All posts in “Entrepreneurship”

Managing Sales Tax Complexities in Merchandise Returns

As the world has become increasingly digital, the retail industry has gone through tremendous transformation. To survive in the competitive landscape and keep up with evolving customer preferences, merchants have had to adapt and learn how to deliver the seamless omnichannel experience that shoppers expect. Delivering that efficiency and convenience comes with operational intricacies that no longer can be managed manually.

Customers expect an easy return process, and they use it to their advantage. There are many shoppers who buy items in multiple sizes and options for comparison. In fact, 40 percent of shoppers bought multiple items online in 2017 with the intent to return all but their favorite, according to customer loyalty company Narvar.

While most shoppers might see returns as convenient and hassle-free, the process is costly and complex for retailers. From restocking and labor costs to the inability to resell a returned item because it either is no longer in style, or was damaged, or went on sale, retailers face a myriad of return challenges that expand beyond a lost sale.

The increase of returns is proportional to the expansion of online sales, which have experienced a growth rate nearly three times that of rate of brick-and-mortar shops. As omnichannel buying has become the standard, the complexity of returns has intensified.

Thirty-eight percent of retailers recognized an increase in “buy online return in store” (BORIS) returns in 2018 compared to 2017, according to the National Retail Federation.

At the same time, 29 percent noted an increase in fraudulent returns. The retailers polled estimated that 8 percent of returns were fraudulent last year. For no-receipt returns, which make up 12 percent of all returns, the fraud forecast jumped to 21 percent.

Retailers lose US$5 dollars for every $100 in returns, notes the 2018 Consumer Returns in the Retail Industry report. Such significant losses translate into higher prices for consumers, as retailers need to recover money lost, as well as a drop in sales tax revenue for state and local jurisdictions.

Customers, especially those returning in person, expect returns to be processed seamlessly. However, not many realize the back-office calculations that need to happen to ensure a return is handled properly and the right amount is credited back.

Keeping Up With Rates and Rules

Forty-five states and the District of Columbia collect a statewide sales tax that ranges from 7 percent in Indiana, Mississippi, Rhode Island and Tennessee to 2.9 percent in Colorado. Those rates, as well as state taxability rules, change constantly. There were 619 standard sales tax rate changes in 2018 alone. In the last decade, there were 2,214 new standard sales tax rates and 3,672 standard sales tax changes.

This complexity doesn’t stop at the state level. In thirty-eight states, local taxes are levied on top of a state’s basic rate, bringing the number of U.S. tax jurisdictions with different rates and rules to more than 11,000. Missouri, for example, has approximately 2,000 local tax rates.

Taxability also varies across product types, adding to the sales tax confusion. Clothing is considered taxable by most states, for example, although a few exempt clothing up to a certain amount or altogether. A few states impose a luxury tax on items of clothing that sell for more than $1,000. Additionally, there are some exceptions to be considered, such as athletic or protective clothing, which are exempt in some jurisdictions.

It would be burdensome if not impossible to manage these complexities manually. Retailers need automated software that provides them with up-to-date content and ensures that proper taxes are applied during a sale and return transaction.

Calculating a Return

The amount of sales tax on a receipt usually is totaled for all items purchased, which means retailers need to recalculate it when select products are returned. This is not an easy job, given that the rates and rules can be different depending on the type of item, and when and where it was sold. Ideally, retailers should keep track of per-item tax amounts to avoid recalculation, requiring an automated system that can store massive amounts of data that can be accessed on demand.

Consumers often buy online and return in store, or bring returns to different locations. Because the rules are different across state lines, knowing the location of the original transaction is critical to calculating the right amount.

A great exampleis New Jersey, with a state sales tax rate of 6.625 percent, and its neighbor Delaware, which is one of the NOMAD states with no sales tax. A Delaware store accepting a return of a purchase made in New Jersey would need to have access to the information about product taxability for the specific items returned, as well as state and local sales tax rates at the time of purchase.

