The Epsilon Imperative

CMOs: Is your brand in the crosshairs?

IN WHAT SOME observers say was the largest breach of consumer data in history, this week servers at Epsilon Interactive, a database services company based in Irving, TX, were compromised by hackers, exposing the names and email addresses of millions of American consumers to the spam-o-sphere.

Within hours, alerts hit my personal inbox from Kroger, Target, Walgreen and HiltonHHonors informing me that they had been struck and that one of my addresses was now in the wild. Why did these gigantic companies have my email address stored in Epsilon servers? Simple. I am enrolled in their frequent shopper programs. And until now, Epsilon was as reputable and secure a place as you could get to host your customer data.

Which partly explains why the 50 or so huge retail and consumer-facing companies whose customer email lists were exposed by this attack include the likes of Best Buy, HSN, CapitalOne, Citigroup, JPMorgan Chase, Marriott and TiVo. These companies depend on email communications for the inexpensive delivery of relevant messaging and offers to their customers. Now each of them has been forced to warn their customers about the potential for spam and phishing attacks. By email.

The implications of this are quite chilling, and should give pause to every Chief Marketing Officer and Chief Customer Officer charged with the custody of shopper relationships and brand equity. Shareholders had better pay attention too. This, my friends, is your first early warning. I call it the Epsilon Imperative.

First, the good news
It could have been worse. While the data quantities are vast, and the affected brands are iconic, at least the damage was limited to names and email addresses, we are told. Wholesale identity theft does not appear to be a great direct risk, although enterprising list dealers and data miners will be tempted to merge the email address tables with other lists, thus creating more complete profiles for future exploitation.

And the email notices I received came fairly promptly. Well, one from McKinsey Quarterly arrived within hours of the media alert on Saturday. Walgreen and Fry’s (Kroger) got their notices to us later the same day. Hilton and Target waited until after the weekend. (OK, timings of the last two are really not that impressive, come to think of it.)

The positive take-away is that most of the frequent shopper/guest list owners exhibited some consciousness of responsibility for the incident, even though it was caused by an outside criminal act against a third-party service bureau (Epsilon). They acted promptly, recognizing that shoppers and guests must be made to feel that the brands have their best interests at heart. Failure to inform would be a lapse of good faith.

Why marketers should care
While preserving public confidence and brand equity are major concerns, this is only one factor for top retail and hospitality executives. Another, less-understood implication is legal regulatory exposure. This is an area that evolved rapidly following the notorious TJX data breech of 2005, which exposed 46 million credit card numbers but did not come to light until 2007.

California led the pack with the first security breech notification legislation in 2008. But the model for this legislation came not surprisingly in the state of Massachusetts, where TJX is headquartered. At least 46 other states followed with their own versions.

The Massachusetts General Law titled, “Standards for Protection of Personal Information of Residents of the Commonwealth” (Chapter 93H), defines a comprehensive set of data security obligations on businesses, including the development and maintenance of a “comprehensive written information security program.” Deadline for compliance with this law was Mar. 1, 2010.

Several legal scholars have observed that the Massachusetts law would apply to every company who has even one list member residing within the state. It also sets the best practice standard for written information security programs. Since modern ecommerce is “borderless,” many companies will be subject to such oversight in every state.

This means that any company with a direct marketing or frequent shopper list that fails to prepare and maintain a private data response plan may be exposed to dozens of lawsuits imposed by state attorneys general. Legal fees and fines can spiral out of hand, and the secondary damage to brand reputation may be multiplied along with it. It seems that loyalty programs just got harder to operate.

Protect your shoppers – and your brand
What can a responsible marketing executive do to protect customers and company from the cascade of negative consequences that may result from the inevitable data breech? Maintaining state-of-the-art data security measures and the comprehensive written information security program are certainly essential. CIOs worldwide work feverishly at data security, but it’s up to the CMO and CCO to protect brand and customer equity by ensuring that sound response plans and practices are put into place.

A great many consumer-facing businesses consider loyalty and relevance-based marketing to be essential competitive activities. Shoppers and consumers have come to expect the personalized services and rewards promised by these programs. Firms depend on their customer databases to deliver crucial insights that enable efficient and well-targeted marketing programs.

