Wal-Mart Stores, Inc. announced Jan. 11 it was closing 63 Sam’s Club stores around the country — reportedly including its Budd Lake, Linden and Princeton locations — and converting up to 12 of the impacted facilities to e-commerce fulfillment centers, according to a company statement.
The closures don’t mean the familiar Walmart and Sam’s Club brands are exiting the brick-and-mortar format — the company will still have 597 “club” outlets and close to 5,000 Walmart locations across the U.S.
Nevertheless, the Sam’s Club shutterings follow a slew of brick-and-mortar closures in 2017, including Sears Holding Corp.’s elimination of more than 350 Sears and Kmart stores. Another 45 Kmart and 18 Sears locations, including one in Philipsburg, reportedly will be closed by the end of this month.
The move to e-commerce, or online shopping, has been battering many retailers, but it’s also part of an “omnichannel” approach where sellers try to reach consumers in multiple ways, according to Natalie Kotlyar, leader of the retail and consumer products practice at professional services firm BDO.
“For at least five or six years, retailers have talked about omnichannel, but now they realize it’s not a luxury — instead, it’s a must-have,” she said. “We’re seeing more consumers go into a brick-and-mortar store to touch and examine a product, but then they’ll do price research on a mobile phone or other digital device, and make the purchase online. It’s important for retailers to be able to reach customers in the way the consumer wants. Personalization is a key concept and we see that as more e-tailers set up shop, but also as some online stores, like Amazon, set up brick-and-mortar locations to complement their e-commerce offerings.”
A BDO consumer survey indicates that about 80 percent of customers in the Northeast did some holiday shopping online, Kotlyar noted.
“Artificial intelligence and big data will help e-commerce providers to continue to attract customers. In fact, all retailers — brick-and-mortar and online — are aggregating data about consumers and putting it to good use. You could say that 2018 is the year of personalization, as retailers and e-tailers personalize communications, promotions and discounts.”
The thing is, e-commerce can gather a lot more data compared to a traditional retail environment. Consider a consumer who picks up an item, looks at it, but then puts it back on the shelf and walks away without buying anything. The odds are the missed transaction will slip under the radar of a bricks-and-mortar retailer.
“But an e-tailer can see what’s in your online shopping cart,” explained Kotlyar. “They can see what you bought and what you browsed. AI can analyze that and follow up by generating personalized offers — shaped by the person’s browsing and buying habits — to the individual consumer.”
But clickable convenience and personalized preferences aren’t the only issues that e-commerce providers need to consider, cautioned Michelle Schaap, a member of the West Orange-based law firm Chiesa Shahinian & Giantomasi PC.
“Cybersecurity and data protection are important issues,” said Schaap, who focuses on cybersecurity and corporate law. “At many websites, when you click on the checkout link, you are actually being seamlessly linked to PayPal or another third-party payment site. This raises legal issues of responsibility between the data controller and the processor.”
A data controller is generally defined as the person or organization who determines the purposes and means of processing personal data. The retailer determines that, for example, a customer’s name and credit card information should be collected and processed to complete a sale. The retailer may then directly, or through a third party, process the data to collect payment.
“If you’re a merchant who works with a third-party payment processing provider, it is important to engage in due diligence and ascertain that the proposed processor is complying with all applicable laws regarding personal data protection, as well as the Payment Card Industry Data Security Standards (PDI DSS), an industry-created set of voluntary rules designed to reduce credit card fraud,” warned Schaap. “If your provider is not complying with these standards and you suffer a data breach, your business, as the merchant of record and data controller, has significant liability exposure.”
She also said to carefully scrutinize your contract with the provider.
“Business owners often assume that they will be protected and indemnified by the processing provider for any provider lapse or error that results in a data breach,” she cautioned. “But if you scrutinize the contract, you may find a clause that absolves the third-party payment processor of any liability, even if the processing party was actually responsible. On an annual basis, you and your counsel should review your contract with your provider, and you should ask the third-party provider to share its policies and procedures for meeting its compliance obligations with applicable laws and PDI DSS.”
Businesses should also have a data incident response plan — including who gets notified of a breach, and how to handle media inquiries — before a breach occurs.
“If your customer data is compromised, your first call should be to your attorney,” Schaap counseled. “If you engage third parties directly — like a computer forensic expert — any information and/or reports resulting from the engagement may be discoverable in subsequent litigation. If you engage these experts through counsel, calling your lawyer first, then such communications and reports will likely be shielded by attorney-client privilege.”
Finally, she added, online retailers must take responsibility for their stated privacy policies on their websites.
Pointing to well-publicized breaches such as those that plagued brands like Target and Equifax, Schaap added “there are two kinds of companies: those that have been breached, and those that do not know it yet. Conducting online e-commerce requires diligence, transparency and preparedness.”
Top e-commerce tips from Michelle Schaap, a member of the West Orange-based law firm Chiesa Shahinian & Giantomasi PC: