STORES / OCTOBER 2007 31 http://WWW.STORES.ORG Table of Contents for the Digital Edition of Stores Magazine - October 2007ContentsExecutive Editor's PagePresident's PageDrug Store ClinicsBack-to-School MicrositeWhat Shoppers Think10 Things You May Have MissedNumbers Worth CountingFull Price/MarkdownRetail PeopleDigital SignageCover Story: PCI: What's AheadA Sticking PointTaking a Bite Out of PCI ComplianceFavorite 50Concept2WatchKiosksCustomer ServiceE-CommerceStore OperationsRFIDGlobal StrategiesNRFtech Wrap-upCommunicationsCreditPharmacy ManagementE-CommerceWorkflow ManagementData ManagementLoeb Retail LetterARTS UpdatePoint of ViewNRF NewsRetail Industry CalendarLast LaughStores Magazine - October 2007Stores Magazine - October 2007 - (Page 1)Stores Magazine - October 2007 - (Page 2)Stores Magazine - October 2007 - (Page 3)Stores Magazine - October 2007 - Contents (Page 4)Stores Magazine - October 2007 - Contents (Page 5)Stores Magazine - October 2007 - Contents (Page 6)Stores Magazine - October 2007 - Contents (Page 7)Stores Magazine - October 2007 - Executive Editor's Page (Page 8)Stores Magazine - October 2007 - Executive Editor's Page (Page 9)Stores Magazine - October 2007 - President's Page (Page 10)Stores Magazine - October 2007 - President's Page (Page 11)Stores Magazine - October 2007 - Back-to-School Microsite (Page 12)Stores Magazine - October 2007 - Back-to-School Microsite (Page 13)Stores Magazine - October 2007 - What Shoppers Think (Page 14)Stores Magazine - October 2007 - What Shoppers Think (Page 15)Stores Magazine - October 2007 - What Shoppers Think (Page 16)Stores Magazine - October 2007 - What Shoppers Think (Page 17)Stores Magazine - October 2007 - 10 Things You May Have Missed (Page 18)Stores Magazine - October 2007 - 10 Things You May Have Missed (Page 19)Stores Magazine - October 2007 - Numbers Worth Counting (Page 20)Stores Magazine - October 2007 - Numbers Worth Counting (Page 21)Stores Magazine - October 2007 - Full Price/Markdown (Page 22)Stores Magazine - October 2007 - Full Price/Markdown (Page 23)Stores Magazine - October 2007 - Retail People (Page 24)Stores Magazine - October 2007 - Retail People (Page 25)Stores Magazine - October 2007 - Digital Signage (Page 26)Stores Magazine - October 2007 - Digital Signage (Page 27)Stores Magazine - October 2007 - Digital Signage (Page 28)Stores Magazine - October 2007 - Digital Signage (Page 29)Stores Magazine - October 2007 - Cover Story: PCI: What's Ahead (Page 30)Stores Magazine - October 2007 - A Sticking Point (Page 31)Stores Magazine - October 2007 - A Sticking Point (Page 32)Stores Magazine - October 2007 - A Sticking Point (Page 33)Stores Magazine - October 2007 - Taking a Bite Out of PCI Compliance (Page 34)Stores Magazine - October 2007 - Favorite 50 (Page F1)Stores Magazine - October 2007 - Favorite 50 (Page F2)Stores Magazine - October 2007 - Favorite 50 (Page F3)Stores Magazine - October 2007 - Favorite 50 (Page F4)Stores Magazine - October 2007 - Favorite 50 (Page F5)Stores Magazine - October 2007 - Favorite 50 (Page F6)Stores Magazine - October 2007 - Favorite 50 (Page F7)Stores Magazine - October 2007 - Favorite 50 (Page F8)Stores Magazine - October 2007 - Favorite 50 (Page F9)Stores Magazine - October 2007 - Favorite 50 (Page F10)Stores Magazine - October 2007 - Favorite 50 (Page F11)Stores Magazine - October 2007 - Favorite 50 (Page F12)Stores Magazine - October 2007 - Favorite 50 (Page F13)Stores Magazine - October 2007 - Favorite 50 (Page F14)Stores Magazine - October 2007 - Favorite 50 (Page F15)Stores Magazine - October 2007 - Favorite 50 (Page F16)Stores Magazine - October 2007 - Concept2Watch (Page 51)Stores Magazine - October 2007 - Kiosks (Page 52)Stores Magazine - October 2007 - Kiosks (Page 53)Stores Magazine - October 2007 - Customer Service (Page 54)Stores Magazine - October 2007 - Customer Service (Page 55)Stores Magazine - October 2007 - E-Commerce (Page 56)Stores Magazine - October 2007 - E-Commerce (Page 57)Stores Magazine - October 2007 - Store Operations (Page 58)Stores Magazine - October 2007 - Store Operations (Page 59)Stores Magazine - October 2007 - Store Operations (Page 60)Stores Magazine - October 2007 - Store Operations (Page 61)Stores Magazine - October 2007 - RFID (Page 62)Stores Magazine - October 2007 - RFID (Page 63)Stores Magazine - October 2007 - Global Strategies (Page 64)Stores Magazine - October 2007 - Global Strategies (Page 65)Stores Magazine - October 2007 - Global Strategies (Page 66)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S1)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S2)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S3)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S4)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S5)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S6)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S7)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S8)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S9)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S10)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S11)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S12)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S13)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S14)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S15)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S16)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S17)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S18)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S19)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S20)Stores