Category Archives: retail

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites

As part of the ongoing research into cybercrime tools targeting users of financial services and e-commerce, IBM X-Force analyzes the tactics, techniques and procedures (TTPs) of organized malware gangs, exposing their inner workings to help diffuse reliable threat intelligence to the security community.

In recent analysis of IcedID Trojan attacks, our team looked into how IcedID operators target e-commerce vendors in the U.S., the gang’s typical attack turf. The threat tactic is a two-step injection attack designed to steal access credentials and payment card data from victims. Given that the attack is separately operated, it’s plausible that those behind IcedID are either working on different monetization schemes or renting botnet sections to other criminals, turning it to a cybercrime-as-a-service operation, similar to the Gozi Trojan’s business model.

IcedID Origins

IBM Security discovered and named IcedID in September 2017. This modern banking Trojan features similar modules to malware like TrickBot and Gozi. It typically targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites, and its attack turf is mainly the U.S. and Canada. In their configuration files, it is evident that IcedID’s operators target business accounts in search of heftier bounties than those typically found in consumer accounts.

IcedID has the ability to launch different attack types, including webinjection, redirection and proxy redirection of all victim traffic through a port it listens on.

The malware’s distribution and infection tactics suggest that its operators are not new to the cybercrime arena; it has infected users via the Emotet Trojan since 2017 and in test campaigns launched in mid-2018, also via TrickBot. Emotet has been among the most notable malicious services catering to elite cybercrime groups from Eastern Europe over the past two years. Among its dubious customers are groups that operate QakBot, Dridex, IcedID and TrickBot.

Using ATSEngine to Orchestrate Attacks on E-Commerce Users

While current IcedID configurations feature both webinjection and malware-facilitate redirection attacks, let’s focus on its two-stage webinjection scheme. This tactic differs from similar Trojans, most of which deploy the entire injection either from the configuration or on the fly.

To deploy injections and collect stolen data coming from victim input, some IcedID operators use a commercial inject panel known as Yummba’s ATSEngine. ATS stands for automatic transaction system in this case. A web-based control panel, ATSEngine works from an attack/injection server, not from the malware’s command-and-control (C&C) server. It allows the attacker to orchestrate the injection process, update injections on the attack server with agility and speed, parse stolen data, and manage the operation of fraudulent transactions. Commercial transaction panels are very common and have been in widespread use since they became popular in the days of the Zeus Trojan circa 2007.

Targeting Specific E-Commerce Vendors

In the attack we examined, we realized that some IcedID operators are using the malware to target very specific brands in the e-commerce sphere. Our researchers noted that this attack is likely sectioned off from the main botnet and operated by criminals who specialize in fraudulent merchandise purchases and not necessarily bank fraud.

Let’s look at a sample code from those injections. This particular example was taken from an attack designed to steal credentials and take over the accounts of users browsing to a popular e-commerce site in the U.S.

As a first step, to receive any information from the attack server, the resident malware on the infected device must authenticate itself to the botnet’s operator. It does so using a script from the configuration file. If the bot is authenticated to the server, a malicious script is sent from the attacker’s ATSEngine server, in this case via the URL home_link/gate.php.

Notice that IcedID protects its configured instructions with encryption. The bot therefore requires a private key that authenticates versus the attacker’s web-based control panel (e.g., var pkey = “Ab1cd23”). This means the infected device would not interact with other C&C servers that may belong to other criminals or security researchers.

IBM X-Force Research

Figure 1: IcedID Trojan receives instructions on connecting to attack server (source: IBM Trusteer)

Next, we evaluated the eval(function(p, a, c, k, e, r) function in the communication with the attack server and got the following code to reveal. Encoding is a common strategy to pack code and make it more compact.

IBM X-Force Research

Figure 2: IcedID code designed to set the browser to accept external script injections (source: IBM Trusteer)

This function sets the infected user’s browser to accept external script injections that the Trojan will fetch from its operator’s server during an active attack.

The following snippet shows the creation of a document object model (DOM) script element with type Text/javascript and the ID jsess_script_loader. The injection’s developer used this technique to inject a remote script into a legitimate webpage. It fetches the remote script from the attacker’s C&C and then embeds it in a script tag, either in the head of the original webpage or in its body.

