With new threats developing in the retail sector, security measures for brick-and-mortar stores need to begin going beyond physical protection to consider the impacts of the cyber world. In 2014, eBay, AOL, Adobe, and Target all fell victim to largescale security breaches and resulted in the endangerment of millions of customer records. According to published reports, Target dealt with more than 70 million hacked accounts, and eBay had over 145 million that were affected.
Though ample evidence exists to aid in the creation of a recovery plan post-breach, there are few instructions on how to avoid such an incident in the first place. With customer loyalty and trust on the line (which has been proven to directly impact revenue and positive ROI), retailers need to find a way to ensure the safety of their customers proactively. With that in mind, here are some ways that brick-and-mortar retailers can beef up security for their customers.
1) Access the Right Expertise: As today’s business environment grows increasingly complex with the integration of mobile, cloud, and other technologies into daily processes, it has become difficult for companies to stay on top of the latest updates and maintain awareness on areas of weakness. In many cases, the Chief Information Officer is looked to as the sole person responsible for dealing with and handling the challenges of in-store security; instead, organizations need to assess their security needs according to business size and professional circumstance, and consider whether recruiting outside help from security experts is a better option.
From a technological perspective, retailers should seek comprehensive IT solutions that offer advanced data monitoring, collection, reporting, auditing, and correlation across the most reliable router, firewall, application, and server systems. This information provides insight into the risk landscape that retailers live in and allows for the development of a stronger security environment.
For small businesses, hiring part-time IT security professionals or consultants may meet their security needs, whereas larger enterprises may need the assistance of a full-time Chief Information Security Officer.
2) Learn Tokenization and Encryption: Perhaps the best way for retailers to secure customer information is to make sure that it is impossible (or at the very least, difficult) for criminals to read it. Tokenization, encryption, or a combination of the two, ensures that even if cyber thieves find a way into a system, they are unable to decipher the sensitive information contained within. While system management may be a daunting task, knowing how and when to patch or update software can be an adequate precautionary measure that works to decrease exposure to exploitation.
Encryption works by demanding a key, or fluctuating numerical code, to access sensitive information. Data moves between processing locations and point of sale systems and becomes scrambled and illegible before reaching the endpoint. Since tokenization sends data from one point to the next without identifying the information, attackers who gain access to the data will only see a fake version of the information, while a third-party location will be able to store the real data.
3) Process Payments Differently: Finally, a useful way to fight back against cyber security threats is to alter the way payments are accepted and processed. Though processing payments in-house is popular, breaches show just how risky this practice is. As criminals grow more adept at targeting in-house systems, externalizing payment processing could be a useful solution. Many retailers will benefit from using cloud-based systems that provide an additional layer of security by eliminating the link between payment terminals, in-store systems, and customer cards.
It is also important to recognize that as the retail industry evolves, embracing EMV card processing, mobile payments, and more is becoming increasingly common. For the nervous retailer, implementing new payment options may seems dangerous but they are crucial to remain competitive. As the deadline for adopting EMV compliance nears, retailers need to reconsider innovative ways of safeguarding business and customer data. The EMV three-pronged security system is the new and improved POS hardware and leads to transactions far more secure than magnetic-stripe payments.
4) Combine Concepts: Though these steps can help beef up security alone, the best strategy involves blending all of these strategies into one powerful solution. Maintaining well-trained staff who are proficient in the latest security technology will allow retailers to be prepared should disaster strike. Since the identity of any retailer is dependent on the trust and loyalty of their consumers, having a proactive security plan in place will boost the image and brand gravity of a company within the marketplace.