Diamonds in the rough: Retail jewelry stores take a hit.

As disruption wends its way through the retail marketplace, jewelers are the latest sector being upended.

In the world of retail, it makes total sense that e-commerce would be making certain sectors such as traditional bookstores a thing of the past. After all, the products they sell are identical to what’s available online — even down to the UPC barcode.

The only difference is a higher price tag – along with a few other impediments like store hours, the hassles of parking and the like.

But as time’s gone on, it’s become clear that the impact of e-commerce is affecting shopping behaviors in retail segments that might never have been thought to be susceptible.

Consider retail fine jewelry. If ever there was a segment where consumers could be expected to want to “see and feel” the merchandise prior to purchasing, it would seem to be this one.

However, a recent analysis by gem and jewelry industry specialist Polygon has found that the U.S. retail jewelry industry is reeling from the triple phenomenon of falling diamond prices, store closures and a liquidity crunch that has persisted since 2016.

Super-competitive pricing offered by online-only retailers and their foreign suppliers has put relentless pressure on gem prices at every step in the supply chain, it turns out. Profit margins have slipped badly as a result.

Consequently, an increasing number of jewelry businesses in the United States have found that economics of maintaining physical stores just aren’t working out.  Since 2014. a raft of store closures has affected both independents and chain operations.

At the top of the supply chain, the biggest international producers of gems are responding to the industrywide pressures by cutting costs through mine closures, employee layoffs and assets sales. Probably the most prominent example of this is Anglo-American PLC, which laid off more than 85,000 workers at the beginning of this year, along with putting more than 60% of the company’s assets up for sale.

Par for the course, the relative bright spot in the overall picture is online jewelry sales. Online is taking up the slack of the other channels – but at lower sticker prices.  Online retail sales of fine jewelry continue to grow in the high single-digits, even as the rest of the industry struggles mightily to maintain a business model that has become precarious in the new “online everything” world of retail.

I have my doubts that jewelry stores will disappear completely from the shopping malls, like we’ve seen happen with retailers of movies and music. But the days of a jewelry store outlet anchoring every major crossroads intersection at the shopping mall are probably history.

More information on the Polygon report can be found here.

What does the Equifax data breach tell us about the larger issue of risk management in an increasingly unpredictable world?

It’s common knowledge by now that the data breach at credit reporting company Equifax earlier this year affected more than 140 million Americans. I don’t know about you personally, but in my immediate family, it’s running about 40% of us who have been impacted.

And as it turns out, the breach occurred because one of the biggest companies in the world — an enterprise that’s charged with collecting, holding and securing the sensitive personal and financial data of hundreds of millions of people — was woefully ill-prepared to protect any of it.

How ill-prepared? The more you dig around, the worse it appears.

Since my brother, Nelson Nones, works every day with data and systems security issues in his dealings with large multinational companies the world over, I asked him for his thoughts and perspectives on the Equifax situation.

What he reported back to me is a cautionary tale for anyone in business today – whether you’re working in a big or small company.  Nelson’s comments are presented below:

Background … and What Happened

According to Wikipedia, “Equifax Inc. is a consumer credit reporting agency. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide.”

Founded in 1899, Equifax is one of the largest credit risk assessment companies in the world.  Last year it reported having more than 9,500 employees, turnover of $3.1 billion, and a net income of $488.1 million.

On September 8, 2017, Equifax announced a data breach potentially impacting 143 million U.S. consumers, plus anywhere from 400,000 to 44 million British residents. The breach was a theft carried out by unknown cyber-criminals between mid-May 2017 until July 29, 2017, which is when Equifax first discovered it.

It took another 4 days — until August 2, 2017 — for Equifax to engage a cybersecurity firm to investigate the breach.

Equifax has since confirmed that the cyber-criminals exploited a vulnerability of Apache Struts, which is an open-source model-view-controller (MVC) framework for developing web applications in the Java programming language.

The specific vulnerability, CVE-2017-5638, was disclosed by Apache in March 2017, but Equifax had not applied the patch for this vulnerability before the attack began in mid-May 2017.

The workaround recommended by Apache back in March consists of a mere 27 lines of code to implement a Servlet filter which would validate Content-Type and throw away requests with suspicious values not matching multipart/form-data. Without this workaround or the patch, it was possible to perform Remote Code Execution through a REST API using malicious Content-Type values.

Subsequently, on September 12, 2017, it was reported that a company “online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected [sic] by perhaps the most easy-to-guess password combination ever: ‘admin/admin’ … anyone authenticated with the ‘admin/admin’ username and password could … add, modify or delete user accounts on the system.”