Taking a closer look at the function used here, we can see that it loads the script from the home_link of the ssid= of the infected user’s device, along with the current calendar date.

IBM X-Force Research

Figure 3: IcedID code designed to inject remote script into targeted website (source: IBM Trusteer)

Steps 1 and 2: JavaScript and HTML

To perform the webinjection, an external script, a malicious JavaScript snippet, is charged with injecting HTML code into the infected user’s browser. Using this tactic, the malware does not deploy the entire injection from the configuration file, which would essentially expose it to researchers who successfully decrypt the configuration. Rather, it uses an initial injection as a trigger to fetch a second part of the injection from its attack server in real time. That way, the attack can remain more covert and the attacker can have more agility in updating injections without having to update the configuration file on all the infected devices.

In the example below, the HTML code, named ccgrab, modifies the page the victim is viewing and presents social engineering content to steal payment card data. This extra content on the page prompts the victim to provide additional information about his or her identity to log in securely.

IBM X-Force Research

Figure 4: IcedID tricking victim with webinjection (source: IBM Trusteer)

The malware automatically grabs the victim’s access credentials and the webinjection requests the following additional data elements pertaining to the victim’s payment card:

  • Credit card number;
  • CVV2; and
  • The victim’s state of residence.

Once the victim enters these details, the data is sent to the attacker’s ATSEngine server in parsed form that allows the criminal to view and search data via the control panel.

IBM X-Force Research

Figure 5: Parsed stolen data sent to attacker’s injection server (source: IBM Trusteer)

Managing Data Theft and Storage

The malicious script run by the malware performs additional functions to grab content from the victim’s device and his or her activity. The content grabbing function also checks the validity of the user’s input to ensure that the C&C does not accumulate junk data over time and manages the attack’s variables.

IBM X-Force Research

Figure 6: Malicious IcedID script manages data grabbing (source: IBM Trusteer)

Once the data from the user is validated, it is saved to the C&C:

IBM X-Force Research

Figure 7: Saving stolen data to attack server logs (source: IBM Trusteer)

Injection Attack Server Functions

The attack server enables the attacker to command infected bots by a number of functions. Let’s look at the function list that we examined once we decoded IcedID’s malicious script:

Function name



Checks for frames on the website to look for potential third-party security controls.


Validates that payment card numbers are correct. This function is likely based on the Luhn algorithm.


The main function that sets off the data grabbing process.


Adds new logs to the reports section in the attack server.


Writes logs to the attack server after validation of the private key and the victim’s service set identifier (SSID). This is achieved by the following script: getData(gate_link + a + “&pkey=” + urlEncode(pkey) + “&ssid=” + b, b)

The attack server enables the operator to use different functions that are sectioned into tabs on the control panel:

  • Accounts page functions — shows the account pages the victim is visiting with the infected user’s credentials.
  • Content variables — includes report generation, account page controls, pushing HTML content into pages the victim is viewing, and a comments module to keep track of activity.
  • Private functions to get HEX and decode.
  • Main page functions.
  • Comments global.
  • Reports global.

Figure 8 below shows the layout of information about functions used on a given infected device as it appears to the attacker using the ATSEngine control panel:

IBM X-Force Research

Figure 8: Attacker’s view from the control panel that manages stolen data (source: IBM Trusteer)

Data Management and Views

The ATSEngine control panel enables the attacker to view the active functions with a time stamp (see Figure 8). The following information is retrieved from the victim’s device and sent to the attack server:

  • Last report time from this infected device;
  • Victim’s IP Address;
  • Victim’s attributed BotID;
  • Victim’s login credentials to the website he or she is visiting;
  • Additional grabbed data from webinjection to the target page, including the victim’s name, payment card type, card number and CVV2, and state of residence; and
  • Comments section inserted by the attacker about the particular victim and his or her accounts.

A view from the control panel displays essential data in tables, providing the attacker with the victim’s login credentials to the targeted site:

IBM X-Force Research

Figure 9: Stolen account information parsed on control panel view (source: IBM Trusteer)

Sectioned IcedID Botnet

Following the analysis of IcedID’s injections and control panel features, our researchers believe that, much like other Trojan-operating gangs, IcedID is possibly renting out its infrastructure to other criminals who specialize in various fraud scenarios.

