|| The Perspective
Monday, 24 September 2007
Lief Larson is a media technologist residing in Minneapolis. He is also the founder and former editor-in-chief of Kiosk magazine, the forerunner of Self-Service World magazine.
The concept of “self-service 2.0” is a forward-thinking vision for the possible interactive and visual displays of tomorrow, based on technology that exists today.
Kiosk and self-service technology is evolving. Over the next 12 months to 24 months the industry likely will experience a turning point for new technologies and applications that add a new level of convenience and accessibility to people’s lives — think: thin client, RFID, kiosk/digital display convergence, data transport, customer sensing and other tools.
Here’s a look at where the technology may be headed:
For years, those in the kiosk realm have predicted the advent of thin client/small form factor devices, yet boxy terminals continue their prevalence. A peek around the corner may see software that primarily resided on kiosk hardware slowly disappearing in favor of Web-based, software-as-service platforms. In this scenario, the terminal only needs to be able to connect to the Web and to a limited number of local software applications, such as drivers for hardware add-ons like credit card readers and printers.
The advantages of thin client are lower hardware costs and less chance for downtime — fewer parts mean less probability of failure. What hardware remains in the kiosk enclosure will be small and stable. Look for ultra-compact embedded hardware such as mini/pico-ITX and panel PCs in 17 inches to 22 inches for under $999 to blaze trails in this area.
The kiosk terminal (interactive) and digital signage (non-interactive) will combine. Previously at a kiosk terminal users would navigate and control it with interface tools, whereas a digital sign simply would display information without any user control or interactivity. An emerging trend in digital displays allows users to immerse themselves in the experience by interacting with digital signage through user triggers such as multitouch screens, cell phones and RFID.
Kiosk and digital signage company Nanonation, for example, has provided cutting-edge applications for Royal Caribbean Cruise Lines and Umpqua Bank.
Brian Ardinger, Nanonation’s senior vice president of marketing, said the key is to not interrupt the customer experience, but to enhance the environment with information, images and intuitive systems. “By giving customers access to the information and marketing tools necessary when they ask for it or when they are naturally interacting with something is more powerful than hoping a person sees the right loop at the right time.”
Self-Service 2.0 Applications
• At self-service kiosks, concert-goers use USB sticks to buy, download and take home live recordings of the event after the show. Although this technology has been around for years, hundreds of thousands of people now carry USB sticks; they have become the single most popular means of physically transporting data files. The music group Barenaked Ladies have been selling DRM-free concert music for USB sticks. Thumb drives and mobile media memory sticks soon also may allow customers to take information away from environments such as retail stores.
• Sequoia Media Group launched myMovieMaker, a service now available at Wal-Mart stores that instantly transforms consumer digital photos into personalized DVD movies. The service uses Hollywood-style effects and themed storyboards to empower customers with professional movie production. It is likely that soon we will see advanced kiosk functionalities that address marketplace trends, such as developing video for sites like YouTube and customizing large-ticket purchases such as cars and furniture.
• French video rental giant CPFK has developed the Moovyplay system to rent movies for 30 days using a portable hard drive. A customer loads up the drive at an in-store kiosk, then plugs it into a docking station connected to his TV set. The first-generation drives, which are about the size of a BlackBerry device, can store up to 14GB of data, enough to hold about 40 movies at DVD quality. Users pay for the movies with a prepaid card, and revenue is split between the studios and the retailer. Household pipelines are bandwidth-limited for high-definition file sizes, which may present opportunities for kiosks to help put file transfers into the hands of consumers through large file transport devices. Is anyone else scared by the word “teraflop”?
• Freedom Shopping is a state-of-the-art self-checkout retail kiosk that uses RFID technology for speedy checkouts. There is no learning curve for the shopper — simply approach the kiosk with the items to check-out and a helpful voice guides the shopper through an effortless transaction. We have just reached the true opportunity of RFID in self-service. Expect dozens of new test applications that work through RFID to roll out over the next 18 months.
