If you’re a bricks and mortar retailer, you will have systems in place to prevent theft in-store. But how can you safeguard against possible security issues with your online presence?
Retailbiz spoke to Robin Schmitt, APAC general manager of Neustar, about the best ways to protect your business when operating online.
1. Performance review
When selling online, it’s vital to safeguard your website not only from a cyber-security point of view but also in terms of performance.
“Our smaller clients are interested in protecting their web presence and making sure their shop front is available,” said Schmitt. “There are a number of different threats to your operation.
“Some are about performance and making sure your system is performing well, especially during peak times. We have seen retailers in the past being taken down by good marketing—they’ve almost been beaten by their own success.”
This happened to American department store Macy’s on Black Friday last year, with the retailer’s site unable to handle the amount of traffic it was receiving. Rather than experiencing an easy path to purchase, customers were led to a page explaining there was ‘heavier traffic than normal’ with a countdown telling shoppers when they could return to the main site.
One way to handle this is to recognise when you have a major marketing campaign coming up and make sure your systems are ready. Do performance testing beforehand and put monitoring in place during the event so you know if something goes wrong.
2. In-store Internet
With many retailers now offering Wi-Fi in-store, Schmitt said it is important to be aware of the associated security risks.
“Retail is becoming more experiential—you want people to come into your shopping space so you start to offer services to keep them there—and access to the internet is one of those things,” he said.
“[But] it can be insecure. The last thing you want when trying to create a nice environment is to have someone surfing inappropriate sites.”
To address this, Schmitt said there are services available that enable you to protect your business at the DNS (domain name server) level. This will ensure you’re not allowing customers to access certain sites.
“You can set up blacklists and block out whole portions, whether that’s pornography, gaming or even your competitors.”
3. POS
Your point of sale (POS) system is also at risk of security breaches, which means you need to be careful about using reputable providers.
“You need to make sure you’re using appropriate financial gateways,” said Schmitt. “As a retailer, you need to protect yourself and ensure you are PCI [Payment Card Industry] compliant.”
Making sure you can secure your financial information is extremely important. In 2015, Woolworths leaked $1 million worth of shopping vouchers after a massive leak of customer data. While you might not be operating on the same scale, you don’t want to have to inform your customers their personal data has been leaked or stolen.
“New data breach laws in Australia mean you have to announce a leak,” said Schmitt. “Consider the brand impact this could have.”
4. Location, location, location
Think about who you’re allowing to access your (virtual) shop door. “If you have an online store, you might only provide services to a certain location,” said Schmitt.
If this is the case, you can use an IP intelligence service to stop customers being able to transact based on where they are in the world.
“It depends on your business, but we see organisations use this because they have different rules and regulations they need to cater for,” explained Schmitt.
“If you want to sell in Australia, there may be different restrictions to do with warnings or terms you have to show that are different in other countries. You want to sell to overseas consumers but not breach their laws—that’s why you reroute the business to a local site.”
5. Security threats
In November last year a large swathe of sites from Spotify to PayPal, Netflix and the New York Times were taken offline due to multiple DDoS (distributed denial-of-service) attacks. Although it’s unlikely that a small retailer would be the victim of a large-scale attack, you need to understand the financial impact on your business if your site was taken offline for a period of time.
“I don’t think every business needs protection [against DDoS attacks]; you really need to do an analysis of your risk,” said Schmitt.
“Understand the size of your risk and then work with your DDoS mitigation partners to get the solution that matches your business.
“In bricks and mortar retail, you’re going to be insured for theft based on the value of the stock you have on the floor—you’re not going to pay a big premium, you’re going to pay a premium based on the amount you could lose. This is the same online.”
Want the latest retail news delivered straight to your inbox? Click here to sign up to the retailbiz newsletter.