In light of the Epsilon event however, retail and hospitality CMOs and CCOs now face a new imperative. They must confront new questions like:

  • How is the consumer’s perception of our brand affected now that their information has been violated?
  • Is the value of our brand and customer equity negatively affected by a data breech? How bad is the damage?
  • Are we prepared to demonstrate our diligence to our customers and card holders by mobilizing rapid notification and protective actions?
  • What compensation can we provide to the consumer for their discomfort, angst, worry?
  • Can our forthright response turn a data breech into a service recovery opportunity so that we gain trust, not lose it?

In today’s world, the relevant question regarding data breeches is not “If?” but “When?” Set against the emerging legal backdrop of state and foreign regulations, this means loyalty and direct marketers must maintain a dynamic preparedness and response plan that can be instantly triggered in the event of a negative event. This is a capability few companies have today, but one that all should acquire.

© Copyright 2011 James Tenser

Social Media? – Nah, It’s Personal

New way to a shopper’s heart?

ALL THE RECENT chatter about “social media for business” is driving me around the bend.

For some time now, I’ve been searching for a terminology that would rescue us from imprecision and allow a meaningful business conversation to take place around the impact of smart phones within the retail environment.

At the National Retail Federation Conference and Expo two weeks ago in New York, the presentations and pitches frequently turned to the impact of social and mobile media, and I kept cringing every time I heard it. Here’s why it bugs me so much:

When new business phenomena have arisen in retail marketing, sloppy terminology frequently led to poor initial understanding of the business opportunity. Often it is due to a choice of words laden with confusing prior connotationor the absence of a suitable term.

We sometimes used “consumer” and “shopper” interchangeably; now we distinguish between those two customer roles. We spoke of “manufacturers” or “vendors” before the term “brand marketer” was introduced in the mid-90s. A deficient thought vocabulary renders some concepts virtually unthinkable.

In Your Facebook

Today, most of the marketers and solution vendors obsessed with “social media” are in fact formulating new ways of delivering one-on-one messages to targeted shoppers and attempting to influence what they do and say on social networking sites. It’s undeniable that one particular application Facebook happens to be used heavily for social play and sharing of consumer lore. Marketers are dazzled by the massive “audience” it has accumulated and are salivating to exploit the opportunity. How fortunate for Facebook investors.

But setting up corporate pages on Facebook or Twitter does not a strategy make. Indeed the existence of these pages implies a broadcast mentality from us to them. Despite the open visibility of customer comments on the wall, there seems to be relatively little interaction between consumers on these pages. Old comments get quickly buried behind newer ones, and only our social media hired guns bother to track and analyze them – in reports calculated to justify their existence.

Regardless of the channel, shopping is primarily about each individual’s personal success get the best deals; satisfy my needs most efficiently; manage my budget; impress my friends; etc. When a shopper turns to his or her personal mobile device to access tools to enhance in-store success, it’s a very personal action motivated by very understandable self-interest.

Getting Personal

I submit that when it comes to tapping shoppers via those pocket two-way radiowave computers we call smartphones, there’s very little “social” about it. It’s not social – it’s personal.

If we conceive of the mobile device as a personalized channel for interaction between retailers or brands with individual shoppers or consumers, then we would do well to set aside the imprecise term “social media” and start talking shop. These new media are personal media. Much of what happens on them may be social in nature, but everything that happens on them is personal.

The personal mobile device is taking shape as a personal nexus, where online, in-store, social, and commercial communications converge in unique combinations tailored by and for each individual. Each of us shifts roles at will, according to our objectives of the moment – searcher, receiver, reporter, sender, aggregator, re-transmitter, gatekeeper, purchaser, advisor.

Businesses that hope to play effectively in this incredibly fluid and fast-changing media environment had best get their minds around the personal nature of the shopper experience using mobile devices. When we discuss our strategy for personal media, the marketing mindset shifts in what I think is a constructive direction. Better decisions and practices must surely follow.

As for me, I have nothing against online friendships; but when it comes to business you may count me as anti-social. My reasons? Well, they’re personal.

© Copyright 2011 James Tenser

What Constitutes Compliance?

Is this shelf set correct?

IN MY ROLE as Director of the In-Store Implementation Network, the challenge of merchandising compliance is frequently addressed, from a variety of perspectives – both theoretical and solution-oriented.

Several recent conversations have centered on the question of measuring the accuracy of a shelf set; that is, its degree of compliance with the schematic or planogram. This is actually a non-trivial matter when seeking a practical solution. Since a planogram is a complex tool covering many details (items, facings, positioning, quantities, etc.) determining what data to measure, how often and to what end(s) requires a thoughtful process.

