Body:

Tesco’s entry into the U.S. market continues to create a stir in the retail landscape: first, in November 2007 with its Fresh & Easy concept — “a chain of 10,000-square-foot convenience stores” — and now with its Marketside concept in Arizona, the British mega retailer’s “first new store format in a decade,” reports BusinessWeek.

 

And according to retail analysts, Marketside will bring a dose of competition to U.S. retailers such as Walmart. So what advantages does Tesco have? For one, data management, which has given the retailer “an unmatched ability to operate multiple retail formats — ranging in size from convenience stores to hypermarkets — and the market knowledge to offer what many analysts say is the best and broadest range of house brands from any retailer.”

 

Tesco is also able to do what “no U.S. retailer has equally mastered,” which is manage multiple store formats. And then of course, it’s success with private label.

 

Keep your eye on Tesco and how retailers such as Walmart plan to compete.

Category: Operations Published: 1/5/2009 2:11 PM Blog Summary: It’s 2009, a year for change...and change can be good. Therefore, Tesco’s growth in the United States could mean big changes for some large retailers. Content Subject: Operations

Microsoft announced the publication of an initial set of document-format implementation notes for the company's ODF 1.1 implementation in Office 2007 SP2. The Document Interoperability Initiative (DII) Web site provides hypertext access to the detailed notes, linked from the online ODF specification, covering implementation decisions, additional file data, and implementation variances. Similar implementation notes will be published for Open XML (ECMA 376).

Industry partners have announced the Web Services Test Forum (WSTF), designed as an open community to improve the quality of the Web services standards through interoperability testing. The Forum provides a customer-centric focus driven by end user testing scenarios. WSTF has a lightweight structure: no Board, no centralized authority, no dues, few barriers to participation, and no allowance for IPR encumbrances. Individuals and corporate entities may join.

ISO announced the publication of the Office Open XML File Formats specification as an ISO/IEC joint standard. ISO/IEC 29500 specifies a family of XML schemas, collectively called Office Open XML, which define the XML vocabularies for word-processing, spreadsheet, and presentation documents, as well as the packaging of documents that conform to these schemas. A new Document Interoperability WG will help align ISO/IEC 29500 with ISO/IEC 26300 (OpenDocument).

W3C has launched the Web Services Resource Access (WS-RA) Working Group, chartered to standardize a general mechanism for accessing and updating the XML representation of a resource-oriented Web Service and metadata of a Web Service, as well as a mechanism to subscribe to events from a Web Service. W3C Recommendations will be produced based upon five Member Submissions: WS-Transfer, WS-ResourceTransfer, WS-Enumeration, WS-MetadataExchange, and WS-Eventing.

Microsoft has announced a new identify management strategy under code-name 'Geneva'. This single, simplified, claims-based identity model includes support for several standards in the federated identity space, including SAML 2.0, WS-Federation, and WS-Trust. Components include Geneva Framework for building claims-aware .NET applications, Geneva' Server, and Windows CardSpace 'Geneva'. A Beta release was unveiled at the Microsoft PDC, available for download.

Members of the OpenID Provider Authentication Policy Extension (PAPE) Working Group have released PAPE Draft 7 for 60-day public review. The PAPE extension to the OpenID Authentication protocol provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User. For example, phishing-resistant, time-related, or multi-factor authentication methods may be requested.

The EAS-CAP Industry Group has released a draft "EAS-CAP Industry Group EAS-CAP Profile Recommendation EAS-CAP-0.1" for public comment. ECIG is providing the profile as a recommendation to U.S. governmental agencies and industry associations on the use of CAP (Common Alerting Protocol) for Emergency Alert System (EAS) purposes, including the FCC, FEMA, National Weather Service, and other organizations. CAP is an OASIS Standard and an ITU-T Recommendation.