Existing user passwords were masked, but:

“… all one needed to do in order to view [a] password was to right-click on the employee’s profile page and select ‘view source’. A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.”

The reporter who broke this story contacted Equifax and was referred to their attorneys, who later confirmed that the Argentine portal “was disabled and that Equifax is investigating how this may have happened.”

The Immediate Impact on Equifax’s Business

In the wake of these revelations, Equifax shares fell sharply:  15% on September 8, 2017, reducing market capitalization (shareholder value) by $3.97 billion in a single trading day.

Over the next 5 trading days, shares fell another 24%, reducing shareholder value by another $5.4 billion.

What this means is that the cost of the breach, measured in shareholder value lost by the close of business on September 15, 2017 (6 business days), was $9.37 billion – which is equivalent to the entire economic output of the country of Norway over a similar time span.

This also works out to losses of $347 million per line of code that Equifax could have avoided had it deployed the Apache Struts workaround back in March 2017.

The company’s Chief Information Officer and Chief Security Officer also “retired” on September 15, 2017.

Multiple lawsuits have been filed against Equifax. The largest is seeking $70 billion in damages sustained by affected consumers. This is more than ten times the company’s assets in 2016, and nearly three times the company’s market capitalization just before the breach was announced.

The Long-Term Impact on Equifax’s Brand

This is yet to be determined … but it’s more than likely the company will never fully recover its reputation.  (Just ask Target Corporation about this.)

Takeaway Points for Other Companies

If something like this could happen at Equifax — where securely keeping the private information of consumers is the lifeblood of the business — one can only imagine the thousands of organizations and millions of web applications out there which are just as vulnerable (if not as vital), and which could possibly destroy the entire enterprise if compromised.

At most of the companies I’ve worked with over the past decade, web application development and support takes a back seat in terms of budgets and oversight compared to so-called “core” systems like SAP ERP. That’s because the footprint of each web application is typically small compared to “core” systems.

Of necessity, due to budget and staffing constraints at the Corporate IT level, business units have haphazardly built out and deployed a proliferation of web applications — often “on the cheap” — to address specific and sundry tactical business needs.

“Kid’s Day” at Equifax’s Argentine offices. Were the kids in command there, one is tempted to wonder …

I strongly suspect the Equifax portal for managing credit report disputes in Argentina — surely a backwater business unit within the greater Equifax organization — was one of those.

If I were a CIO or Chief Security Officer right now, I’d either have my head in the sand, or I’d be facing a choice. I could start identifying and combing through the dozens or hundreds of web applications currently running in my enterprise (each likely to be architecturally and operationally different from the others) to find and patch all the vulnerabilities. Or I could throw them all out, replacing them with a highly secure and centrally-maintainable web application platform — several of which have been developed, field-tested, and are readily available for use.

__________________________

So, there you have it from someone who’s “in the arena” of risk management every day. To all the CEOs, CIOs and CROs out there, here’s your wakeup call:  Equifax is the tip of the spear.  It’s no longer a question of “if,” but “when” your company is going to be attacked.

And when that attack happens, what’s the likelihood you’ll be able to repel it?

… Or maybe it’ll be the perfect excuse to make an unforeseen “early retirement decision” and call it a day.

__________________________

Update (9/25/17):  And just like clockwork, another major corporation ‘fesses up to a major data breach — Deloitte — equally problematic for its customers.

Brands tiptoe through today’s political minefields.

In 2017, not only is the United States politically divided into nearly equal camps, but it seems as though the gulf between the two sides is wider than it’s been in decades.

In my own personal experience, I haven’t witnessed political rifts this big since the anti-war era of the late 1960s and early 1970s.  But even then, that divide wasn’t so much on partisan grounds as on philosophical ones.

[And it wasn’t an equal divide, either.  Remember President Richard Nixon’s slogan about the “silent majority”?  It was — to the tune of a 61% Nixon victory in the presidential election of 1972.]

Historically, the people who manage product brands have adhered to a formula similar to that of distant relatives getting together for a holiday meal: avoid talking about politics and religion.  But in times where politics can overtake even the best-curated brands, that’s become more difficult.

Recently, international market research firm Ipsos studied the issue. It tested a number of well-known brands that have been the subject of “political” controversies.  Considering one measure – stock price – Ipsos found that there has been minimal impact on brand health when looking at the publicly traded brands that President Donald Trump has mentioned in his various late-night tweets.

