The E-Commerce Cyber Security Advantage
The retail industry is a prime target for fraud and data breaches. One of the reasons why the retail industry is so attractive to fraudsters is because every transaction has the potential to yield multiple types of customer data associated with credit and debit cards, whether it comes from infecting in-store technology or if data is stored elsewhere.
Contrary to what you may think, however, brick-and-mortar retailers, which carefully deploy heavily tested and proven point-of-sale (POS) software to handle critical checkout tasks in-store, may be struggling more than online retailers, who have much more frequent updates to their order and payment applications to protect customers’ sensitive personal data and banking information.
Pre-Internet Software in a Real-Time Hacker World
If the design of your store software stack originated in the pre-internet era, when taking months to roll out updates to POS software on CD "golden disks" was the norm (with POS systems having a life cycle of 10 or more years, systems such as these are still in operation!), how do you respond effectively to today's cyberhackers, who continuously invade your environment probing for vulnerabilities? And even if you know you have a breach, the POS fix across a large chain may take weeks or months.
As a a hacker, of course, you would want to "follow the money" and attack high-profile brands such as Target, Neiman Marcus, Home Depot, Michael's and now Staples, as well as JP Morgan Chase. It's hard to avoid risk as both retailers and banks have exposure. Ironically, we're seeing consumers coming back to cash to avoid the exposure entirely when shopping in physical stores!
Now more than ever, retailers must be on the cusp of new technology or risk falling behind the marketplace. Why? Because shoppers will stop connecting with brands that fail to protect their information and data. A study by Software Advice discovered that more than three-quarters of consumers would be less likely or completely unwilling to purchase from a company that compromised their personal data.
In fact, you may be surprised to learn that most consumers now view online transactions as safer than POS transactions at a brick-and-mortar location, this according to a recent study by ACI Worldwide and Aite Group. The growth of e-commerce figures to continue as consumers look to simplicity and security from their transactions. For omnichannel retailing to work, the physical store must keep up.
The Race to Update
Fortunately there are some alternatives emerging for omnichannel retailers. For brick-and-mortar retailers, the shift to EMV payment technology promises to improve security and reduce fraud at in-store POS systems. EMV, or "chip and pin," technology incorporates embedded microprocessor chips on credit and debit cards, replacing the less secure magnetic-stripe cards. By October 2015, major global banks and payment providers, including Visa and MasterCard, will require retailers to support EMV technology (with in-store readers) or bear the risk of loss.
Tokenization is another layer that can add security to EMV. Expect that ApplePay will get a great promotional boost as it not only adds tokenization, but also fingerprint recognition and a cryptogram with the transaction.
Then again, if you're coming from the e-commerce world, it begs the question: Why do you need POS at all? I believe that the convergence of the digital and physical worlds will happen quicker than many believe and POS systems will be phased out in favor of mobile tablets or phones. In fact, I eventually see retailers simply relying on their customers own phones to initiate the notice of payment without handing over any of their personally identifiable information to in-store technologies.
Regardless of the advances, there will be a continuing arms race — retailers and payment providers developing ever-more secure methods, including end-to-end encryption. This will coincide with hackers deploying ever-more sophisticated tools to get around them. Of course, the simplest method for hackers is always having someone on the inside who knows the way around all the defenses.
For most retailers, updated e-commerce and in-store technology systems are critical for improving shopper sentiment and data security. Combined with robust fraud prevention solutions, advanced commerce technology features like the seamless convergence of digital and physical store touchpoints on a single platform and real-time capabilities significantly decrease the risk of a serious data breach.
Powerful e-commerce technologies also help brands become more responsive to evolving data risks. Backed by more agile and robust commerce solutions, retailers are able to more quickly adapt to the latest threats — including those in-store — in order to reduce the odds of security events and giving customers the confidence they need to remain loyal to their brand.
Rick Chavie is the chief solution officer at hybris, a software company that sells enterprise omnichannel e-commerce and product content management software. Rick can be reached at firstname.lastname@example.org.