• LocaModa is developing technology that works with self-service kiosks and other out-of-home networks such as Wi-Fi hotspots, narrowcast digital signage and IP-based entertainment networks (from jukeboxes to cinemas) that can be leveraged to provide interactivity, presence and commerce for mobile consumers. The next generation self-service movement calls for cell phones and connected PDAs to act as remote controls for calling up information.
• Rogers Wireless, a leading telecom communications company in Canada, is using in-store kiosks that act as an extension of the sales force, educating and captivating customers and increasing potential sales opportunities. The interactive touchscreens, working in tandem with motion-sensing technology, inform consumers about specific products of interest to them. Whether trying to determine when a customer is near your self-service terminal or digital display, or triggering applications, sensing technology offers a huge chance to intuitively engage customers at the moment of opportunity.
Monday, 17 September 2007
Bill Gerba, president of WireSpring Technologies, regularly blogs about digital signage at Wirespring.com. The following column first appeared on that site here.
By now, you've probably heard about last year's massive security breach at TJX (the parent company of TJ Maxx, Marshalls and a few other), which resulted in the theft of millions of credit card numbers and other pieces of personally identifiable information. As the different versions of the story have come and gone, the culprits were either hackers sitting in a nearby parking lot who infiltrated an unsecured wireless network, fake kiosk repair men who installed phony keypads to steal credit card numbers and PIN codes, or ex-employees who had access to key records and resources. But a new twist covered by Information Week and StorefrontBacktalk suggests that problems with TJX's in-store security practices (or lack thereof) allowed the attackers to use job application kiosks as a vector into the corporate network. Regardless of what the actual method of attack turns out to be, you never want to leave those doors open. And since virtually every digital signage and kiosk network relies on having networked devices somewhere in the store, now seems like a good time to review some dos and dont's for in-store computer security.
Depending on which version of the TJX kiosk story that you believe, hackers either replaced an encrypted PIN pad, inserted hardware keystroke loggers, used USB key drives to inject malicious software, or some combination of the three. This brings to mind a couple of guidelines that should always be remembered when placing computers in places where unauthorized people can get to them:
Lock 'em down. If you're putting a self-service kiosk on the sales floor and expect your customers to interact with it, you'd better be sure that any cables are securely fastened, unused ports are closed off (both physically and in software), and any access doors or panels are secured with a key or combination lock. In one version of the TJX story, phony tech staff physically tinkered with the kiosks, but in every version it should not have been physically possible to even install the device (USB key drive, fake PIN pad or keystroke logger). To prevent this, secure and cover all cables and openings. Even better, use an all-in-one appliance like IBM's Anyplace Kiosk with an on-screen keyboard for data entry. This eliminates the need for most external peripherals, and the ports seal up nicely, too.
Out of sight, out of mind. Taking item #1 a step further, if you don't need to have your computers sitting out where anybody can get at them, lock them up somewhere else. For a kiosk application, that might mean putting the CPU in a locked cabinet or closet (though the IBM Anyplace Kiosk obviates the need for this, provided you've bolted the thing down, of course). For digital signage applications, make sure your players are either sitting in a locked enclosure if they're kept behind each screen, or even better, put all of the media players in a secure room or closet, and use video distribution equipment to carry the signal to screens elsewhere in the store. One quick anecdote here: not too long ago we won a digital signage deal away from a competitor who, in addition to not having the best product for the customer's needs, also used laptops as the media players driving each screen. Unsecured laptops. Laptops that were simply cable-tied to a mounting bracket behind each screen. Let's just say that after a month-long trial period, many of the customer's "media players" had mysteriously gone missing.