The control panel, a common element in online fraud operations, reveals the use of a transaction automation tool (ATS) by IcedID’s operators. This commercial panel helps facilitate bot control, data management and management of fraudulent activity. The panel of choice here is a longtime staple in the cybercrime arena called the Yummba/ATSEngine.

Fraud scenarios may vary from one operator to another, but IcedID’s TTPs remain the same and are applied to all the attacks the Trojan facilitates. As such, IcedID’s webinjections can apply to any website, and its redirection schemes can be fitted to any target.

Sharpened Focus in 2019

While some Trojan gangs choose to expand their attack turf into more countries, this requires funding, resources to build adapted attack tools, alliances with local organized crime and additional money laundering operations. In IcedID’s case, it does not appear the gang is looking to expand. Ever since it first appeared in the wild, IcedID has kept its focus on North America by targeting banks and e-commerce businesses in that region.

In 2018, IcedID reached the fourth rank on the global financial Trojan chart, having kept up its malicious activity throughout the year.

IBM X-Force Research

Figure 10: Top 10 financial Trojan gangs in 2018 (source: IBM Trusteer)

In 2019, our team expects to see this trend continue. To keep up on threats like IcedID, read more threat research from the X-Force team and join X-Force Exchange, where we publish indicators of compromise (IoCs) and other valuable intelligence for security professionals.

The post IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites appeared first on Security Intelligence.

Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand

Another holiday shopping season has ended, and for exhausted online consumers, this alone is good news. The National Retail Federation (NRF), the world’s largest retail trade association, reported that the number of online transactions surpassed that of in-store purchases during Thanksgiving weekend in the U.S. Online shopping is a growing, global trend that is boosted by big retailers and financial institutions.

However, according to a Javelin Strategy & Research study, many consumers remain skeptical about the security of online shopping and mobile banking systems. While 70 percent of those surveyed said they feel secure purchasing items from a physical store, the confidence level dropped to 56 percent for online purchases and 50 percent for mobile banking. How can retailers increase customer trust toward online transactions?

Security Versus Convenience: The Search for Equilibrium Continues

When we register for online services, we implicitly balance security and convenience. When we’re banking and shopping online, the need for security is greater. We are willing to spend more time to complete a transaction — for example, by entering a one-time password (OTP) received via SMS — in exchange for a safer experience. On the other hand, convenience becomes paramount when logging into social networks, often at the expense of security.

App or account types respondents cared most to protect

(Source: IBM Future of Identity Study 2018)

A growing number of users are finding the right balance between convenience and security in biometric authentication capabilities such as fingerprint scanning and facial recognition. Passwords have done the job so far, but they are destined for an inexorable decline due to the insecurity of traditional authentication systems.

According to the “IBM Future of Identity Study 2018,” a fingerprint scan is perceived as the most secure authentication method, while alphanumeric passwords and digital personal identification numbers (PINs) are decidedly inferior. However, even biometrics have their faults; there is already a number of documented break-ins, data breaches, viable attack schemes and limitations. For instance, how would facial recognition behave in front of twins?

The Future of Identity Verification and Multifactor Authentication

Multifactor authentication (MFA) represents a promising alternative. MFA combines multiple authentication factors so that if one is compromised, the overall system can remain secure. The familiar system already in use for many online services — based on the combination of a password and an SMS code to authorize a login or transaction — is a simple example of two-factor authentication (2FA).

Authentication factors that are not visible, such as device fingerprinting, geolocation, IP reputation, device reputation and mobile network operator (MNO) data, can contribute substantially to identity verification. Some threat intelligence platforms can already provide most of this information to third-party applications and solutions. These elements add context to the user and device used for the online transaction and assist in quantifying the risk level of each operation.

The new available features open the way to context-based access, which conditions access to the dynamic assessment of the risk associated with a single transaction, modulating additional verification actions when the risk level becomes too great.

Existing technologies for context-based access allow security teams to:

  • Register the user’s device, silently or subject to consent, and promptly identify any device substitution or attempt to impersonate the legitimate device;
  • Associate biometric credentials to registered devices, thus binding the legitimate device, user and online application;
  • Spot known users accessing data from unregistered devices and require additional authentication steps;
  • Move to passwordless login, based on scanning a time-based QR code without typing a password;
  • Verify the user presence, limiting the effectiveness of reply attacks and other automated attacks;
  • Use an authenticator app to access online services with 2FA that leverages the biometric device on the smartphone, such as the fingerprint reader, and stores biometric data only on the user’s device;
  • Use advanced authentication mechanisms, such as FIDO2, which standardizes the use of authentication devices for access to online services in mobile and desktop environments; and
  • Calculate the risk value for a transaction based on the user’s behavioral patterns.