But viewed another way, Ipsos found that there’s an ever-expanding emphasis on partisan politics. Americans have become more likely to combine their behavior as consumers with their ideological or partisan loyalties.  One measure is the spike in searches on Google for the term “boycott,” as can be seen clearly in this chart:

According to Ipsos, politically-minded boycotts appear to be having noticeable business impacts. Looking at around 30 publicly traded brands, those with the highest rate of consumer boycotts since the November 2016 election are the ones that experienced the worst stock market performance – by a factor of about -15%.

Prudent advice would be for brands to respond to the hyper-partisan environment by trying not to be drawn into ideological debates. That’s a smart move, as most of the brands Ipsos tested have a fairly evenly balanced mix of self-described Democrats and Republicans.

In such an environment, no matter which way a company might be perceived to be moving “politically,” there will be a substantial portion of its customers who object.

And object they do: As part of its study, Ipsos surveyed consumers on their boycotting behaviors.  More than 25% of the survey respondents revealed that they have stopped using products or services from a company because of its perceived political leanings.  And as Ipsos has found, the brands with the highest rate of recent consumer boycott activity have also experienced the worst stock market performance.

Trying to avoid becoming part of today’s sometimes-toxic political environment isn’t always easy for brands to accomplish. Even for brands that make a concerted effort, it is increasingly hard to predict what factors might drive a company into the limelight — or whether anything the company does or doesn’t do can control what actually happens.

Ipsos cautions that staying on the political sidelines isn’t as easy as it has been in the past. It has determined that political party identification now ranks as one of the most central aspects of how consumers organize their lives – and how they relate to brands as well.

To illustrate, Ipsos presents the cases of Nordstrom and Uber. Both companies feature customer bases that skew somewhat more Democrat, but with significant percentages of Republicans as well.  Since the 2016 Presidential election, both companies have experienced politically-themed PR incidents that were magnified on social media platforms, to negative effect.

Different groups reacted in different ways – Republicans turned off by Nordstrom (dropping Ivanka Trump’s clothing line) and Democrats turned off by Uber (Travis Kalanick’s involvement with Donald Trump’s economic advisory council).

But the end result was the same:  the brands’ reputations suffered.

In today’s environment, it seems as though assiduously maintaining a non-partisan, non-confrontational stance is still the best policy for maintaining brand strength.  But it isn’t a guarantee anymore.

Additional findings and conclusion from the Ipsos evaluation can be found here.

Brand PR in the era of social media: Much ado about … what?

These days, brands often get caught up in a social media whirlwind whenever they might stumble. Whatever fallout there is can be magnified exponentially thanks to the reach of social platforms like Twitter, Facebook and Instagram.

When a “brand fail” becomes a topic of conversation in the media echo chamber, it can seem almost as though the wheels are coming off completely. But is that really the case?

Consider the past few weeks, during which time two airlines (United and American) and one consumer product (Pepsi) have come under fire in the social media sphere (and in other media as well) for alleged bad behavior.

In the case of United and American, it’s about the manhandling of air travelers and whether air carriers are contributing to the stress – and the potential dangers – of flying.

In the case of Pepsi, it’s about airing an allegedly controversial ad featuring Kendall Jenner at a nondescript urban protest, and whether the ad trivializes the virtues of protest movements in cities and on college campuses.

What exactly have we seen in these cases?  There’s been the predictable flurry of activity on social media, communicating strong opinions and even outrage.

United Airlines was mentioned nearly 3 million times on Twitter, Facebook and Instagram just on April 10th and 11th.  Reaction on social media over the Pepsi ad was similarly damning, if not at the same level of activity.

And now the outrage has started for American Airlines over the “strollergate” incident this past weekend.

But when you consider what the purpose of a brand actually is – to sell products and services to customers – what’s really happening to brand reputation?

A good proxy is the share price of the brands in question. United Airlines’ share price took a major hit the week the “draggergate” news and cellphone videos were broadcast, but it’s been climbing back ever since.  Today, United’s share price looks nearly the same as before the passenger incident came to light.

In the case of Pepsi, company shares are up more than 7% so far in 2017, making it a notably robust performer in the market. Moreover, a recent Morning Consult poll found that over 50% of the survey respondents had a more favorable opinion of the Pepsi brand as a result of the Kendall Jenner commercial.

That is correct:  The Pepsi commercial was viewed positively by far more people than the ones who complained (loudly) about it on social media.

What these developments show is that while a PR crisis isn’t a good thing for a brand’s reputation, social fervor doesn’t necessarily equate with brand desertion or other negative changes in consumer behavior.

