By Archie Reed, CTO for Strategic Enterprise Services, Hewlett Packard Asia Pacific & Japan
Consumers have grown accustomed to utilising a wide range of convenient transaction methods on their “path to purchase,” including e-commerce, mobile commerce and transactional portals such as console-based web stores. They enjoy the convenience of researching and refining their potential purchases at a place and time that suits them.
To facilitate an increasing demand for retail transaction through digital channels, retailers have created websites, mobile sites and other means of showcasing their products and services remotely. Forward-looking retailers are now investing in omni-channel solutions to seamlessly unify the out-of-store and in-store shopping experience.
The benefits associated with new forms of engagement are numerous for retailers and consumers alike. However, with these benefits comes heightened risk in the form of potential fraud, digital theft and cyber-crime, with the responsibility for minimising such risk lying squarely with the retailer.
Every day criminals test retail systems for potential weaknesses, looking to exploit vulnerabilities to access sensitive information. Due to the complex nature of today’s retail model, trying to secure the digital retail environment is an all-encompassing challenge that impacts multiple channels and business units. The increase in the sophistication of these attacks can be described as a “digital arms race” where new processes and solutions are implemented, yet the attackers return with more refined techniques to breach them.
Innovation in consumer experience is at the forefront of modern retail growth. Businesses that can offer new products, services or experiences drive increased footfall and revenue for the retailer. This innovation brings new opportunities for greater engagement with clients, but also brings new opportunities for criminal activity.
Security requirements impact retailer’s aspirations by increasing the cost of business and associated risk. The more multi-channel touch points, such as web, mobile, telephone and store), the greater the potential for criminal incursion. Each touch point must be secured effectively and regularly tested to ensure that the defences, whether people, process or product, are relevant and capable. New payment methods, such as near field communications (NFC), and the impending Europay, MasterCard and Visa (EMV) standard, will require additional expenditure and focus, yet these requirements may be too much to bear for the time-pressured and cost-conscious retailer.
So how does a modern retailer secure their multi-channel/omni-channel estate in an efficient and safe manner? HP believes that the ATOM approach defines a simple, workable logic-driven means to success:
• Assess where you are today.
• Transform your retail enterprise to better manage risk and capture opportunity.
• Optimise your environment to improve compliance and enable your enterprise for agile performance.
• Manage your retail estate proactively.
This can be further broken down into specific steps:
• People
o Ensure all employees are aware of their security responsibilities.
o Vet security staff and those in positions of authority.
o Brief all staff regularly on the latest threats to security.
• Products
o Utilise a mix of physical and digital security to validate access to sensitive systems.
o Ensure resilience is baked into implementation plans for mission-critical systems.
• Processes
o Implement an audit plan that tests the implementation on a monthly/quarterly basis.
o Utilise double-counting on sensitive cash processes.
o Ensure that Disaster Recovery processes are implemented across all locations and audited.
o Design multi-layered processes that support multiple points of failure.
By utilising these pragmatic steps, retailers can align their multi-channel business to give them a stringent approach to security and offer customers the comfort of dealing with a business that takes their data seriously.
Retailers that follow this approach can expect to benefit in a number of ways. First, internal employees will recognise the gravity of enterprise-wide security and should uphold those values in every activity they perform. Secondly, consumers will be able to enjoy shopping through the various channels in a safe and secure manner. Third, this activity will boost investor confidence as investment dollars will always go to the safest home in any market.
Many retailers recognise the value of working with specialised third-parties that deliver specialist security, testing and accreditation services. This allows the retailer to make the best use of both capital and time, ensuring that the focus is on core-competency of operating a successful merchandising model, while the security specialist ensures that all systems are regularly tested and monitored and corrective patches are implemented in a timely manner.
The explosion of multi-channel in the retail industry has exposed retailers to many more threats than existed ten years ago. Never before have retailers had to protect their physical and virtual presence across so many points from a constant onslaught on a daily basis. These issues, combined with the demands of changing guidelines from various security councils, have increased the cost and complexity of doing business many times over. Best-in-class retailers ensure consumers can engage, shop and interact with the knowledge that their personal data is secure. Future-looking retailers should look to engage their trusted partners to design, validate and test their security defences.