Seventeen states held a sales tax holiday in 2018, which is yet another factor that retailers need to consider when recalculating sales tax on a merchandise return. They are state-specific and can place a potential burden on retailers if not remitted correctly.

If someone buys jeans in Ohio but returns them in Pennsylvania, the transaction could be audited because clothing in Pennsylvania isn’t taxable. To avoid raising red audit flags, stores need to ensure cross-state returns are credited back to the original purchase state. Without a tax solution integrated into POS systems, retailers wouldn’t be able to manage this complexity.

After a return is processed and sales tax is refunded, sellers also need the ability to claim back from the government the tax that was reported and remitted. State approaches to crediting sales tax vary as well.

Some require sellers to amend past returns, while others, especially those with a flat rate across the state, allow for merchants to take a credit on the next return filed — as long as the correct rate is applied. Because of this, when retailers want to close the books, they often end up absorbing the cost of the tax, especially for returns that come in late.

Automating the Process

The rise of omnichannel sales and services comes with a number of complications. A product sold through an online channel and then returned by the customer to a physical store creates a fair amount of tax complexity. When each transaction is multiplied by hundreds of different tax rates, dozens of products, and thousands of customers, the tax math gets extraordinarily convoluted.

In a competitive market, such as retail, customer satisfaction is of utmost importance. A seamless omnichannel returns process is an important element. Studies have shown online shoppers are more willing to shop again with a retailer that provides a satisfactory return experience.

Recalculating sales tax accurately and in real-time during a return can be hard, given the dizzying number of tax variables. A manual process of creating tax schedules and entering the information into a POS system needs constant monitoring and updating to add or remove rates and rules, new locations and SKUs. It can result in errors and omissions, increasing noncompliance risk.

Retailers need to rely on fully automated technology that can streamline operations and ensure accuracy. This includes applying the latest rates and rules, as well as refund and restocking fees. The solution also should integrate with POS and back-office systems, as well as scale to allow the business to expand into new regions or channels with confidence.

Automation can help retailers simplify the tax complexity of merchandise returns, which have grown to be a large and inevitable part of the retail process, so they can focus on growing their business.

Pete Olanday is consulting retail practice leader at

Philanthropy Is Good for Business

The other day Salesforce announced that it was integrating its philanthropic arm, the nonprofit, into the larger organization, This makes a round trip for “the org” as it’s sometimes called. At its founding, Salesforce built its 1-1-1 model of philanthropy — donating 1 percent of its equity, product and employee time to communities around the world — into its core business.

Philanthropy Is Good for Business

As you can imagine, such an endeavor starts slowly but builds momentum over time. To date, Salesforce has donated more than 3.8 million hours of employee time and more than US$260 million in grants. A few years ago, Salesforce established the org as a public benefit corporation under California law.

That all went along swimmingly until the org developed its own vertical apps, including the Salesforce Philanthropy Cloud, Nonprofit Cloud, and Education Cloud. Voila, the org was in the software business. However, it might not have had all of the resources a software company would need, so merging seemed sensible.

Cultural Transformation

Salesforce has been playing both a long game and a short one for a long time. The short game is easily understandable — it sells seats of use to corporations. These include the company’s flagship CRM, partner apps, and development tools for those who want to roll their own apps. This makes perfect sense in the software business.

The longer game, which takes some explaining, is more about culture transfer. As the company has evolved, it has helped set standards for modern business. It has used what it built in an “eat your own dog food” way. That’s partly responsible for the Salesforce culture and it’s something the company is not shy about exporting.

Cloud computing is a good early example of culture transfer. The cloud commoditized computing and made it possible for businesses to get better and more reliable computing while also saving money. Today there’s virtually nothing you can do in your data center that you can’t do in the cloud, except maybe get hacked.

Cloud wasn’t the only innovation. There have been major inflections in social media and analytics, just to pick a couple. At each point, the company was selling more than software. It was teaching businesses new approaches and ways of doing business, and with that come culture changes.

