CALENDAR continued from page 67
January 13 – 16, 2013 National Retail Federation 102nd Annual Convention & EXPO Jacob Javits Convention Center, New York, NY www.nrf.com February 5 – 6, 2013 United Publications TechSec Solutions Westin Fort Lauderdale, FL www.techsecsol.com February 21, 2013 LAAORCA 4th Annual ORC Conference Los Angeles (CA) Convention Center www.laaorca.org March 6 – 8, 2013 Jeweler’s Security Alliance 35th Annual Security Seminar and Expo Flamingo Hotel, Las Vegas, NV www.jewelerssecurity.org March 10 – 13, 2013 Food Marketing Institute 2013 Asset Protection Conference Pointe Hilton Tapatio Cliffs, Phoenix, AZ www.fmi.org March 25 – 26, 2013 USS ORC Foundation 1st Global ORC Conference Bellagio Hotel, Las Vegas, NV www.ussorc.org March 26 – 28, 2013 Merchant Risk Council e-Commerce Payments & Risk Conference Aria Resort, Las Vegas, NV www.merchantriskcouncil.org April 28 – May 1, 2013 Retail Industry Leaders Association 2013 LP, Audit, & Safety Conference Gaylord Palms Resort, Orlando, FL www.rila.org May 8 – 10, 2013 International Organization of Black Security Executives Annual Spring Conference Hosted by Limited Brands Columbus, OH www.iobse.com June 12 – 14, 2013 National Retail Federation Loss Prevention Conference & EXPO San Diego (CA) Convention Center www.nrf.com
68
LPM 1112-C.indd 68
focus heavily on security features during the design phase, because “consumer confidence is fickle” when it comes to trading the security of personal financial information for the convenience of easy payment methods. Van Wyk makes three security suggestions: ■ Don’t show the merchant the account number—In other words design the system along the lines of the chip-and-pin system utilized almost everywhere but the U.S. ■ Make it hard to eavesdrop—Steer the design away from visible bar codes that can be seen, copied, hacked, or otherwise compromised. ■ Strongly authenticate the merchant to the customer and the customer to the merchant—Encrypt, or otherwise protect, the “transmissions” between the chip in the smart phone and the terminals in the stores. Van Wyk elaborated on his point that “a massive security failure of any of these [payment systems] could cause equally massive losses for all,” from the perspective of the consumer, the retailer, and the mobile payment service provider. He pointed to a hypothetical example involving an iPhone mobile payment “app” that Starbucks has implemented, which has been used in over 26-million transactions. If consumers discover that a retailer’s payment system security has been breached, they will “quite likely run screaming from that payment system…and revert to traditional cash or simplistic magnetic credit card systems,” he said. Aside from the public relations nightmare caused by the compromised customer financial information, there are potential problems of a grander scale. A systemic security problem could cause payment problems for the retailer, resulting in financial loss and forcing the retailer to scrap the new system. The service provider faces a well-publicized failure from which it may be impossible to recover. Clearly, hand-held mobile devices have become an indispensible form of “bling” more ubiquitous than jewelry. Mobile payment systems may be the inevitable replacement for cash in a wallet, as van Wyk points out, but the threat of a security breach is ever present. The real point is for the industry to spend the necessary attention to implement security on the front end of development. Otherwise, we may have to revert to something decidedly old fashioned and low tech—cash on the barrelhead.
NOVEMBER – DECEMBER 2012
|
VICS to Merge with GS1 US In mid-September the Voluntary Interindustry Commerce Solutions (VICS) Association and GS1 US announced a signed memorandum of understanding to merge their operations. Integration activities are proceeding and the definitive agreement should be signed before year’s end. The merger’s purpose is to streamline the standards adoption process. Since its inception in 1986, VICS has focused on standardizing retail procedures and guidelines. Its notable accomplishments include placement guidelines for anti-theft products like EAS tags, the standardization of apparel hangers, and “floor-ready merchandising,” a protocol for reducing processing lead times in the retail apparel and general merchandise categories. Significant milestones achieved by the floor-ready exercise include the retail industry’s endorsement of a voluntary standard for product identification (UPC-A or EAN-13) used with point-of-sale scanning devices, a communications format and set of protocols (VICS EDI) allowing for efficient electronic data interchange, and a bar code symbology for shipping containers and raw material identification. GS1 US is the global gatekeeper of bar codes, electronic product code-based RFID, data synchronization, and electronic information exchange. GS1 US also manages the United Nations Standard Products and Services Code (UNSPSC). VICS currently has 143 members, two-thirds of which also belong to GS1 US, which serves over 200,000 companies in 25 industries as part of the global GS1 organization. The drive toward item-level RFID adoption is perhaps the most significant endeavor undertaken by these organizations. Currently, each entity is pursuing its own overlapping path to a common goal. Both the VICS Item-Level RFID Initiative (VILRI) and the GS1 US Item-Level Readiness Program are designed to provide the education, training, tools, and community support that retailers and brands need in order to implement electronic product code (EPC) item-level tagging into day-to-day operations. A successful merger will simplify the standardization process and should speed up item-level RFID’s adoption rate.
LPPORTAL.COM
12/3/12 2:20 PM