Combining all these elements, context-based access solutions conduct a dynamic risk assessment of each transaction. The transaction risk score, compared against predefined policies, can allow or block an operation or request additional authentication elements.

Get Your Customers Excited About Security

The aforementioned “IBM Future of Identity Study 2018” revealed clear demographic, geographic and cultural differences regarding the acceptance of authentication methods. It is therefore necessary to favor the adoption of next-generation authentication mechanisms and other emerging alternatives to traditional passwords.

Imposing a particular method of identity verification in the name of improved security can lead to user frustration, missed opportunities and even loss of customers. Instead, you should present new authentication mechanisms as more practical and convenient — that way, your customers will perceive it as a step toward innovation and progress rather than an impediment. If your authentication method feels “cool,” your users will be more excited to show it to colleagues and friends and less frustrated with a clunky login experience. You may even want to consider offering a wide range of authentication options and letting your users choose which they prefer.

Multifactor authentication is here to stay as traditional passwords lose favor with both security professionals and increasingly privacy-aware customers. If retailers can frame these new techniques in a way that gets users excited about security, the future of identity verification in the industry looks bright.

The post Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand appeared first on Security Intelligence.

The Success of Your Business Depends on Digital Trust. Here Is How to Measure It

Most people can name a recent example of online data being compromised, and consumers have become more concerned about how organizations protect their data. Whether the data in question is a physical location, credit card numbers or buying preferences, modern, tech-savvy consumers are thinking long and hard about digital trust risks and the privacy of their data.

“It’s not now just about price, feature, and benefits, it’s not even about history and legacy, it is about trust,” said researcher Mark McCrindle on behalf of Blackmores, an Australian vitamin company, according to CMO. “Every brand must build and maintain trust, particularly because the customer is more skeptical and empowered.”

In This Article

The Consumer Confidence Crisis

Consumer confidence in brands has dropped to a historic low. According to the “2018 Edelman Trust Barometer,” 7 in 10 industries are solidly in “distrust territory.” Customers are increasingly aware that their decision to share personal data with brands could have significant implications, and new legislation backs the customer’s right to opt out of untrustworthy brand engagements.

As organizations work to build customer-focused, digital business models, it’s critical to consider the role of trust and privacy in the customer journey. Delivering digital trust isn’t a matter of propping up a secure website or app, or avoiding a costly, embarrassing data breach. It’s about creating a digital experience that exceeds customer expectations, allows frictionless access to goods and services, and protects customers’ right to privacy while using the data they share to create customized, valuable experiences.

Learn how to deliver digital trust

Why Failure to Build Trust Is Risky

There are clear risks facing organizations that fail to deliver trust-inspiring digital experiences. The staggering reputational costs to brands that suffer a data breach underline how easily trust is broken and how difficult it can be to restore. However, even without security incidents, there could be significant consequences for brands that don’t transform the customer experience.

Customers who experience friction as part of the digital experience may choose to go elsewhere, impacting profitability. Brands that lack transparent data privacy practices could struggle to build strong customer relationships if the consumer feels that the interaction is “sketchy” or too invasive. There’s also risk for the organization: If it can’t tell the difference between legitimate customer transactions and costly fraud, it may throw up frustrating security barriers or risk loss due to account compromise or other fraudulent activities.

How to Measure Digital Trust With Business Outcomes

“Digital trust is not a method, product or service,” wrote IBM security orchestration, automation and response leader Matthew Konwiser. “It’s a philosophy that acknowledges why … businesses stay in business; their clients trust them.”

Digital trust can be measured in business outcomes. While these aspects are more complex than security metrics or compliance, they are critical. Digital trust results from a shift in how the organization approaches the customer journey, which can be measured in the following business outcomes.

Outcome No. 1: Build User Trust

Organizations should transform digital customer experiences to create a secure and seamless customer journey across digital products. This reinforces customer trust while providing internal visibility into customer behavior. Increased trust should result in greater customer loyalty and greater share of wallet.