Consider analytics and machine learning. Most of us will consider this just the latest new wrinkle in an industry that has had more than its share, but it has led to a culture change, which is what digital disruption is — learning to trust numbers over gut instinct.

Achieving the Right Balance

The thing is, they’ve been at this so long that Salesforce actually is addressing a new generation of customers and users now, and that’s why philanthropy, nonprofits and education are so important. It’s doubtful that any of the clouds from the org will generate serious income for businesses that use them. The real test of their value is in how they help businesses manage culture change.

There have been numerous studies linking a business’ philanthropic efforts with employee job satisfaction, and the younger the employee the more significant the effect. Philanthropy Cloud in particular has been instrumental in helping Salesforce to spread its 1-1-1 model around the business world.

For instance, well over two thousand businesses have adopted the model, and more are added weekly. Also, major players in the philanthropy world, like United Way, are big users and proponents, because the Philanthropy Cloud helps nonprofits extend their missions.

So, it’s not too surprising to me to see the two corporations coming back together. Increasingly it’s likely that the nonprofit/philanthropic/education solutions will have positive drag-on effects wherever the core technology goes.

This looks like one more culture change sponsored by Salesforce, and it might be the one with the most lasting power. Social techniques and analytics will be absorbed and blend into a company’s background, but this is different.

Nearly four decades ago, business thinkers decided that a company’s main and perhaps only responsibility was to the shareholders. Prior to that, there was a more nuanced view of stakeholders that included employees, customers, and the community at large, as well as shareholders. Perhaps this begins to rebalance that trend.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Denis Pombriant is a well-known CRM industry analyst, strategist, writer and speaker. His new book, You Can’t Buy Customer Loyalty, But You Can Earn It, is now available on Amazon. His 2015 book, Solve for the Customer, is also available there.
Email Denis.

Hackers Use Microsoft Help Desk to Pull Off Massive Email Breach

By Jack M. Germain
Apr 16, 2019 10:31 AM PT

Hackers piggybacked onto a Microsoft customer support portal between Jan. 1 and March 28 to gain access to the emails of noncorporate account holders on webmail services Microsoft manages, including, and

Microsoft has confirmed that a “limited” number of customers who use its Web service had their accounts compromised. However, as more details have surfaced, it appears the intrusion may have been more widespread than implied.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” Microsoft spokesperson Elissa Brown told the E-Commerce Times.

Microsoft sent email notices to affected users over the weekend reporting that “bad actors” potentially had been able to access their email addresses, folder names, the subject lines of emails and the names of email addresses the user contacted.

“Out of an abundance of caution, we also increased detection and monitoring for the affected accounts,” Brown said.

The hackers could not see the content of any emails or attachments, or login credentials like passwords, according to Microsoft.

The hackers got into the system by compromising a customer support agent’s credentials, according to Microsoft’s letter to hacked account holders.

It remains unclear how many people, accounts and geographic regions were affected. Whether the employee was a Microsoft employee or someone working for a third-party support services provider was not disclosed. Nor has Microsoft explained how the agent’s credentials were obtained or how it discovered the breach.

However the level of information Microsoft has disclosed suggests that this breach was significant, observed Adnan Raja, vice president of marketing for Atlantic.Net.

“It’s significant because it has slowly gotten more serious,” he told the E-Commerce Times.

Microsoft acknowledged it only after it was confronted with screenshots, he pointed out.

The company still has not said how many accounts were affected, “so this suggests it is worse than what has been disclosed,” Raja maintained.

Worrisome Details Emerge

In a limited number of cases, email content including calendars, dates of birth, and login histories reportedly also were compromised, noted Steve Sanders, vice president of internal audit for CSI.

“The attack took place over almost the entire first quarter of 2019. An outside source claims this time frame may have actually been as long as six months. There are likely more details to this compromise that haven’t been released yet,” he told the E-Commerce Times.