Batten down the hatches. Visa, MasterCard, and other payment groups started catching flack for a lot of the more serious retailer data breaches a few years ago, and they responded with a new program called the PCI DSS (Payment Card Industry Data Security Standard). This applies to retailers as well as other parties, and outlines specific guidelines for handling cardholder data. For POS software and other payment-oriented applications, a special certification called PABP (Payment Application Best Practices) applies. Getting certified for PABP is an expensive and time-consuming endeavor. However, PABP certification is absolutely essential for kiosks that use credit cards for payment or identity verification, and it's also a very good idea for any computer-like device or service that comes within striking distance of a retailer's payment processing and data storage systems. Installing a spiffy new kiosk platform, or maybe a digital media network? Find out from your vendor if their software is up to snuff. Remember, even if your device doesn't actually accept credit cards, it could still be used as an attack vector to get to POS systems or other devices on the store's network that do house this data. Taking a point from the TJX story, it's also a good idea to disable any unused ports and peripherals in the computer's operating system and password-protect the BIOS, which further reduces the risk of tampering.
Don't forget to lock the gate! I think the most amazing and hard-to-believe version of the story came from Information Week, who suggested that USB key drives were used to install rogue programs on the kiosks. (What? The kiosk software allowed new programs to be installed?) This gave the attackers unfettered access to TJX's corporate network, as the kiosks were not separated from the rest of the network by a firewall! If this was 1991 and the Internet was still a cool toy for academics and scientists I might have let that slide. But seriously, this is 2007 and the attack in question happened quite recently. Whether you're using kiosks or not, anybody who doesn't believe that an extra Ethernet jack in the wall is a potential attack vector is deluding himself: important data should always be protected with a firewall. Forget about locking the gate. If this story is true, TJX's IT staff didn't even bother installing it.
This story just goes to show that no matter how many best practices guidelines and review meetings an organization has, it's all worthless without proper execution. While TJX only expects to take a modest financial hit from this breach (the $17 billion-a-year retailer is allocating less than $200M to cover all of the damages), a lot of customers and other businesses are upset over the exposure of their personal information. Worse, it stands to reason that there are other retailers out there with similar security practices, which are in desperate need of review and updating. And while security is certainly becoming an ever more important part of an IT staff's job, the proliferation of in-store computers for self-service kiosks, digital signage, Bluetooth/SMS beaconing, traffic monitoring, and security applications suggests that the problem will continue to grow.
There is some good news, though. All of the involved parties -- retailers, vendors and consumers -- have a vested interest in seeing things improve. Vendors must continue to improve their products, designing new systems and updating existing ones to make security features a high-priority. Likewise, retailers need to make sure that security plays a significant role in their policies and practices, taking advantage of new vendor-supplied solutions as they become practical and verifying that any new hardware and software purchases are compliant with the latest security mandates and standards (like PCI and PABP). And customers (that's all of us) have the most important job of all: telling retailers and vendors exactly how we feel when they slip up.
Thursday, 13 September 2007
When you think about innovative companies, you’d be hard pressed to find one more notable than Google. On the outside, they are one of the leaders of search and advertising on the Internet. Behind the scenes, they are fueled by innovation.
While most companies keep their trade secrets, well, secret, Google is willing to broadcast its findings. The second day of Digital Signage Expo 2007 in May began with a power breakfast focused not on digital signage, but innovation. The speaker was Jim Lecinski, managing director for Google.
I can imagine the information was both eye-opening and welcomed by the digital signage professionals in attendance, most of who represented companies considerably smaller than Google. The presentation was comforting as it was informative, like a big brother giving his little brother advice as he enters high school.
Google’s innovations are seemingly endless, and obviously they’re doing something right. Lecinski broke down his company’s innovation strategy into nine notions. Each notion contains an important lesson that professionals from all parts of the digital signage and self-service spaces can learn from.
- Innovation, not instant perfection. Google believes in launching new products and ideas early and often, rather than trying to perfect those ideas behind closed doors before releasing them to the public. Then, customer feedback and popularity prove which projects are most successful.
- Share everything you can. Small teams that communicate openly have proved the best results for Google. They believe in transparency in the workplace so that everyone knows what everyone else is working on. (Scary, right?) They have a computer program where employees can look up names and see what others are working on, so if they have an idea to contribute they know who to talk to.