Outcome No. 2: Drive Growth

Organizations that focus on digital trust continuously work to improve user experience and strengthen internal security safeguards. By utilizing security solutions that assess risk and only add verification when needed, there are fewer false positives and security teams can focus where needed. Automation and authentication based on risk scoring can streamline customer access and reduce workload for already over-tasked IT/security staff.

Outcome No. 3: Create Efficiency

Brands should continuously work to offer an improved user experience and strengthen internal security safeguards. Leaders at trust-driven organizations prioritize operational efficiency gains and risk reduction.

Why You Should Shift to a Trust-Focused Model

While digital trust isn’t the exclusive goal or responsibility of the security department, the CISO is a diplomat in the transformation process. At a trust-focused organization, security risk is recognized as business risk. Business leaders should actively support the need for persistent visibility into digital customer behavior, even as the cybersecurity team works to strengthen safeguards against threat actors and data privacy risks.

Trust should feel seamless for trusted customers with barriers only appearing to threat actors. Cognitive solutions and analytics can provide visibility into a customer’s movements across digital platforms and identify risks by comparing real-time data to a baseline of known threats. When an abnormal pattern of customer logins, transactions or behavior is identified, the system should automate an immediate response to further authenticate users or isolate risks.

The process of delivering digital trust is about more than security and technology, however. It’s a shift in leadership that places the customer experience at the center of digital transformation. Trust-focused organizations adopt design thinking processes to create digital products based on the customer journey and architect secure DevOps. Baked-in security offers greater assurance against risks and creates a more seamless digital experience across channels.

Empathy Is at the Core of Trust Delivery

Digital trust is a moving target, like any other strategic business goal. Your organization can’t rely on stagnant strategies to grow profitability or address risks. To build lasting customer relationships, organizations must understand that trust is a dynamic pursuit that requires agility.

Empathy toward the customer is at the core of trust delivery. As customer attitudes about privacy and behaviors shift, enterprise practices and technology must keep up with evolving data privacy threats, compliance requirements and client behaviors. The importance of trust is unlikely to diminish, but delivering trust-inspiring customer experiences requires a culture of design thinking, continuous improvement and security by default.

Read the e-book: Deliver Digital Trust

The post The Success of Your Business Depends on Digital Trust. Here Is How to Measure It appeared first on Security Intelligence.

Microsoft at NRF: Delivering on the promise of intelligent retail

A few days from now, retailers from around the world will converge in New York for the National Retail Federation (NRF) Big Show, the world’s largest retail conference. Every year, this event feels like a fresh beginning for retailers; just off their busiest time of year, they’re ready to not only celebrate but also reflect on what went well and improvements for next year. And every year, it feels like the stakes have never been higher – changing consumer demands combined with a retail model that’s constantly in flux creates an urgency to figure out what’s next.

I love coming to NRF. I joined Microsoft about five months ago, but I’m a retailer at heart. I literally grew up in retail, spending weekends at grocery stores with my dad rearranging coffee cans as part of our family business. Later I ran CRM and digital marketing for Gap Inc.’s brands. Now, I’m feeling even closer to retailers today than ever because I’m working for a company committed to building and maintaining retailers’ trust, working together to deliver intelligent solutions that help retailers delight shoppers, empower their employees, transform their supply chains and reimagine their businesses.

Given my retail background, I particularly appreciate Microsoft’s commitment to be a good partner by recognizing that retailers’ customers, employees and data belong to them. We want to put retailers in control of the pieces they need to make their businesses wildly successful for years to come.

So how is Microsoft delivering on that promise?

Bringing customer-first innovation to market

At Microsoft, we look to bring to market products and services that work seamlessly together to help retailers do more and take advantage of the latest technologies like AI, machine learning and IoT across the entire organization. Leading retailers are already using the Microsoft Cloud as a competitive differentiator, from using AI to create transformative customer and employee experiences, to embracing IoT to leverage their supply chains for maximum customer impact, to using cloud-based business applications to manage everything from the customer journey to operations. In an industry experiencing accelerating change, Microsoft and its partners are creating the solutions to help our customers keep up.