Another factor that makes this email breach troubling is the access attackers gained, even if it involved a relatively small percentage of user accounts, noted Marc Laliberte, senior security analyst at WatchGuard Technologies.

“While the number of affected accounts may be limited, the attacker basically had full viewing access, which is very serious,” he told the E-Commerce Times.

While the attackers only had read-only access to victim accounts, they could have viewed any recent password reset links and tokens for other websites. These links are usually short-lived, but if a user has recently reset their password somewhere, they should do it again, Laliberte advised.

Third-Party Weakness

If the compromised Microsoft agent in fact was affiliated with a support vendor, that could indicate more serious security holes. Third-party vendors pose security risks for network safety.

“It has been shown time after time that customer support is one of the weakest links in authentication practices,” said Aaron Zander, Head of IT at HackerOne.

“This is a huge problem affecting the industry as a whole, not just Microsoft,” he told the E-Commerce Times.

Companies often hire contractors, agencies and third-party companies to limit liability. However, customer support operations often are treated as burdensome and may be left completely overlooked in terms of security, according to Zander.

“Customer support teams are frequently less secure than other teams in an organization,” he said. “Companies need to make sure that they extend identity management and security best practices to the third-party agencies that they work with.”

More than half of recent cyberbreaches have been due to third-party attacks, noted Vidisha Suman, principal in the digital transformation practice at A.T. Kearney.

It will be interesting to find out how the Microsoft Customer Service Portal/ Account credentials got hacked, she told the E-Commerce Times.

“Based on my experiences defining cyberstrategies for firms, only around one-third of companies know which vendors have access to sensitive data, and less than 20 percent actually know if the vendor is sharing the data with other providers,” Suman said.

“This chain of access is very easy to be compromised, and the impact could be cross-enterprise wide,” she pointed out. “If the Microsoft customer service portal was indeed compromised by a third-party access/plug-in, this may be one of the many such attacks that happened last year compromising millions of customer data.”

Major regulatory bodies across the globe are already reviewing third-party risks and finding ways to ensure accountability, Suman added.

Now What?

In its letter to affected email account holders, Microsoft recommended they change their login passwords. The company also warned they could expect to see more phishing or spam emails as a result of the breach.

The company suggested that email users be careful with emails received from misleading domain names, or any email requesting personal information or payment, as well as any unsolicited request from an untrusted source.

Users directly impacted also should regard any confidential information sent through Outlook, for example, as compromised and consider taking appropriate steps, advised CSI’s Sanders.

“This incident is a good reminder that no confidential data should be sent through unencrypted email,” he said. “Though two-factor authentication would likely not have prevented users from being compromised in this incident, it is also a good reminder that every user should enable this feature.”

This attack went after the back-end system infrastructure versus the actual end-user experience. That scenario is different from other attack vectors, noted Phil Cardone, CEO of Radius.

While a typical breach might affect day-to-day interactions between people and organizations, this attack could have affected the structural integrity of the Microsoft Office 365 system infrastructure, he explained.

Still, “this could have been much worse than it was,” Cardone told the E-Commerce Times. “Microsoft may be looking to further examine their credentialing and self-auditing to ensure a breach along this line does not happen again and to ensure the safety of their platform.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

The Rise of Headless Commerce

“Headless commerce” has become an e-commerce buzzword lately, but how can brands use it to their advantage?

“In its most basic terms, ‘headless commerce’ refers to the decoupling of a website’s presentation layer — the front end — from its commerce and business logic/function layer — the back end,” said Meghan Stabler, vice president of product marketing at BigCommerce.

A headless commerce approach “helps a merchant support both the latest in technology and/or end-user devices and also build powerful, personalized and engaging commerce experiences,” she told the E-Commerce Times.

As brands have increased the amount of website content that must be updated regularly, they increasingly have been seeing the advantage of decoupling that content layer from the business layer, while ensuring their customers have a seamless experience between consuming content and making purchases.