Magazine - October 2007 - Communications (Page 87)Stores Magazine - October 2007 - Communications (Page 88)Stores Magazine - October 2007 - Communications (Page 89)Stores Magazine - October 2007 - Credit (Page 90)Stores Magazine - October 2007 - Credit (Page 91)Stores Magazine - October 2007 - Pharmacy Management (Page 92)Stores Magazine - October 2007 - Pharmacy Management (Page 93)Stores Magazine - October 2007 - Pharmacy Management (Page 94)Stores Magazine - October 2007 - Pharmacy Management (Page A1)Stores Magazine - October 2007 - Pharmacy Management (Page A2)Stores Magazine - October 2007 - Pharmacy Management (Page A3)Stores Magazine - October 2007 - Pharmacy Management (Page A4)Stores Magazine - October 2007 - E-Commerce (Page 99)Stores Magazine - October 2007 - E-Commerce (Page 100)Stores Magazine - October 2007 - E-Commerce (Page 101)Stores Magazine - October 2007 - Workflow Management (Page 102)Stores Magazine - October 2007 - Workflow Management (Page 103)Stores Magazine - October 2007 - Data Management (Page 104)Stores Magazine - October 2007 - Data Management (Page 105)Stores Magazine - October 2007 - Data Management (Page 106)Stores Magazine - October 2007 - Data Management (Page T1)Stores Magazine - October 2007 - Data Management (Page T2)Stores Magazine - October 2007 - Data Management (Page T3)Stores Magazine - October 2007 - Data Management (Page T4)Stores Magazine - October 2007 - Data Management (Page 111)Stores Magazine - October 2007 - Loeb Retail Letter (Page 112)Stores Magazine - October 2007 - Loeb Retail Letter (Page 113)Stores Magazine - October 2007 - ARTS Update (Page 114)Stores Magazine - October 2007 - ARTS Update (Page 115)Stores Magazine - October 2007 - Point of View (Page 116)Stores Magazine - October 2007 - Point of View (Page 117)Stores Magazine - October 2007 - Point of View (Page 118)Stores Magazine - October 2007 - Point of View (Page 119)Stores Magazine - October 2007 - NRF News (Page 120)Stores Magazine - October 2007 - NRF News (Page 121)Stores Magazine - October 2007 - Retail Industry Calendar (Page 122)Stores Magazine - October 2007 - Retail Industry Calendar (Page 123)Stores Magazine - October 2007 - Retail Industry Calendar (Page 124)Stores Magazine - October 2007 - Retail Industry Calendar (Page 125)Stores Magazine - October 2007 - Last Laugh (Page 126)Stores Magazine - October 2007 - Last Laugh (Page 127)Stores Magazine - October 2007 - Last Laugh (Page 128)http://www.nxtbook.com/nxtbooks/nrfe/stores1209http://www.nxtbook.com/nxtbooks/nrfe/stores1109http://www.nxtbook.com/nxtbooks/nrfe/stores1009http://www.nxtbook.com/nxtbooks/nrfe/stores0909http://www.nxtbook.com/nxtbooks/nrfe/stores0809http://www.nxtbook.com/nxtbooks/nrfe/stores0709http://www.nxtbook.com/nxtbooks/nrfe/stores0609http://www.nxtbook.com/nxtbooks/nrfe/stores0509http://www.nxtbook.com/nxtbooks/nrfe/stores0409http://www.nxtbook.com/nxtbooks/nrfe/stores0309http://www.nxtbook.com/nxtbooks/nrfe/stores0209http://www.nxtbook.com/nxtbooks/nrfe/stores0109http://www.nxtbook.com/nxtbooks/nrfe/stores1208http://www.nxtbook.com/nxtbooks/nrfe/stores1108http://www.nxtbook.com/nxtbooks/nrfe/stores1008http://www.nxtbook.com/nxtbooks/nrfe/stores0908http://www.nxtbook.com/nxtbooks/nrfe/stores0808http://www.nxtbook.com/nxtbooks/nrfe/stores0708http://www.nxtbook.com/nxtbooks/nrfe/stores0608http://www.nxtbook.com/nxtbooks/nrfe/stores0408http://www.nxtbook.com/nxtbooks/nrfe/stores0308http://www.nxtbook.com/nxtbooks/nrfe/stores0208http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail08http://www.nxtbook.com/nxtbooks/nrfe/stores0108http://www.nxtbook.com/nxtbooks/nrfe/stores1207http://www.nxtbook.com/nxtbooks/nrfe/stores1107http://www.nxtbook.com/nxtbooks/nrfe/stores1007http://www.nxtbook.com/nxtbooks/nrfe/stores0907http://www.nxtbook.com/nxtbooks/nrfe/stores0807http://www.nxtbook.com/nxtbooks/nrfe/stores0707http://www.nxtbook.com/nxtbooks/nrfe/stores0607http://www.nxtbook.com/nxtbooks/nrfe/stores0507http://www.nxtbook.com/nxtbooks/nrfe/stores0407http://www.nxtbook.com/nxtbooks/nrfe/stores0307http://www.nxtbook.com/nxtbooks/nrfe/stores0207http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail07http://www.nxtbook.com/nxtbooks/nrfe/stores0107http://www.nxtbook.com/nxtbooks/nrfe/stores1206http://www.nxtbook.com/nxtbooks/nrfe/stores1106http://www.nxtbook.com/nxtbooks/nrfe/stores1006http://www.nxtbook.com/nxtbooks/nrfe/stores0906http://www.nxtbook.com/nxtbooks/nrfe/stores0706http://www.nxtbook.com/nxtbooks/nrfe/stores0606http://www.nxtbook.com/nxtbooks/nrfe/stores0506http://www.nxtbook.com/nxtbooks/nrfe/stores0406http://www.nxtbook.com/nxtbooks/nrfe/stores0306http://www.nxtbook.com/nxtbooks/nrfe/stores0206http://www.nxtbook.com/nxtbooks/nrfe/stores0106-globalretailhttp://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.