- You’re brilliant, we’re hiring. When Google interviews employees, Lecinski said they set the bar very high. They focus more on hiring generalists rather than specialists, as they have found generalists are more valuable and can contribute ideas to different parts of the company.
- Allow employees to pursue their dreams. Lecinski said Google allows its employees’ time in a 70/20/10 model. Seventy percent of the time they work on Google’s search and ad flagships; they develop new programs like Images, Desktop and Finance 20 percent of the time; and 10 percent of the time employees are allowed to pursue their own high risk/high reward projects. Lecinski said Google Earth is a result of one of those projects.
- Ideas come from everywhere. Sometimes Google turns to the public for new ideas. The Google mastheads, which are customized for holidays and events, are taken from non-employee submissions. One of the mastheads was designed by a 12-year-old girl.
- Don’t politic – use data. With all the ideas floating around Google, the best way to determine which may work is to use supportive data. As Lecinski said, “Data beats opinion.”
- Creativity loves restraint. Again, Google has to have some way to keep all of the employee-generated ideas streamlined towards the company’s goals. “Let people explore, but set clear boundaries for that exploration,” Lecinski said.
- Get users and usage – the money will follow. This goes back to one of Lecinski’s larger points, “respect for end users,” but is a principle to follow in any form of business. He says to focus on creating things that are innovative and useful for people, not something you can sell.
- Don’t kill projects, morph them. Google doesn’t waste ideas. Instead, they try to change and transform them into something the company finds useful.
Monday, 10 September 2007
The last several years have witnessed an explosion in emerging technology such as mobile phones, online video, rich Internet applications and social computing applications (blogs, MySpace, Second Life). But the in-person self-service industry hasn’t kept up with the pace of innovation in other channels.
Poor kiosk usability keeps firms focused on the basics and vendors stifle innovation by acquiescing to client demands. There are few new software applications, and only a small number of stand-out kiosks dot the sea of uninspiring physical enclosures. As a result, in-person self-service experiences leave much to be desired — and in tomorrow’s world, mediocre customer experiences just won’t cut it.
So what does the future of in-person self-service look like? As the focus shifts from the self-service kiosk to the self-empowered customer, in-person self-service will become device-agnostic. Look for technologies such as RFID, mobile phone cameras, wearable computing, Wi-Fi and WiMAX to integrate with one another to provide the customer with the ability to gather information or process transactions that will be based less on physical hardware and more on helping users achieve their goals. In short, the user experience will hog the spotlight.
Software applications will become more personal: They will understand contextual information, incorporate consumers’ personal devices, bridge offline and online experiences, and embrace consumers’ desire to connect with each other. For example:
- When Nike launched its Nike ID custom sneakers, it worked with interactive agency R/GA to create a 22-story interactive billboard in Times Square that invited passersby to configure their own sneakers through their mobile phones — and then displayed the results for all of Times Square to see. A code sent back to the users’ phones allowed them to log on to the Nike ID Web site in order to view and purchase their masterpieces.
- Microsoft Surface is a tabletop-embedded display that allows users to seamlessly interact with online content and personal physical objects such as cameras and cell phones through its slick, multiuser touchscreen interface.
- At the National Retail Federation’s 2007 conference, interactive agency IconNicholson demonstrated a digital dressing room that allows shoppers in physical retail stores to solicit their friends’ opinions over the Internet when trying on clothes.
In the future, hardware elements will become more engaging. Large-scale displays will enable groups of users to consume and interact with information; new display surfaces will encourage playful interactions; and devices will merge with the environment to create more integrated experiences. For example:
- For Virgin’s Megastore in Times Square GestureTek used a combination of overhead projectors, mirrors and cameras to develop an interactive floor display that users can manipulate by stepping on different areas of the projection.
- FogScreen and Netkey joined forces to create an interactive fog display that can be installed in the middle of any large room. Users can draw on the “screen” or select interface elements through physical gestures, and then walk right through the display.