Empowering employees with the right tools is an area I think is especially ripe for innovation. For example, Firstline Workers, such as retail associates, are the first point of contact between a company and its customers or products, and are the lifeblood of the retail industry. They represent a retailer’s brand and need better access to resources and expertise to deliver great customer experiences and drive the bottom line. There’s also a huge opportunity to give these employees a more streamlined experience at work by modernizing some of the busy work that takes time away from customer service, such as scheduling and task management.

That is why I’m excited to announce new capabilities in Microsoft Teams for Firstline Workers. A new customizable mobile Teams experience makes it easy for them to connect with anyone in the organization and access just the apps and services they need while on the job. It includes features like the ability to share location and a smart camera.  We are also announcing a new API to connect Teams to workforce management systems so employees no longer need to login to different systems, but can access everything in Teams as a hub for their workday. Finally, a new Praise tool makes it easy for managers and employees to recognize their peers and build a culture of teamwork.

Microsoft built all this innovation to help retail employees and other Firstline Workers get out of the backroom and onto the store floor, interacting with customers, creating great experiences and building loyalty. As always, it all comes back to the customer.

Putting our trusted business model to work for our customers

I’m proud to say retailers are already realizing the value in working with us and our partners to drive success. Just in the past few months, we’ve announced incredible partnerships with some of retail’s biggest names, including Starbucks, Walmart and – one that’s particularly close to my heart – Gap, Inc. And just this week, we announced a partnership with Kroger to power a new connected-experience store pilot and jointly bring digital solutions to market that will empower other retailers to transform their own operations and create their own amazing customer experiences.

For each of these customers, we’re bringing to bear our technology and our brightest retail minds to help them build a foundation for success in this ever-changing market.

We don’t just sell another commodity to retailers. Our superpower is bringing together our global network of partners to work side-by-side with retailers and understand their greatest challenges and opportunities. Together, we go beyond simply finding solutions – we’re redefining categories and establishing new business models. This is how we’re enabling intelligent retail – by offering the best-in-class solutions and industry expertise that’s helping retailers know their customers better, empower their people in new ways, deliver on an intelligent supply chain and reimagine retail.

I’m excited to highlight many other retail brands in our booth at NRF that are working with Microsoft and our partners to embrace intelligent retail:

  • On the heels of this week’s news, I’m excited to showcase Kroger’s Microsoft Azure-powered Retail as a Service (RaaS) offering to NRF attendees. The solutions are not only enabling Kroger to transform the grocery experience for its customers with a personalized guided shopping experience, but are also opening a completely new revenue stream for Kroger, as they partner with us to market the solutions to other retailers. Centered around Kroger’s EDGE Shelf, which uses digital displays instead of traditional paper tags to indicate everything from prices and promotions to nutritional and dietary information, RaaS connects the shelf to the company’s Scan, Bag, Go® to create a unique guided shopping experience for customers.
  • Starbucks is using Azure Sphere within select equipment to enable its partners (employees) more opportunity to engage with customers. This includes everything from beverage consistency, waste reduction, the management of energy consumption and predictive maintenance.
  • Arts and crafts supply store Michaels is working with Microsoft partner TokyWoky to identify potential ambassadors online and leverage their knowledge and expertise to build a digital community of makers. Using Microsoft Azure, Azure AI and Power BI, TokyWoky’s 24/7 chat technology helps retailers like Michaels provide their customers with a human, personalized experience that’s not restricted by the size of its customer service workforce. TokyWoky’s platform encourages customers to assist and answer questions from other customers, all within the Michaels site, resulting in four- to six-times more questions being answered than before. The solution also creates continuous user-generated content across, which helps to drive trust and conversion.
  • Goodwill of Central and Northern Arizona (GCNA) partnered with DXC Technology to implement Microsoft Dynamics 365 as its retail management and Point of Sale (POS) solution. DXC’s Dynamics-based solution enables GCNA to collect detailed information on the items it sells. This is combined with category detail on items its stores produce from donated goods (collected from a GCNA proprietary and custom application) to maximize revenue. This is especially important for GCNA, whose revenue directly funds its mission – to empower individuals, strengthen families, and build stronger communities, and move towards its vision – to end poverty through the power of work.
  • Italian luxury lifestyle brand Stefano Ricci is using partner SBSoft’s Dynamics-based CRM4Retail solution to give employees a high-level view of information to help them provide the white-glove experience its shoppers expect. Online, the database produces recommendations based on how customers are navigating the website. The application for stores helps retail employees understand and anticipate customer needs and answer customer questions in a matter of seconds. It also assists in the development of targeted, data-driven campaigns and promotions.
  • Wine and liquor store BevMo! has partnered with Fellow Inc. to use its Fellow Robots to connect supply chain efficiency with customer delight. Delivered using Power BI and powered by Microsoft Azure, Azure AI and Azure Machine Learning, the robot provides perfect product location using image recognition and utilizes suggestive selling to offer customers different types of products and integrate point of sale interactions. A new integration point from Fellow to the “My Retailer app” of each retailer helps customers locate their favorite items in the store and suggests other items the customer may like. BevMo! is also using Microsoft’s intelligent cloud solutions to empower its store associates for better customer service.
  • Retailers such as children’s clothing brand Polarn O Pyret is turning to the Unified Commerce Alliance(UCA) solution – powered by Azure AI and data platform and Dynamics 365 for Retail, in addition to partner-driven solutions from Avensia Storefront, Episerver and InRiver PIM – to help them reimagine retail by joining and sharing data and business logic from different systems and channels through a single, secure and scalable system in the Azure cloud. The UCA cloud solution provides one source of truth across all retail functionality – POS, pricing, campaign, stock and warehouse management. This one-stop shop provides everything a retailer needs to manage all digital store experiences, online and offline.

