The retail industry is a prime target for fraud and data breaches – it is the second most targeted sector aside from finance.
One of the reasons why the retail industry is so attractive to fraudsters is because every transaction has the potential to yield multiple types of customer data associated with credit and debit cards, whether it comes from infecting the in-store technology or if data is stored elsewhere in the company.
But contrary to what you may think, brick-and-mortar retailers, which carefully deploy heavily tested and proven POS (point-of-sale) software to handle critical checkout tasks in store, may be struggling more than online retailers, who have much more frequent updates to their order and payment applications, to protect customers’ sensitive personal data and banking information.
Pre-internet software in a real-time hacker world
If the design of your store software stack originated in the pre-internet era, when taking months to rollout updates to POS software on CD “golden disks” was the norm (with POS systems having a life cycle of 10 or more years, systems such as these are still in operation!), how do you respond effectively to today’s cyber hackers who continuously invade your environment probing for vulnerabilities? And even if you know you have a breach, the POS fix across a large chain may take weeks or months. As a hacker, of course you would want to “follow the money” and attack famous brands, so it is hard to avoid risk as both retailer and banks have exposure. Ironically, we are seeing consumers coming back to cash to avoid the exposure entirely when shopping in physical stores!
More than ever, retailers must be on the cusp of new technology or risk falling behind the marketplace. Why? Because shoppers will stop connecting with brands that fail to protect their information and data. In fact, you may be surprised to learn that most consumers now view online transactions as safer than POS transactions at a brick-and-mortar location, according to a recent study by ACI Worldwide and Aite Group. The growth of ecommerce in retail has lots of reasons to continue as consumers look to simplicity and security from the same place. For omni-channel retailing to work, the physical store must keep up.
The race to update
Fortunately there are some alternatives emerging for omni-channel retailers. For brick-and-mortar retailers, the shift to EMV payment technology promises to improve security and reduce fraud at in-store POS systems. EMV, or “chip and pin,” technology incorporates embedded microprocessor chips on credit and debit cards, replacing the less secure magnetic-stripe cards. By October 2015, major global banks and payment providers, including Visa and MasterCard, will require retailers to support EMV technology (with in-store readers) or bear the risk of loss. Tokenisation is another layer that can add security to EMV.
However, expect that ApplePay will get a great promotional boost as it not only adds tokenisation but also fingerprint recognition and a cryptogram with the transaction.
Then again, if you are coming from the ecommerce world, it begs the question: why do you need POS at all? I believe that the convergence of the digital and physical world will happen quicker than many believe and POS systems are phased out in favor of mobile tablets or phones and, eventually, simply rely on the consumer’s own phone to initiate the notice of payment to the retailer without handing over any of their personally identifiable information (PII) to in-store technologies.
Regardless of the advances, this author believes there will be a continuing arms race – retailers and payment providers developing ever more secure methods including end-to-end encryption and the hackers deploying ever more sophisticated tools to get around them. Of course, the simplest method for hackers is always having someone on the inside who knows the way around all the defenses.
For most retailers, updated e-commerce and in-store technology systems are critical for improving shopper sentiment and data security. Combined with robust fraud prevention solutions, advanced commerce technology features like the seamless convergence of digital and physical store touch points on a single platform and real-time capabilities significantly decrease the risk of a serious data breach.
Powerful e-commerce technologies also help brands become more responsive to evolving data risks. Backed by more agile and robust commerce solutions, retailers are able to more quickly adapt to the latest threats including those in-store —in order to reduce the odds of security events and giving customers the confidence they need to remain loyal to the brand.