“As online shopping increasingly replaces the brick-and-mortar retail experience, consumers have developed an expectation that online brands double as purveyors of rich and engaging content,” observed Stabler. “For them, the experience they have online needs to mimic the one they were accustomed to in-store, and engaging content offers them a digital way to connect more deeply with the brands they like.”

Headless commerce ultimately is an important integration strategy.

“Headless commerce is the key to blending these two experiences — content and commerce — in a more harmonious way, because it allows the merchant to tap one platform for content and another for commerce, rather than forcing a single platform to handle all aspects of its website, as had been the case previously,” Stabler pointed out.

Headless commerce comes into play whenever a customer comes into contact with a brand.

“Headless commerce essentially brings two concepts together — a turnkey SaaS back end with the core commerce functionality and utility APIs as the delivery mechanism to connect the head,” said Adam Sturrock, vice president of customer success at Moltin.

“It may seem counterintuitive, but headless commerce is not actually headless,” he told the E-Commerce Times. “A head is the customer touchpoint where the transaction and value exchange takes place — such as a website a customer visits, or a mobile app they download and interact with to buy something.”

Headless Commerce Benefits

A primary benefit of headless commerce strategies is that they give companies greater flexibility and allow for extensive customization.

“In the past, merchants were forced to choose between a website that focused on the content and experience but faced extreme commerce limitations, or one that had all the bells and whistles of a high-performing e-commerce site but lacked some of the pizazz of a content-first experience,” said BigCommerce’s Stabler.

“If done correctly, headless commerce promises to grant retailers the choice, flexibility and customization capabilities they need to effectively compete in today’s crowded e-commerce landscape,” she added.

Headless commerce can improve the customer experience.

“The benefits to brands of adopting a headless commerce solution are that it gives them flexibility to deliver more innovation and customer experiences quicker,” noted Kevin Murray, managing director of Greenlight Commerce.

“They can use these services as building blocks with less overhead and costs when having to change their existing digital landscape,” he told the E-Commerce Times. “It can give them a lot more control over the experiences they want to deliver to their customers.”

Headless commerce helps a brand prepare for future challenges. It allows services “to be swapped by new providers as needed, which is easier than changing an entire e-commerce platform,” said Murray.

Separating the content on sites from the e-commerce levels — while allowing those levels to have the same look and feel for customers — just makes sense for most businesses, he suggested.

“This means that logic related to certain processes can be stored in one place and then consumed by something else more easily,” Murray explained, “rather than having to duplicate the same functionality for different presentation purposes. This is even more important due to the continued emergence of different presentation layers that require e-commerce capability — desktop and mobile browsers, apps, kiosks, social media.”

With headless commerce, updating content across multiple touchpoints is efficient, noted Darin Archer, CMO of Elastic Path.

It enables marketing teams “to make design and content updates very quickly without requiring IT support,” he told the E-Commerce Times. “It also allows companies to enable commerce in all customer touchpoints, including nontraditional touchpoints such as voice commerce or VR. ”

Evolution of Headless Commerce

Headless commerce is still gaining traction, and in the coming years, it’s likely to become much more common, suggested Stabler.

“We’re only just seeing the full spectrum of use cases,” she said. “Currently, headless commerce is predominantly focused on the connection between e-commerce and the CMS platform, but the functionality itself can be replicated for a seemingly endless number of use cases. Because the front end and back end are decoupled, merchants can expand their opportunities and outreach to more customers in rapid time.”

Headless commerce likely will become the norm, as “innovative new channels and experiences are being created that meet the customer at new points of engagement and potential purchase moments,” said Moltin’s Sturrock.

“No longer are we constrained to destination-based commerce interaction, visiting a store or website, but we can now weave commerce interactions and transactions into our daily lives seamlessly.”

It’s not just e-commerce sites that are adopting headless commerce strategies. Increasingly, brick-and-mortar stores are seeing its value, as well.

“As end-user technology continues to innovate, the customer ‘commerce experience’ must innovate also,” said Stabler.

