If you believe, as I do, that selling gift cards is good for your business, then how can you sell more of them?

The first thing you need to do is get them out of the drawer and near the register where people can see them. Your customers shouldn't have to ask you if you have gift cards.

Next, give your customers some packaging options to help them personalize their gifts. A Happy Birthday carrier is a must, as is a Christmas, Hanukkah, and/or generic Holiday carrier during the holiday season. Depending on the type of store you have, you may want to offer different styles and colors that would appeal to men, women, and/or kids. Notice that I am mentioning varieties of carriers here, not varieties of cards. You don't have to spend a fortune to get good results with gift cards. I recommend that you invest in a classy-looking card that represents your store, and a variety of generic carriers for packaging options.

Gift card tins, boxes, and/or bags can make the idea of purchasing a gift card even more appealing and also help you increase profits. While you might include a carrier in the cost of the gift card, you can charge extra for fancier packaging options.

Finally, make sure your gift cards and packaging are attractively displayed.


I believe gift cards are one of the most under-rated and under-marketed tools available to retailers today.
Did you know that Starbucks sold 1.3 billion dollars in gift cards during the last holiday season? That apparently amounts to 25% of its sales during that period. Imagine how much better your cash flow would be if the average cost of goods sold for 25% of your sales was less than a dollar!

To be sure, most of those gift cards will eventually be redeemed, but that's okay, too, because:

  • You get to use the money, interest-free, until the cards are redeemed.
  • Each gift card has the potential to introduce a new customer to your store, or re-introduce an existing customer to what you have to offer, at very little cost to you.
  • Customers typically spend more than the value of their gift cards when they redeem them, leading to increased sales.

Then, there are the cards that are never redeemed. You get to keep the profit on those. Even if that only amounts to a few cards, it will at least help cover your card issuing costs.

If you think you should give up on plastic gift cards and just wait for the electronic ones to be more common, I urge you to think again. Electronic gift cards are forecast to be less than 4% of total gift card sales this year.

Next week, I'll offer some suggestions on how to increase gift card sales through better marketing.


As I explained last week, mobile Point-of-Sale is a great tool for increasing sales. But, if you don't have it now, where do you begin?

The first step is to make sure that your existing P.O.S. system supports mobile P.O.S., or that it supports an interface to a mobile P.O.S. system. If it doesn't, then you won't be able to consolidate sales or inventory for your mobile transactions. That makes the investment in mobile technology a lot less appealing.

Assuming your system supports mobile P.O.S., the next step is to make sure you have the infrastructure in place to support communications between your mobile system and your main P.O.S. system. Most mobile systems communicate via a wireless connection. That means you need to use the system within wireless range of your server (or within wireless range of an internet connection, for cloud-based systems). Even if you already have wireless access in one part of your store, you may have to add one or more wireless access points to extend that coverage to other areas. This is especially likely for stores that cover a large area (e.g. garden centers) or stores with walls that block the wireless signals.

If you are going to use your mobile system at an off-site location, then that location either needs to have reliable network access, or your mobile system needs to be able to run using a cellular connection or no connection at all. Depending on the type of remote access your mobile system uses, an upgrade to the firewall at your server site might also be necessary.

If much of this information went right over your head, don't worry.  The real place to begin is with your P.O.S. system vendor.  He/she should be able to guide you through the process.  If you don't have an existing P.O.S. vendor or you're looking to upgrade to a system that offers mobile P.O.S., please give me a call!

206.624.7854, extension 701
Mobile Point-of-Sale is no longer a novelty. More and more retailers are embracing this technology and the reason is simple. It increases sales! Here's how:
  1. It expands your sales territory, exposing you to new customers. Take your merchandise and your mobile P.O.S. system to vendor fairs, sidewalk sales, farmer's markets, and music and sporting events. Mobile P.O.S. is also perfect for pop-up stores!
  2. It makes it easier for customers to complete their purchases. Mobile P.O.S. is great for line-busting during peak selling seasons, and may also be a less expensive alternative than adding full P.O.S. stations to other departments in your store.
  3. In some cases, mobile P.O.S. allows you to spend more time with your customer, which can give you more influence over his or her buying decisions. For example, you could use it in a garden center when a new homeowner comes in looking for landscaping ideas, or to provide a "personal shopper" experience in a clothing store.
If you've been considering mobile point-of-sale but don't know where to begin, I'll offer some advice on that next week.


If you are like most retailers, you invest quite a bit of money in advertising, in order to get shoppers to come to your store.  Once you get them there, you want them to purchase something, of course.  Better yet, you'd like them to come back and purchase even more items from you in the future.

I recently came across a great article on how to keep those customers coming back:

Let me know what you think!


I've covered several different technologies related to credit card security over the last few weeks.  Which ones should you implement and when?

I recommend implementing point-to-point / end-to-end encryption first.  This virtually eliminates the potential for large-scale theft of credit card data from your system.  It will likely require an update to your POS software and/or processing gateway and all new payment terminals, so it is not an inexpensive option, but it is well worth the investment.  Check with your software provider to determine if and when the new technology will be available for your system.

The second most helpful technology is EMV / Smart Card technology. However, it only stops invalid card numbers from being used; it doesn't stop them from being stolen.  So, it offers more protection for the consumer than the merchant.  Also, it won't be generally available until sometime next year, and a lot can happen within a year.