Our valued colleague Mike Spindler, CEO of ShelfSnap has championed this discussion in several items posted on the ISI Network LinkedIn Group page. He is one of the better thinkers we have on this topic, and his company offers a promising tool for digitally comparing an image of an actual shelf set with its associated planogram.

How Close is Close Enough?

If the comparison is “perfect” – that is, all item are present in their proper locations and quantities – we can safely declare that a shelf set is compliant with the plan. This is, however, a rare occurrence which probably exists only for a few minutes after the re-set work is correctly completed. The moment shoppers get to removing items into their baskets, perfect compliance begins to deteriorate. Darn those pesky shoppers!

As I like to say, the “half-life” of a typical shelf set is less time than it takes the re-set crew to leave the building. A slight exaggeration, maybe, but you get the point.

So when do retailers declare a merchandise set to be “out of compliance”? When 9% of items are out of stock (the industry average in grocery)? When 15% of items are present but mis-located? When the number of facings is off on more than 25% of items? Alternatively, what criteria define “in compliance”? All items present and accounted for? 90% of items in the correct place? 99% in-stock? How close is close enough?

Evidently, the ways a planogram can go wrong are numerous but not always numerical. More significantly, they are not easily recognized by human inspection. That is, compliance issues can be hard to spot without a scorecard in hand – and even then it takes concentration and focus and time. 

Compliance Shorthand

What if we could define a short-hand method instead – perhaps three to six yes/no metrics that could be taken as a proxy for overall compliance? ISI Network member Larry Dorr, a respected expert on retail merchandising and founder of Jaguar Retail Consulting, described an approach that is worthy of discussion.

He proposes measuring the condition of approximately five or six “destination” items for each category or major subcategory. These are often the highest-velocity items in their respective sections. “Measure the items adjacent to those items,” he says. “If those five and their adjacencies are in correct shape, then the set is probably in good shape overall. If two of the five items are off, you may assume a compliance problem.”

This approach offers economy, speed and ease of implementation. A limitation, he concedes, it that this doesn’t provide a measure of item distribution. While the five-item rule may deliver a directionally correct conclusion about planogram compliance, it may not help very much with gauging the performance of non-destination items.

Also worth noting is how the criteria for compliance may vary across different product categories and classes of trade. Our example above is drawn from a grocery/mass perspective. In specialty apparel and department stores, where color, size and style factor in, the definition and metrics for compliance will differ. Consumer electronics retailers will face their own compliance issues. 

Storecard Metrics Needed

So let’s grant that merchandising compliance is a slippery quantity using presently available methods. That doesn’t absolve practitioners from the requirement that they track and measure merchandising performance. In fact innovation in Shopper Marketing, segmentation and automated planograms only intensify the need.

We need creative thinking and some consensus on what constitutes compliance success; on what to measure, how and how often. The goal is to define some compliance best practices and incorporate the metrics into in-store scorecards – what I like to call storecards – that support and enable those practices.

Which leads me to offer this challenge: Use the comment form on this post or on the ISI LinkedIn Group to help us define: What constitutes merchandising compliance? How do you/should we measure it? What are the thresholds? How good is good? What’s the cost of good?

This could be the first step along the road to In-Store Implementation Best Practices. I look forward to reading your thoughts.

© Copyright 2010 James Tenser

Tenser to Lead NARMS Webinar: “Whose Store Is It, Anyway?”

THE DIRECTOR of the In-Store Implementation Network, James Tenser will pose this provocative question in a 60-minute Webinar hosted by NARMS, the National Association for Retail Merchandising Services.

The Webinar will take place at 1:00 PM Central on Thursday Oct. 28. Review the program here.

Currently some larger Merchandising Services Organizations and Sales/Marketing Agencies are offering proprietary Store Execution Management software to retailers as a value-add. The implications are complex, and they have potential to affect core business practices, including the establishment of what might be called “merchandising captains.”

Should retailers accept “free” SEM software provided by their MSOs and SMAs? Who gains? Who loses? Who should own the data? What other implications of this practice need to be examined for the best interest of our industry? Tenser will explore these issues and answer questions in a lively online program.

(Special Offer: NARMS normally charges guests $99.95 to attend its webinars, but has generously extended a discount price of $29.95 for ISI Network Members. To register, phone the NARMS office at 888-526-2767 and tell them you’re one of us.)

© Copyright 2010 James Tenser