“We see that with the traditional brick-and-mortar stores who are experimenting with AR/VR in their stores and by extension to their online presence,” she noted.

“I expect that we will see many brands integrating a headless/API-first commerce strategy into other experiences on mobile, voice, AR/VR, even standalone kiosks,” Stabler predicted. “With merchants and brands needing to get their goods into the hands of the consumer as quickly as possible, headless commerce will help them do just that.”

Vivian Wagner has been an ECT News Network reporter since 2008. Her main areas of focus are technology, business, CRM, e-commerce, privacy, security, arts, culture and diversity. She has extensive experience reporting on business and technology for a variety
of outlets, including The Atlantic, The Establishment and O, The Oprah Magazine. She holds a PhD in English with a specialty in modern American literature and culture. She received a first-place feature reporting award from the Ohio Society of Professional Journalists.
Email Vivian.

Startups Weekly: Lessons from a failed founder

I sat down with Menlo Ventures partner Shawn Carolan this week to talk about his early investment in Uber. Menlo, if you remember, led Uber’s Series B and has made a hefty sum over the year selling shares in the ride-hailing company. I’ll have more on that later; for now, I want to share some of the insights Carolan had on his experience ditching venture capital to become a founder.

Around when Menlo made its first investment in Uber, Carolan began taking a step back from the firm and building Handle, a startup that built tools to help people be more productive. Despite years of hard work, Handle was ultimately a failure. Carolan said he shed a lot of tears over its demise, but used the experience to connect more intimately with founders and to offer them more candid, authentic advice.

“People in the valley are always achievement-oriented; it’s always about the next thing and crushing it and whatever,” Carolan told TechCrunch. “When [Handle] shut down, I had this spreadsheet of all the people who I felt like I disappointed: Seed investors who invested in me, all the people at Menlo and my friends who had tweeted out early stuff. It was a long spreadsheet of like 60 people. And when I started a sabbatical, what I said was I’m going to go connect with everyone and apologize.”

Today, Carolan encourages founders to own their vulnerabilities.

“It’s OK to admit when you’re wrong,” he said. “Now I can see it on [founders’] faces, I can see when they’re scared. And they’re not going to say they’re scared but I know it’s tough. This is one of the toughest things that you’re going to go through. Now I can be there emotionally for these founders and I can say ‘here’s how you do it, here’s how you talk to your team and here’s what you share.’ A lot of founders feel like they have to do this alone and that’s why you have to get comfortable with your vulnerability.”

After Handle shuttered, Carolan returned to Menlo full time and made the firm a boatload of money from Roku’s IPO and now Uber’s. Anyway, thought those were some nice anecdotes that should be shared since most of our feeds are dominated by Silicon Valley hustle porn.

Want more TechCrunch newsletters? Sign up here. Ok, on to other news…

IPO corner

Funds on funds on funds

There were so many fund announcements this week; here’s a quick list.

Extra Crunch

Lots of great new exclusive content for our Extra Crunch subscribers is on the site, including this deep dive into the challenges of transportation startup profits. Plus: When to ditch a nightmare customer, before they kill your startup; The right way to do AI in security; and The definitive Niantic reading guide.


Sinema, that one MoviePass competitor, has run into its fair share of bumps in the road. TechCrunch’s Brian Heater hopped on the phone with the startup’s CEO this week to learn more about those bumps, why its terminating accounts en masse, a class-action lawsuit its battling and more.

Photo by Stephen McCarthy / RISE via Sportsfile

Startup capital


TechCrunch’s Startup Battlefield brings the world’s top early-stage startups together on one stage to compete for non-dilutive prize money, and the attention of media and investors worldwide. Here’s a quick update on some of our BF winners and finalists:


If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm, myself and Phil Libin, the founder of Evernote and AllTurtles, chat about the importance of IPOs. Plus, in a special Equity Shot, Alex and I unpack the Uber S-1.