In recent years, the retail industry has shifted its focus increasingly toward more security-centered business processes. As the threat environment continues to evolve, the personal information of retail customers is still incredibly valuable for hackers, and thus remains a prime target.
In addition, instances of breached retail data have been on the rise. The past year brought us a number of high-profile cases that impacted millions of customers, affecting Home Depot, craft store Michaels and Dairy Queen.
As vendors collect ever-expanding databases of information about their customers for marketing and customization purposes, the retail industry becomes an even more attractive target.
"With some retail stores suffering data breaches affecting millions of people and recovering after data was stolen from customer credit cards, businesses need to balance a desire for more data while keeping IT systems secure," wrote Tech Page One contributor Brian T. Horowitz.
As a result of these conditions, retailers are placing a higher importance on security.
Hoarding data: Protecting sensitive customer information
These days, a rising number of retailers use predictive analytics, where historical and real-time consumer information is leveraged to predict future preferences. While the plethora of data collected can provide real benefits for both the brand and its clients — including a more tailored, enjoyable end-user experience — it can also create considerable risk.
U.S. Representative Peter Welch noted at the National Retail Federation conference in early January that these practices have to come with a balance between information gathering for marketing purposes and concern about security and breaches. For this reason, Welch and other lawmakers proposed creating a single set of standards for the retail sector to rely on to prevent breaches.
"You can't have a retailer dealing with 50 different standards, so the challenge for us is to come up with a standard that's simple and straightforward for the retailers," said U.S. Rep. Marsha Blackburn.
Boston Retail Partners Principal Ken Morris told Luxury Daily that the current threat environment calls for more robust standards in the industry.
"Simply meeting PCI compliance standards is no longer sufficient to protect customer data," Morris said. "Hackers have become increasingly sophisticated, requiring retailers to reanalyze and revamp their current security protocols to adequately protect their customers and their brand."
Until a new standard is established, retailers can fall back on the protection measures that are consistently required in current guidelines. These include encryption to safeguard customer details as well as authentication credentials for the databases containing this information. With these security measures in place, chances of a breach or other unauthorized access are greatly reduced as only those with the proper usernames, passwords and decryption key are able to view protected data.
Securing payment systems
A recent survey from Boston Retail Partners found that 63 percent of all retailers reported that payment security is among their top three priorities this year. With Neiman Marcus and Kmart suffering through payment system infiltrations, it is more important than ever to make sure these systems are secure. A breach doesn't just impact the customers whose information was leaked, it's a bad reflection on the brand.
"To breach is to die. It is a brand killer and CEOs will lose their jobs," Morris said. "Retailers are taking this risk seriously, as the negative impact of a data breach can be massive in terms of financial cost and, more importantly, the damaging effects on customer perceptions and loyalty."
In this spirit, many retailers are looking to upgrade their payment systems to leverage the EMV standards set by Europay, MasterCard and Visa. Currently, companies must comply by October 2015 to avoid being held responsible — instead of the financial institution — for any fraudulent charges.
Other retailers are shifting their encryption processes so that the decryption key is stored by the bank instead of the vendor. In this way, hackers have to breach the bank as well as the retailer to access sensitive information. Luxury Daily noted that 45 percent of retailers are planning to increase their encryption capabilities by October.
Companies are also increasingly leveraging tokenization processes, where customers' payment card information is turned into a token. This prevents any third parties from gain access to the card number or other associated information.
Overall, one of the best ways to boost security is to work with an expert like Hostway. Hostway provides a range of security services via both its network presence and its application use. Hostway also offers anti-virus, threat analysis and testing. To find out more, contact Hostway today.