OASIS announced the formation of a new Identity Metasystem Interoperability (IMI) Technical Committee, chartered to increase the quality and number of interoperable implementations of Information Cards and associated identity system components to enable the Identity Metasystem. The goal of the IMI TC specification development work to provide the interoperability support that will enable Information Card use to become ubiquitous.

Open source community leaders announced a new Open Web Foundation which seeks to apply a hybrid open source model to community-based specification development. OWF will focus on: (1) Incubation: lightweight process for creating open web specifications; (2) Licensing: or really no licensing, through non-assertion covenants; (3)Copyright: Creative Commons model; Community: collaboration of individuals and companies held accountable to support the Open Web.

EMC, IBM, and Microsoft have published "Content Management Interoperability Services (CMIS)", distributed as four prose documents with supporting XML schemas. The CMIS standard defines a domain model and set of bindings, such as Web Service and REST/Atom, that can be used by applications to work with one or more Content Management repositories/systems. Alfresco, Open Text, Oracle, and SAP collaborated on CMIS, now proposed for submisssion to an OASIS TC.

W3C has published the text of a Member Submission from Creative Commons: "ccREL: The Creative Commons Rights Expression Language." ccREL builds upon the astronomical success of Creative Commons licenses, which are embeddable machine-readable legal instruments allowing authors to express permissions for others to share, remix, and reuse content. ccREL is a new XML/RDF machine-readable language to express copyright licensing terms and related information.

Federal Emergency Management Agency (FEMA) and World Meteorological Organization (WMO) announcements highlight adoption of the XML-based Common Alerting Protocol. CAP defines a format for exchanging all-hazard emergency alerts and public warnings over multiple networks. FEMA announced a CAP Profile for the Integrated Public Alert and Warnings System. WMO issued a CFP for a December 2008 CAP Implementers Workshop in Geneva, co-sponsored by OASIS and ITU-T.

"Balisage 2008: The Markup Conference" continues the popular Montreal series (formerly "Extreme Markup Languages") under a new title "Balisage." Organizers have published the complete program for the main conference (August 12-15, 2008) and for the "International Symposium on Versioning XML Vocabularies and Systems" (August 11). Topics: Semantic Web, ontology design, schema mashups, constraint management, topic maps, annotating overlap, digital libraries...

W3C has published "Associating Resources with Namespaces" as an Approved TAG Finding from the W3C Technical Architecture Group (TAG). The document addresses the question of how ancillary information (schemas, stylesheets, documentation) can be associated with an XML namespace. It offers guidance on how a namespace document can be optimally designed for humans and machines such that information at the namespace URI conforms to web architecture good practice.

Equifax, Google, Microsoft, Novell, Oracle, and Paypal have announced the formation of the Information Card Foundation (ICF) as an independent, not-for-profit organization designed to advance the adoption and use of Information Cards across the Internet. ICF's mission is to advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.

Body:

Energy drinks that mix alcohol and caffeine have been under scrutiny, so much so that both Anheuser-Busch and MillerCoors have reconsidered their respective products. It’s an interesting move, considering the federal Alcohol Tobacco Tax and Trade Tobacco Bureau okayed the marketing of the products to legal age consumers. What’s really going on is pushback from the states, which claim that the drinks are attractive to underage consumers.

“A coalition of state attorneys general had complained the stimulants reduced drinkers' sense of intoxication and were marketed to young drinkers, who were already more likely to have risky behaviors in driving and other activities,” writes the Baltimore Sun.

Last week, MillerCoors agreed to reformulate Sparks and “not produce caffeinated alcohol beverages in the future.” In May 2007, Anheuser-Busch halted the sale of its alcohol energy drink, Spykes, because of “limited volume potential and unfounded criticism.”

