The recent spate of high profile security breaches of major retail chains and e-commerce giants is proof enough that retailers must implement robust security technologies and practices to continue their growth trajectory. Read on…
The global retail sector is estimated to reach US $28 trillion by 2019, at 3.8% average annual growth rate, according to
TheResearch and Markets’ report called ‘Overview & Evolution of the Global Retail Industry’. In this, hyper and supermarkets account for 35% of retail direct sales with US and China at the forefront. E-commerce is also a major contributor to the growth in this sector, as it is becoming the preferred mode of purchase among the youth. This is due to the growing Internet, social, and mobile users base, which have touched 3.77 billion, 2.80 billion and 4.92 billion respectively (as per the “Digital in 2017 Global Overview” report by
We Are Social and Hootsuite).
India is not behind either, with e-Retail expected to reach $17.52 billion by end of 2018 (from $3.59 billion in 2013) at a growth rate of 65%. The boom of digital natives and better infrastructure (logistics, broadband and internet-ready devices) has propelled the demand of e-Commerce in India, according to
ASSOCHAM’s Resurgent India study on Indian e-Retail.
Challenges Posed by Growth
While the digital boom is aiding growth in the retail sector, it’s also posing many challenges.
Accenture, in its report on Integrating Digital is the Latest Retail Industry Challenge says that pervasiveness, personalization and privacy will be key challenges in retail everywhere. These will lead to security breaches, which could prove to be detrimental if taken lightly.
In order to mitigate security breaches effectively, it’s important for retailers to first know what sort of breaches have already happened and drill into their causes. Only then can they take relevant strategic measures for a more resilient security infrastructure.
Severity of Security Breaches
There are enough cases of major security breaches for this sector to be alarmed about. Zomato, the famous food ordering and delivery group for instance, had a data breach that exposed 17 million registered users. Likewise,
Bloomberg reported that US based companies and govt. agencies experienced 1,093 data breaches in 2016. Retail giants across the globe like Target, Staples Home Depot, and e-commerce sites like eBay, Amazon, etc. have been victims of breaches that resulted in millions of compromised records.
The Main Causes
Besides technology related vulnerabilities left from un-patched systems, the retail sector’s focus on omni-channel sales and showrooms also leaves plenty of scope for security breaches to take place. While an omni-channel approach offers consumers a seamless experience, allowing them to purchase items online or from a physical store, it also increases the scope of data theft. They could leave private information while browsing through catalogs of a retailer online and card data while making a purchase at a walk-in retail store. According to PwC’s report on 2017 Retail trends, this can cause an exponential rise in data breaches.
In India, over 92% of the apps tested by PwC were vulnerable with 230,000 new malware samples generated per day, as per
Anurag Mathur, Retail & Consumer Goods Practice Leader, PwC India. At the
India Retail Forum 2016, he also stated that the Indian retail sector is the second most threatened segment (financial services being the first) by cyber-attacks as data privacy protection is becoming a substantial challenge.
Technologies and Best Practices to Implement
The evolving data breach landscape calls for putting in place a proper response plan, comprising of the right technologies, security best practices, and a vibrant data breach response plan.
One is for retailers to ensure a switch to EMV chip and PIN based PoS systems. Many large retailers have already shifted to these systems, which is why Cyber attackers are shifting their focus to smaller franchised stores and others with distributed infrastructure that may not be using EMV chip technology.
The other best practice retailers need to follow is to follow the Payment Card Industry Data Security Standard (PCI-DDS) checklist. PCI-DSS is a proprietary information security standard for organizations that handle branded credit cards from major card schemes. Achieving PCI-DSSC and getting certified is therefore of utmost importance for most retailers who handle a sizable consumer data today.
Unfortunately, PCI compliance still has a long way to go, even though it is mandated by the card brands and has been created to increase controls around cardholder data to reduce credit card fraud. Symantec in its report–Cyber Security in Retail services, points out that four out of five companies have failed an interim assessment of PCI compliance globally.
Updating terminals for point-to-point encryption is another way to keep important payment information from being exposed to criminals. Strengthening network and domain security, and using SSL certificates to secure and encrypt data is also essential for retailers that process personal information like addresses and credit card numbers for e-commerce purchases.
Meanwhile, regularly updating and testing software is essential to reduce the number of cyber security vulnerabilities. Segmenting various applications and databases, grouping items of similar sensitivity is vital. It helps retailers limit traffic within high-risk zones helping break up data into many trails during a malware attack.
Last but not least, having cyber insurance pays off and can save an organization in adverse situations of data breach. The key is to keep up technology enhancements, and a skilled staff to watch every possible move of the attacker.