Instead, it seems that the kind of “brand fails” causing the most lasting damage are ones that strike at the heart of consumers’ own individual self-interest.

Chipotle is a good example, wherein the fundamental fear of getting sick from eating Chipotle’s food has kept many people away from the chain restaurant’s stores for more than a year now.

One can certainly understand how fears about being dragged off of airplanes might influence a decision to select some other air carrier besides United – although it’s equally easy to understand how price-shopping in an elastic market like air travel could actually result in more people flying United rather than less, if the airline adjusts its fares to be more the more economical choice.

My sense is, that’s happening already.

And in the case of Pepsi, the Jenner ad is the biggest nothing-burger to come down the pike in a good while.  The outrage squad is likely made up of people who didn’t drink Pepsi products to begin with.

Still, as an open forum, social media is important for brands to embrace to speak directly to customers, as well as to learn more about what consumers want and need through their social likes, dislikes and desires.

But the notion of #BrandFails? As often as not, it’s #MuchAdoAboutNothing.

United Airlines’ four miscalculations — and the $200 million impact.

Just how many mistakes did United Airlines make in “re-accommodating” four of its booked passengers recently? Oh, let us count the ways …

Miscalculation #1

Despite some reports to the contrary, technically United Airlines wasn’t in an overbooking or oversold situation. The flight boarded full; then some crew assigned to a future flight from the destination city turned up suddenly.

The airline’s first mistake was failure by its managers or staff to correctly anticipate the crew that needed to travel on this flight.

 Miscalculation #2

Their second mistake was to implement an operating procedure which gives crew higher priority than paying customers.

Because all customers had already taken their seats on the airplane, and no more seats were available, this meant that the airline’s staff had to ask — or coerce — some seated customers to leave.

Miscalculation #3

United’s third mistake was management’s failure to empower the airline’s gate agents to offer higher compensation in order to entice customers to leave voluntarily.

This miscalculation guaranteed that the victims would be “paying customers” who had done nothing wrong, rather than the airline’s managers and staff who had made all the mistakes.

Miscalculation #4

When choosing its victims, everything else being equal apparently, United Airlines and its regional partners like United Express go after the lowest-paying customers first. That too is a miscalculation.

Let’s explore this a bit further. According to the latest published data I could find, on average around 40% of passengers on the typical flight are traveling using heavily-discounted tickets.  Most of those tickets are non-refundable, and prepaid.  They can be changed ahead of time, but only if the customer pays change fees which can be very costly.

This means:

  • If the passenger doesn’t change his or her booking early enough, and doesn’t show up for the flight, the airline keeps all the revenue – and has the possibility of re-selling the seat to a different passenger.
  • Otherwise, the airline keeps the original revenue, plus the change fee. For United, this amounted to $800 million of additional revenue in the year 2015 alone.

Phony Risk?

Airlines justify their overbooking and overselling tactics as a way of reducing the risk of revenue lost from no-shows. Published data indicates that approximately 15% of confirmed reservations are no-shows. Assuming that the airline bears the full risk of revenue lost from no-shows, overbooking mitigates that risk by allowing other passengers to claim and pay for seats that would otherwise fly empty.

Airlines typically overbook about 12% of their seats, counting on no-shows to match load-to-seats, or later cancellations to reduce bookings. (Failure to correctly anticipate the number of no-shows would also qualify as a mistake by the airline’s management or staff.)

All that being said, however, in most discounting situations there is no “risk” to reduce, because most customers who buy discounted tickets already bear all the financial risks from a failure to show up for flights. If passengers are unable to fly when originally planned, they must either pay steep change fees … or they forfeit the entire fare paid.

The Real Risk

In fact, the airlines’ biggest risk of revenue loss from no-shows arises from passengers paying first class, business class or full-fare economy.

These types of tickets account for approximately 25% of passengers and 50% of ticket revenues.  Yet those passengers typically incur few if any cancellation fees or penalties if or when they don’t show up.

When enterprises like United try to have it both ways – by putting themselves ahead of their customers and gaming the system to maximize revenues without incurring any apparent financial risks – is it any wonder the end result is ghastly spectacles like passengers being forcibly dragged off airplanes?

Scenes like that are the predictable consequences of greed overtaking sound business management and ethics. You don’t have to think too hard to come up with other examples of precisely the same thing — Wells Fargo’s “faux” bank account setups being another recent corporate black-eye.