Connect with us at NRF

Microsoft will have a big presence at NRF including 20 solution demos in our booth, sessions led by our retail experts and tours of our own Microsoft Store to show how Microsoft runs on Microsoft – and if you plan to be there, come see us! Visit us in booth #3301 to experience for yourself the solutions and customer stories I mention above, or attend one of our sessions on the show floor – I’m leading a Big Ideas session where I’ll talk about what we learned over the holiday season and chat with retailers you know and love about how they’re working with Microsoft to create amazing experiences for their customers. In addition, myself and my colleague Alysa Taylor, Corporate Vice President for Business Applications and Industry Marketing, will be one of several “women rocking retail” to participate in The Girls’ Lounge at NRF (Microsoft is also a sponsor!) And don’t miss Chris Capossela, our Chief Marketing Officer, as he leads a session on Tuesday highlighting the importance of brand. And of course, you can visit Microsoft’s NRF page to keep up to date on the latest news developments.

Despite retail’s breakneck rate of change, there’s never been a more exciting time to be a retailer. I’m excited to be a part of it, bringing Microsoft’s solutions and trusted business model to my retail colleagues around the world. And I’m here to tell every retailer: if we don’t have a solution for your business, we – along with our hundreds of global partners – will build it for you. I can’t wait to see what we’ll create together.


The post Microsoft at NRF: Delivering on the promise of intelligent retail appeared first on The Official Microsoft Blog.

Retails’ Nightmare Before Christmas

With the stresses of Black Friday and Cyber Monday shopping behind us, the holiday shopping season of 2018 has almost come to a close. However, despite all of the holiday cheer, something more sinister may be lurking on the horizon – a 14% increase in fraud attempts. This year, holiday shoppers were expected to spend a record $7.8 billion on the deals offered during Cyber Monday, simultaneously aligned with the peak of fraud attempts – as fraudsters are on the edge of their seat, waiting to take a hold of consumers’ financial details.

As cross channel fraud continues to grow, fraudsters are most likely to target shoppers via in-store traditional and online channels; however, the latest option to buy online and pick up in-store has proved to be inviting as well. Additionally, the increasing number of consumers purchasing high ticket items this holiday, i.e. smartphones and other tech devices, has also driven the average fraud ticket upward. These are not the only channels being impacted by fraudsters – recent studies have also identified fraudsters directing their aim the call center.

On another hand, the growing popularity of smart speakers has opened more doors for shopping capabilities, and by default, opened more doors for fraud. Out of voice device users, 29% are already utilizing them for shopping, with an additional 41% expected to join the trend.

Whether involving the call center, online or traditional channels, some retailers are stepping up their efforts to stop fraud, with three-fifths surveyed stating they are allocating resources to investigating and addressing fraud during the holidays especially.

For more information, check out our on-demand webinar: The Voice Trends and Fraud in Retail.

The post Retails’ Nightmare Before Christmas appeared first on Pindrop.