- The Verizon Experience store — another concept designed and developed by R/GA — seamlessly integrates more than 70 interactive touchscreens into the architecture and interior design of the 5,000 square foot retail location.
What do these changes mean? First, savvy marketing execs won’t hesitate to take their business to proven customer experience leaders, so self-service hardware and software vendors must embrace the user-centered methods and tools of the design world or risk losing work to interactive agencies that use these methods. Second, as future in-person self-service deployments more closely marry technology with environmental design, architecture and commercial interior design experts will become the next groups of superstars. And perhaps most importantly, consumers can look forward to more engaging and meaningful self-service interactions, which will translate into improved efficiencies and increased revenues for businesses.
The writer is a principal analyst for Forrester Research.
Tuesday, 04 September 2007
Successful kiosk deployment growth strategies include remote management
By Asad Jobanputra
04 Sep 2007
In a previous job I sat next to a sales rep (thank you, open concept office planners) who always talked about the “big deal” he was about to close. He never closed any of those big deals, and in hindsight, that was probably a good thing. If he had, and the company had quickly doubled or tripled in size, it likely would have gone bankrupt within nine months.
Management studies suggest businesses that experience rapid growth tend to spend little or no time developing and applying a reasonable growth strategy. Without a strategy in place, businesses face a nightmare of organizational problems, including the real possibility of bankruptcy within months of the initial growth. When it comes to self-service deployments, there are four key factors to include when planning for a healthy future.
Deployers often rely on store staff for routine maintenance such as refilling paper. This approach to service doesn’t work, partly because your priority (maintaining the kiosk) is not their priority. To avoid this scenario, use your remote management software to check kiosks’ status and to call stores whose kiosks are not up and running at the beginning of the day. When it’s time to distribute security patches, content updates and price changes, there’ll be no need to turn to store staff. The benefit is less about saving store employee’s time; it’s about ensuring you have the means to efficiently control the operation of your kiosks.
Everyone is aware of the need for security measures on their kiosk, from Payment Card Industry security compliance to locking down the keyboard to prevent application hijacking. However, the most overlooked threat often comes from within. Disgruntled employees account for a growing number of security breaches. As your kiosk deployment grows, so will the number of people who have access. Use your remote management software to limit access and functionality for different users — each user receives a unique password and each action performed is recorded in an audit log. This may seem like Orwellian overkill, but audit logs are critical in tracing security breaches and in troubleshooting user-error problems. You’ll have no trouble finding the person responsible for posting the Christmas promotion in July!
As the size of your deployment grows, the challenge of managing day-to-day operations will increase. More customers mean more content updates, more paper jams, more of everything you need to do to keep customers happy. Myriad software options allow you to perform remote actions via a one-to-one connection from a computer, and that’s great if you don’t intend to manage more than a dozen kiosks. If it takes you 15 minutes to login to a kiosk, perform an action (diagnosis, run a report, check the paper, etc.) and call your client to let them know the results, that would mean you could handle 30 calls in the average workday. As your deployment grows, you’ll have to choose between adding staff to manage the increased workload, or using remote management software that permits one-to-many connectivity and task automation.
"All we want are the facts, ma'am" was Sgt. Friday’s demand on the 1950s (and later ‘60s-‘70s) television show, Dragnet, and that’s what board members will be asking about your self-service deployment at the next annual meeting. The facts in this case are the core metrics of profit, revenue, usage and availability. You will need a reliable source for extracting this information from your self-service deployment.
Remote management software can collect and present customer usage data by kiosk, by region, by store, or whatever way you want to see it. The added value of tracking customer activity is that it tells you what’s on their minds, giving you the jump on the next big trend.
Analysts agree self-service technology is on the verge of mass adoption. That means more kiosks will be used by a greater number of industries to reach their customer base. To manage that growth, plan for tomorrow’s success today by developing a plan to help you avoid the pitfalls associated with service, security, scale and data.
The writer is Director of Application Solutions for Esprida Corp. where he is responsible for the integration and deployment of remote management solutions.