The E-Commerce Cyber Security Advantage

Rick Chavie, chief solution officer at hybris software

The retail industry is a prime target for fraud and data breaches – it is the second most targeted sector aside from finance.

One of the reasons why the retail industry is so attractive to fraudsters is because every transaction has the potential to yield multiple types of customer data associated with credit and debit cards, whether it comes from infecting the in-store technology or if data is stored elsewhere in the company.

But contrary to what you may think, brick-and-mortar retailers, which carefully deploy heavily tested and proven POS (point-of-sale) software to handle critical checkout tasks in store, may be struggling more than online retailers, who have much more frequent updates to their order and payment applications, to protect customers’ sensitive personal data and banking information.

Pre-internet software in a real-time hacker world

If the design of your store software stack originated in the pre-internet era, when taking months to rollout updates to POS software on CD “golden disks” was the norm (with POS systems having a life cycle of 10 or more years, systems such as these are still in operation!), how do you respond effectively to today’s cyber hackers who continuously invade your environment probing for vulnerabilities? And even if you know you have a breach, the POS fix across a large chain may take weeks or months. As a hacker, of course you would want to “follow the money” and attack famous brands, so it is hard to avoid risk as both retailer and banks have exposure. Ironically, we are seeing consumers coming back to cash to avoid the exposure entirely when shopping in physical stores!

More than ever, retailers must be on the cusp of new technology or risk falling behind the marketplace. Why? Because shoppers will stop connecting with brands that fail to protect their information and data. In fact, you may be surprised to learn that most consumers now view online transactions as safer than POS transactions at a brick-and-mortar location, according to a recent study by ACI Worldwide and Aite Group. The growth of ecommerce in retail has lots of reasons to continue as consumers look to simplicity and security from the same place. For omni-channel retailing to work, the physical store must keep up.

The race to update

Fortunately there are some alternatives emerging for omni-channel retailers. For brick-and-mortar retailers, the shift to EMV payment technology promises to improve security and reduce fraud at in-store POS systems. EMV, or “chip and pin,” technology incorporates embedded microprocessor chips on credit and debit cards, replacing the less secure magnetic-stripe cards. By October 2015, major global banks and payment providers, including Visa and MasterCard, will require retailers to support EMV technology (with in-store readers) or bear the risk of loss. Tokenisation is another layer that can add security to EMV.

However, expect that ApplePay will get a great promotional boost as it not only adds tokenisation but also fingerprint recognition and a cryptogram with the transaction.

Then again, if you are coming from the ecommerce world, it begs the question: why do you need POS at all? I believe that the convergence of the digital and physical world will happen quicker than many believe and POS systems are phased out in favor of mobile tablets or phones and, eventually, simply rely on the consumer’s own phone to initiate the notice of payment to the retailer without handing over any of their personally identifiable information (PII) to in-store technologies.

Regardless of the advances, this author believes there will be a continuing arms race – retailers and payment providers developing ever more secure methods including end-to-end encryption and the hackers deploying ever more sophisticated tools to get around them. Of course, the simplest method for hackers is always having someone on the inside who knows the way around all the defenses.


For most retailers, updated e-commerce and in-store technology systems are critical for improving shopper sentiment and data security. Combined with robust fraud prevention solutions, advanced commerce technology features like the seamless convergence of digital and physical store touch points on a single platform and real-time capabilities significantly decrease the risk of a serious data breach.

Powerful e-commerce technologies also help brands become more responsive to evolving data risks. Backed by more agile and robust commerce solutions, retailers are able to more quickly adapt to the latest threats including those in-store —in order to reduce the odds of security events and giving customers the confidence they need to remain loyal to the brand.

Join the CSO newsletter!

Error: Please check your email address.

Tags ecommerce worlde-commercee-commerce technologiesPOS (point-of-sale)debit cardsantibodiesCSO AustraliaPOS softwarecyber securityHybris SoftwareApplePay

More about ACI WorldwideVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rick Chavie

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place