Please ensure Javascript is enabled for purposes of website accessibility

Retailers take ‘omnichannel’ approach

The move to e-commerce has forced traditional brick-and-mortar retailers like Walmart to take an "omnichannel" approach.-(DEPOSITPHOTOS)

Wal-Mart Stores, Inc. announced Jan. 11 it was closing 63 Sam’s Club stores around the country — reportedly including its Budd Lake, Linden and Princeton locations — and converting up to 12 of the impacted facilities to e-commerce fulfillment centers, according to a company statement.

Wal-Mart Stores, Inc. announced Jan. 11 it was closing 63 Sam’s Club stores around the country — reportedly including its Budd Lake, Linden and Princeton locations — and converting up to 12 of the impacted facilities to e-commerce fulfillment centers, according to a company statement.

The closures don’t mean the familiar Walmart and Sam’s Club brands are exiting the brick-and-mortar format — the company will still have 597 “club” outlets and close to 5,000 Walmart locations across the U.S.

Nevertheless, the Sam’s Club shutterings follow a slew of brick-and-mortar closures in 2017, including Sears Holding Corp.’s elimination of more than 350 Sears and Kmart stores. Another 45 Kmart and 18 Sears locations, including one in Philipsburg, reportedly will be closed by the end of this month.

Move toward personalization

The move to e-commerce, or online shopping, has been battering many retailers, but it’s also part of an “omnichannel” approach where sellers try to reach consumers in multiple ways, according to Natalie Kotlyar, leader of the retail and consumer products practice at professional services firm BDO.

“For at least five or six years, retailers have talked about omnichannel, but now they realize it’s not a luxury — instead, it’s a must-have,” she said. “We’re seeing more consumers go into a brick-and-mortar store to touch and examine a product, but then they’ll do price research on a mobile phone or other digital device, and make the purchase online. It’s important for retailers to be able to reach customers in the way the consumer wants. Personalization is a key concept and we see that as more e-tailers set up shop, but also as some online stores, like Amazon, set up brick-and-mortar locations to complement their e-commerce offerings.”

A BDO consumer survey indicates that about 80 percent of customers in the Northeast did some holiday shopping online, Kotlyar noted.

“Artificial intelligence and big data will help e-commerce providers to continue to attract customers. In fact, all retailers — brick-and-mortar and online — are aggregating data about consumers and putting it to good use. You could say that 2018 is the year of personalization, as retailers and e-tailers personalize communications, promotions and discounts.”

The thing is, e-commerce can gather a lot more data compared to a traditional retail environment. Consider a consumer who picks up an item, looks at it, but then puts it back on the shelf and walks away without buying anything. The odds are the missed transaction will slip under the radar of a bricks-and-mortar retailer.

“But an e-tailer can see what’s in your online shopping cart,” explained Kotlyar. “They can see what you bought and what you browsed. AI can analyze that and follow up by generating personalized offers — shaped by the person’s browsing and buying habits — to the individual consumer.”

E-commerce dangers abound

But clickable convenience and personalized preferences aren’t the only issues that e-commerce providers need to consider, cautioned Michelle Schaap, a member of the West Orange-based law firm Chiesa Shahinian & Giantomasi PC.

“Cybersecurity and data protection are important issues,” said Schaap, who focuses on cybersecurity and corporate law. “At many websites, when you click on the checkout link, you are actually being seamlessly linked to PayPal or another third-party payment site. This raises legal issues of responsibility between the data controller and the processor.”

A data controller is generally defined as the person or organization who determines the purposes and means of processing personal data. The retailer determines that, for example, a customer’s name and credit card information should be collected and processed to complete a sale. The retailer may then directly, or through a third party, process the data to collect payment.

“If you’re a merchant who works with a third-party payment processing provider, it is important to engage in due diligence and ascertain that the proposed processor is complying with all applicable laws regarding personal data protection, as well as the Payment Card Industry Data Security Standards (PDI DSS), an industry-created set of voluntary rules designed to reduce credit card fraud,” warned Schaap. “If your provider is not complying with these standards and you suffer a data breach, your business, as the merchant of record and data controller, has significant liability exposure.”