I think tokenization is the least valuable of these technologies right now, although I believe it will become more important once point-to-point encryption becomes more widespread.  Ideally, it will be implemented in conjunction with P2PE, for maximum protection.


As mentioned below, there are a couple of ways to prevent data breaches once the card numbers get to your point-of-sale software.  The one hole that we haven't yet addressed is how to protect it before it gets to your software.

Point-to-Point Encryption (P2PE), also called End-to-End Encryption (E2EE), is the solution for that problem.  With this technology, the payment terminal is no longer an independent device that exchanges data with the POS software.  Instead, it is controlled by the POS software and/or credit card gateway, which allows it to encrypt the card number at the payment terminal and then maintain that encryption all the way through.  Ideally, this encryption will be implemented for card data scanned through the credit card reader, as well as for card numbers manually entered through the payment terminal keypad. 

The beauty of this technology is that it eliminates the potential for malware to grab credit card data between the time it is scanned or entered, and the time it reaches the POS software.  In fact, it is so effective that it has the potential to actually reduce a merchant's scope for PCI compliance!

Next week, I'll go over how all of these technologies fit together and offer some advice on what to do with all of this information.


Tokenization is another technology you may be hearing more about.  It is a more secure method of storing credit card numbers.

PCI-compliant systems are not allowed to store or transmit actual credit card numbers.  These numbers have to be disguised somehow.  The most common method of disguising credit card numbers is to encrypt them, but
tokenizing them is even better.

Whereas encryption applies a mathematical formula to the original card number to get the encrypted card number, a token is a randomly generated number that points to the storage location of the card number instead of the card number itself.  Ideally, that storage location would be a secure data vault managed by the credit card processor, the gateway provider or the point-of-sale provider.  Since a mathematical formula is used to encrypt credit cards, it is theoretically possible that you could crack the encryption code if you could figure out the formula.  Tokens are safer because there is no way to tie the token back to the original card number unless you have access to both the location that has the card number and the software that ties the card number to the token.

This technology is definitely an improvement over encryption, but most of the recent data breaches have not been caused by cracked encryption codes.  It is much easier for hackers to install malware to catch card numbers before they get to the point of encryption or tokenization.  I'll write about how to prevent that next week.

Since the Target breach last year, there has been a lot of talk about EMV or "Smart" cards.  These are also called "Chip" cards.  The biggest difference between these credit cards and magnetic stripe cards is that they have an embedded microprocessor in them.  This allows the card to actually communicate with the payment terminal, instead of passively allowing its information to be read by a magnetic stripe reader.

The biggest advantage to these cards is that they can't be counterfeited, which reduces the incentive to steal credit card numbers in the first place.

Chip cards also contain information indicating the level of cardholder verification that is required for the card under different conditions.  EMV payment terminals can then use this information to determine whether or not to authorize a transaction, even for transactions entered in offline mode.

EMV cards that require a pin number (Chip & Pin) are more secure than Chip & Signature cards, but both are a big improvement over traditional magnetic stripe cards.  This technology is already in use in over 80 countries and many have seen a dramatic reduction in credit card fraud, as a result.

The current deadline for retailers to be able to accept smart cards is October of 2015.  That is when credit card issuers plan to shift the liability for credit card fraud to merchants who don't use this technology.  However, most smart cards will also have magnetic stripes, in case they need to be used in non-EMV payment terminals.  That will probably be true for at least a few years because the deadline for gas stations to switch over is October of 2017.


This subject is back in the news again after P.F. Chang reported a possible breach yesterday.  So, I thought it might be helpful to explain how this can happen.

Almost all retailers in the U.S. process credit cards by reading the magnetic stripe on the back of the card.  There are four basic areas of vulnerability in this process:
  1. The card reader itself.  Bad guys have been known to attach "skimmers" to these devices which record the data as it is being swiped.  Since this requires physical access to the device in order to attach the skimmer, it is less common in a traditional retail store than it is in ATMs and gas stations, where the readers are unattended.
  2. The pathway between the card reader and the point-of-sale software.  Although with most POS software, it looks like the card numbers go directly into the POS program, they don't really.  Rather,  they get there through the operating system device handlers.  Recent breaches have occurred because someone was able to insert software into this pathway to capture credit card data as it goes by.  This software is typically called "malware," which is short for malicious software.  The scary thing about malware is that you don't necessarily have to have access to a computer in order to install it.  Once it gets to the computer, it can install itself.  So,it often arrives as an attachment to an email or an internet download.  It can also be copied to a computer from another local or remote computer, a USB stick or a CD.
  3. POS software.  Most reputable software packages store credit card numbers in a securely encrypted format; if they store the card numbers at all.  If your software is PA-DSS compliant, you don't have to worry about this area of vulnerability.
  4. The credit card processing gateway.  This is the route that your POS software uses to send credit card data through the internet to your credit card processor to authorize each charge.  Any reputable gateway product is going to securely encrypt card data for transmission.  If the gateway product you use is PA-DSS compliant or Visa-approved, then you don't have to worry about this vulnerability. 

Happily, there are new technologies coming that will significantly reduce the potential for data breaches.  Over the next few weeks, I'll provide more information on those technologies and also offer suggestions on how you can protect yourself in the meantime.