I’m sure if United Airlines had it to do all over again, it would have cheerfully offered up to $10,000 per ticketed passenger to get its four flight crew members off to Louisville, rather than suffer more than a $200 million net loss in share value of its company stock over the past week.

But instead, United Airlines decided on a pennywise/pound-foolish approach.

How wonderful that turned out to be for everyone.

PR Practices: WOM Still Wins in the End

These days, there are more ways than ever to publicize a product or service so as to increase its popularity and its sales.

And yet … the type of thing most likely to convince someone to try a new product – or to change a brand – is a reference or endorsement from someone they know and trust.

Omnichannel marketing promotions firm YA conducted research in 2016 with ~1,000 American adults (age 18+) that quantifies what many have long suspected: ~85% of respondents reported that they are more likely to purchase a product or service if it is recommended by someone they know.

A similarly high percentage — 76% — reported that an endorsement from such a person would cause them to choose one brand over another.

Most important of all, ~38% of respondents reported that when researching product or services, a referral from a friend is the source of information they trust the most.  No other source comes close.

This means that online reviews, news reports and advertising – all of which have some impact – aren’t nearly as important as the opinions of friends, colleagues or family members.

… Even if those friends aren’t experts in the topic!

It boils down to this:  The level of trust between people has a greater bearing on purchase decisions because consumers value the opinion of people they know.

Likewise, the survey respondents exhibited a willingness to make referrals of products and services, with more than 90% reporting that they give referrals when they like a product. But a far lower percentage — ~22% — have actually participated in formal refer-a-friend programs.

This seems like it could be an opportunity for brands to create dedicated referral programs, wherein those who participate are rewarded for their involvement.

The key here is harnessing the referrers as “troops” in the campaign, so as to attract a larger share of referral business and where the opportunities are strongest — and tracking the results carefully, of course.

All those narratives about Amazon? They’re not exactly accurate.

abI doubt I know a single person under the age of 75 who hasn’t purchased at least one item of merchandise from Amazon over the years. And I know quite a few people whose only shopping experience for the holidays is a date with the Amazon website.

Still, some of the breathless stories and statistics that are put forward about Amazon and its business model seem almost too impressive to be true.

I’m not just talking about news reports of drone deliveries (a whole lot of “hat” and far less “cattle” there) or the idea that fully-robotic warehouses are just around the corner – although these stories do make for attention-grabbing headlines.  (Despite the continued need for human involvement, the way that robots are being used inside Amazon warehouses is still quite impressive.)

Moreover, a study published recently by BloomReach based on a survey of ~2,200 U.S. online consumers finds that Amazon is involved in most online shopping excursions, with nine out of ten online shoppers reporting that they check Amazon’s site even if they end up finding the product they want via another e-commerce resource.

More than half of the BloomReach survey respondents reports that they check on the Amazon site first — which is a new high for the company.

But are all of the reports about Amazon as credible?

Doug Garnett
Doug Garnett

Recently Doug Garnett, CEO of advertising agency Atomic Direct, penned a piece that was published in the December 2016 edition of Response Magazine. In it, he threw a dose of cold-water reality on some of the narratives surrounding Amazon and its business accomplishments.

Here are several of them that seem to contradict some of the commonly held perceptions:

“Amazon is a $100 billion retailer.”

Garnett notes that once subtracting Amazon’s non-retail revenue for 2015 (the last year for which financial data is available), the worldwide figure is more like half of that.

In the United States, Amazon’s retail sales are closer to $25 billion, which means it makes up approximately 6% of total retail sales.

That’s still very significant, but it isn’t the dominating presence as it might seem from all of the press hype.

“Amazon is profitable now.”

Yes, it is – and that’s after many years when the company wasn’t. However, approximately three-fourths of Amazon’s profits are due to selling cloud-based services, and the vast majority of the remaining profit dollars come from content delivery such as e-books plus music and video downloads.  So traditional retail hard-goods still aren’t generating profits for Amazon.

It turns out, just as retailers like Wal-Mart, Target and K-Mart have discovered, that replicating a retail store online is almost always a money-losing proposition.

To underscore this point, Garnett references this example of a merchandising campaign in 2016 as typical:

“When one unit was sold on Amazon, eight were sold at the retailer’s website and 80 were sold in the brick-and-mortar stores. The profit is in the store. 

For mass-market products, brick-and-mortar still dominates. Amazon is a nice incremental revenue stream, [but] not a valid alternative when you’re playing in the big game.”

It also means that companies that are looking to Amazon as a way to push their products into the marketplace should probably think twice.

At the very least, they should keep their expectations realistically modest.