She also said to carefully scrutinize your contract with the provider.

The tax man gets closer

Consumers have embraced e-commerce because of convenience. But for many state and local authorities, there’s a troubling side to e-commerce: more than $10 billion in sales taxes due but uncollected may slip away each year.

“In 1992, the U.S. Supreme Court’s Quill v. North Dakota decision set down the rule that a state can only require a business to collect and remit sales tax if the business has a ‘substantial presence,’ or nexus, in that state,” explained Sean Aylward, vice chair of the Corporate and Securities Group of Chiesa Shahinian & Giantomasi PC, a West Orange-based law firm.

“In theory, if the seller doesn’t collect and remit sales tax, the end consumer is required to declare and remit it on their own income tax return,” he continued. “But many people don’t. A November 2017 report issued by the federal Government Accountability Office estimates that states missed out on $13 billion of sales taxes in 2017 alone.”

That could change, because the U.S. Supreme Court on Jan. 12 agreed to hear a challenge, lodged by South Dakota, to the Quill decision.

“There are arguments on both sides,” Aylward said. “Smaller e-commerce sellers say that compliance could be a huge burden, because some states tax certain goods and services while others don’t; and in addition to state sales tax, some municipalities levy their own sales tax.”

“Business owners often assume that they will be protected and indemnified by the processing provider for any provider lapse or error that results in a data breach,” she cautioned. “But if you scrutinize the contract, you may find a clause that absolves the third-party payment processor of any liability, even if the processing party was actually responsible. On an annual basis, you and your counsel should review your contract with your provider, and you should ask the third-party provider to share its policies and procedures for meeting its compliance obligations with applicable laws and PDI DSS.”

Businesses should also have a data incident response plan — including who gets notified of a breach, and how to handle media inquiries — before a breach occurs.

“If your customer data is compromised, your first call should be to your attorney,” Schaap counseled. “If you engage third parties directly — like a computer forensic expert — any information and/or reports resulting from the engagement may be discoverable in subsequent litigation. If you engage these experts through counsel, calling your lawyer first, then such communications and reports will likely be shielded by attorney-client privilege.”

Finally, she added, online retailers must take responsibility for their stated privacy policies on their websites.

“One company we work with had posted, at the top of its privacy policy on its website, ‘We guarantee your security.’ As we explained to our client when we redrafted their data privacy statement, not only can they not ‘guarantee’ security, even with the best of efforts, but this statement — which was not true or accurate — created further liability for a deceptive trade practice under the FTC Truth in Advertising Act.”

Pointing to well-publicized breaches such as those that plagued brands like Target and Equifax, Schaap added “there are two kinds of companies: those that have been breached, and those that do not know it yet. Conducting online e-commerce requires diligence, transparency and preparedness.”



Top Tips from a pro

Top e-commerce tips from Michelle Schaap, a member of the West Orange-based law firm Chiesa Shahinian & Giantomasi PC:

  • Be safe. Audit third-party e-commerce providers annually regarding their claimed data privacy protection policies and procedures to confirm their continued compliance with applicable law, and with the Payment Card Industry Data Security Standards.
  • Do your due diligence and review your e-commerce provider contracts and your stated privacy policy at least annually to understand your obligations and your provider’s, and to confirm that your statements regarding data collection and protection to your consumers are accurate and not misleading. 
  • Have a plan in place in case customers’ personal data is compromised. Some states require you to report any kind of security breach, including a successful ransomware attack, even if data is not exfiltrated or released. Further, if even one customer from Europe orders from your site, you also need to consider the mandates of the EU’s General Data Protection Regulation.
  • If your customer data is breached, don’t panic. Contact your counsel and put your data incident response plan into action.

NJBIZ Business Events

2022 NJBIZ Energy Panel Discussion

Tuesday, October 18, 2022
2022 NJBIZ Energy Panel Discussion

NJBIZ Best 50 Women in Business 2022

Wednesday, October 26, 2022
NJBIZ Best 50 Women in Business 2022

NJBIZ Business of the Year 2022

Tuesday, December 13, 2022
NJBIZ Business of the Year 2022