Why Cybersecurity is a Retail Issue That Starts at the Top
Recent data breaches affecting retailers threaten to undermine consumer trust and brand loyalty, making these incidents — and risks of future ones — more than a security team concern. Fraud is everyone’s problem, whether you're a security architect or a CEO, just as customer experience is an organizationwide goal.
A promise to keep transactions safe and private is among the assurances retailers make to buyers when they deliver them a memorable experience. While EMV helps pare back card-not-present (CNP) fraud at the point of sale, the growth of e-commerce and m-commerce makes the greater fraud frontier trickier. EMV lengthens checkout times and can’t be part of a unifying solution in all channels, making it quite limited.
Complicating security in the retail sector is a longstanding challenge when working to implement web and mobile app security without delivering a poor experience. Transaction authorization that requires a customer to enter a password after a period of inactivity, prompts to enter two factor numerical codes, or the need for a call-center touchpoint result in shopping cart abandonment.
It’s no wonder we see “autosaved everything,” yet we don’t have repeated, noninvasive authentication and payment authorization along the customer journey. We should expect enough from online security to demand that it be modern and that it benefit CX — just as we rightly insist that it safeguard data. Who to best set those expectations? Retail CEOs.
Retail CEOs and business unit heads have a de facto role in security. They’re the right people to elevate the conversation around online security from one of fear to one of opportunity. When disaster strikes, CEOs get the blame for an organization’s weak security posture. Therefore, it's better for executives to influence the debate and, as a result of their engagement, drive the development or application of solutions befitting retail.
Solutions that combine security, usability and interoperability across all channels, including the Internet of Things, are available. There are even open standards for how login and payments can be secure, truly password-less, and consistent across all channels, such as the ones the Fast IDentity Online (FIDO) Alliance promulgates.
FIDO authentication is a prime example of how the needs of online retailers and associated stakeholders contributes to excellence in security that crushes questions of usability, scalability and privacy.
I really enjoy being challenged by retail use cases, as well as the many considerations retailers are forced to make to remain competitive. Retailers have great insight into the behavior of all users, making them ideal ambassadors for what security should look and feel like.
Some cybercrime is daunting, especially the credential reuse success rate of 2 percent. Password hassles incentivize consumers to repeat the same passwords across different services, creating a problem where all service providers are only as secure as the Equifax’s and LinkedIn’s of the world. It’s time to retire the password entirely — not mask it behind fingerprint sensors and selfies, something retail CEOs often say.
Once trust is lost, it’s difficult to earn back. Loyalty to a brand can be fleeting with goods and services being similar except among the more bespoke offerings. Retail CEOs accomplish a lot for security without taking credit for it and sometimes without knowing it. In turn, we in security are improving the feel and reach of security so consumers don’t see or feel it.
Data breaches are everyone’s problem. Let’s make sure that their solution is everyone’s task since retailer-security collaboration has gained meaningful traction and is yielding superb security products.
George Avetisov is the CEO of HYPR, a provider of decentralized authentication solutions.
Related story: What Modell's is Doing to Protect its Customers’ Data