The December issue of NACS Magazine tackles another alcohol beverage on convenience store shelves, flavored malt beverages, which some state regulators want removed or reclassified as a liquor product. Here is what happened in Utah:

“Effective October 1, convenience and grocery store operators in Utah were prohibited from selling brands like Smirnoff Ice and Mike’s Hard Lemon­ade. A state legislature decision in the spring defined the products (also called “alcopops”) as distilled spirits — since some of the beverages get flavoring from liquor — and limited their sales to stores run by the Utah Department of Alcoholic Beverage Control. The Church of Jesus Christ of Latter-day Saints supported the legislation as an effort to combat underage drinking.”

Category: Merchandising Published: 12/23/2008 2:21 PM Blog Summary: MillerCoors is reformulating Sparks to eliminate the combo of alcohol and caffeine; some states are eyeing FMBs. Content Subject: Marketing/Merchandising

Body:

The chief economist of Standard’s and Poor has something to say about whether states should consider raising taxes to help fill their budget gaps.

 

“You’re going to have to bite the bullet and accept there are going to have to be significant budget cuts and tax increases as well because I’m not sure you can do it all on the budget side,” David Wyss of Standard & Poor’s said last week before about 200 lawmakers at the annual fall forum of the National Conference of State Legislatures (NCSL), reports Stateline.org.

 

Wyss suggested that states should consider raising gasoline and sales taxes “because they penalize consumption.” He also commented that if credit markets, oil prices and home values continue to fluctuate, “this could turn into the deepest recession since World War II.”

Category: Taxes Published: 12/18/2008 12:39 PM Blog Summary: For most states, that's the question, and some may not have a choice. Content Subject: Government Relations

OASIS has announced the approval of the XML Localization Interchange File Format (XLIFF) specification v1.2 as an OASIS Standard. It was produced by the OASIS XML Localisation Interchange File Format (XLIFF) TC. The purpose of the XLIFF vocabulary is to store localizable data and carry it from one step of the localization process to the other, while allowing interoperability between tools. XLIFF is tool-neutral and supports the entire localization process.

Body:

We’re hearing a lot from retail members about network security and PCI compliance, and in addition, your equipment also needs to be PCI complaint. For the smaller operators, this word of caution is for you: Do not over look your point of sale system.
 
The underground credit card economy is booming and criminals are going to where the money is, which makes your POS systems a prime target because they are generally not monitored, and when a machine is hacked, it could take some time before the attack is found. By that time, it is too late and the damage is done.

Some smaller operators may try to save money by having a POS system serve multiple purposes, such as for store orders, checking e-mail and serving as the POS device for the entire store. If you treat the POS like another workstation, you’re violating PCI DSS – the POS system should serve only one function.
 
And are antivirus programs enough? PCI requirement #5 states that you have to use and regularly update antivirus software and programs, but antivirus programs themselves are not enough and give a false sense of security. Antivirus programs do not stop rouge applications like sniffers and other custom applications that can steal credit card data.

 

Even though you have to have antivirus programs to be PCI compliant, antivirus programs only protect against known threats, and new virus definitions have to be written to address these threats. There can be a period when you are unprotected until new definitions are available.
 
What can you do to protect the POS system? The first thing is to lock it down. The POS system should have only one purpose and that is to be a POS system. For applications that need to run on the POS, they should be white listed so other programs like sniffers or custom applications cannot run on the system. The second thing is to restrict user access with secure logins. Each person should have a unique login so you can track and log all user access, and no one should share login and password info.
 
Another thing you can do is segment your POS network from all the other networks in your location. Incoming and outgoing electronic traffic needs to be protected. Your POS network should not share the same network segment as other devices in your location. When you need to send card-holder data on a public network, the data needs to be encrypted.
 
By no means is this a definitive solution to protect your POS system. If you are unsure if you are PCI compliant and you want to be sure your POS is compliant, contact your POS manufacturer.
 

-Carl Bayer

Category: Technology Published: 12/12/2008 3:38 PM Blog Summary: Are you secure? If not, it’s a good idea to get in touch with your POS manufacturer. Content Subject: Risk Management & Security, Technology