Retail companies have a great deal of data to create a personalized online shopping experience for their customers, so what steps do they need to take to ensure their customers are secure?
While there’s never a bad time to think about cybersecurity practices, the holiday season is the perfect time to think about how you can stay secure while you're shopping. The transformation seen in the retail sector has been dramatic, as almost every brick-and-mortar store has entered the e-commerce world with an online platform to keep customers connected and sales flowing.
It's no secret that e-commerce has grown tremendously in the last few years, and many shoppers are purchasing online regularly. Apart from that, in the wake of the COVID-19 pandemic, there has been tremendous growth in online shopping. It's expected that the U.S. economy will experience a further 13.7% growth by the end of 2021. This demonstrates just how robust e-commerce has become even as more in-store shopping has resumed over the past few months.
Although online shopping has constantly proven to be a blessing to society, retail cybersecurity is a consistently evolving challenge. Over the past year, we’ve seen attacks against major retailers like Best Buy, Garmin, Under Armour, Sears, and Macy's, to mention a few. As a shopper, you might wonder whether it's safe to shop with these retailers, right? Well, you’ve probably shopped at plenty of retail organizations that have been impacted by ransomware, given the frequency retail organizations are targeted. According to Sophos’ The State of Ransomware in Retail 2021 Report, 44% of the almost 500 retail organizations who participated in the survey stated they were hit by ransomware in the past year. 54% of those organizations hit by ransomware said the cybercriminals succeeded in encrypting their data in some way, and of those organizations hit, 32% paid the ransom to get their data back. The average ransom payment paid? Almost $150,000 USD.
Shopping online brings convenience to shoppers, but how can they stay protected? Retail companies have a great deal of data to create a personalized online shopping experience for their customers, so what steps do they need to take to ensure their customers are secure? And how can consumers know that companies are keeping them safe online? We've unpacked cybersecurity’s role in retail, as consumer data is becoming a retailers' competitive edge.
Taylor Hersom, cybersecurity expert, Founder & CEO of Eden Data, and Ben Pivar, SVP & Chief Information Officer of Carter’s and member of our Atlanta and Retail Innovation Advisory Council, weighed in to provide their valuable perspective on the most important aspects of cybersecurity to keep in mind for the retail sector and its customers.
Over the past few years, e-commerce has made remarkable strides worldwide. COVID-19 has played a significant role in this growth since most people have shopped online during the pandemic. According to Statista, an estimated $560 billion of sales are expected by the end of 2021. It's further estimated that the U.S. would reach up to $735 Billion by 2023.
Several factors have contributed to the growth of e-commerce over the past few years. For instance, people can now buy and sell things online conveniently and quickly using their smartphones. Financial companies have also transformed payment methods, making them secure and straightforward. Businesses can now integrate payment systems into mobile applications, making payments more accessible to their clients.
Data gathered by e-commerce businesses have also contributed to their growth. Nowadays, online retailers can track consumer preferences and store thousands of data points representing individual behavior. Retailers then leverage this information to create a further personalized experience for their customers.
Finally, improved consumer experiences have made a significant impact on the growth of e-commerce. Consumers can shop through these personalized approaches that command high customer engagement. With artificial intelligence in online shopping, businesses can predict shopping patterns based on when and what products meet customers’ preferences or those with similar patterns.
Customer data has become a vital aspect of the growth of online retail. Businesses are increasingly using data to improve their ability to sell by carefully analyzing their customers' data. How retailers use this data and ensuring that customers know what type of data is being collected is a hot topic.
For instance, if you've searched for a product and left that site or browser, you'll probably find that product the next time you visit the site. Well, this happens a lot.
Online retailers are using consumer data to fine-tune their understanding of what their customers are looking for, the price of their most preferred products, and how they will market them to you.
Let’s explore a few types of consumer data that matter to retailers:
Retailers are individualizing experiences and collecting one of the more foundational pieces of customer data, identity data. These data points include attributes like a person’s name, gender, contact information, social media profiles, addresses, age, phone numbers, credit card numbers, and social security numbers. Often this data is what’s called personally identifiable information or (PII). Most organizations categorize PII data into three categories: public data, private data, and restricted data. Data in the public domain would fall into the public data realm, while information like social security numbers would be highly sensitive and need to have the highest level of security controls.
Descriptive data builds on identity data and goes more in-depth by tracking purchase patterns, website visits, email opens, and usage rates to help establish who consumers are. For retailers, this is relatively simple to collect through a point-of-sale platform. Descriptive data allows retailers to track market share and help with building customer personas, which help marketers perfect products for their consumers.
Behavioral data brings identity and descriptive data together to reflect on consumer actions and identify what consumers do. Google Analytics is one of the well-known platforms for gathering behavioral data, as it provides valuable information on how they go through a website by tracking things like acquisition, pages visited, how long they stay, and many other data points.
This last type of data, qualitative data, is essential for creating a whole picture of consumer data as it represents what consumers think. This includes customer ratings and feedback that not only can help brands from a marketing perspective (if it’s good at least), but also allows development teams to adjust products or services to what consumers really want. There’s a reason updated models of products come out so often—what consumers want and need changes all the time; qualitative data helps figure what those are. In order to have credible qualitative data, though, retailers need to be sure they aren’t asking too much or too often, as this could lead to low-quality responses.
Let's say you have an Amazon Prime account and shop at Whole Foods. Once you checkout and link your Prime account to get Prime deals on your groceries, Amazon now has a look into your family's diet. They'll know you like cereal in the mornings, salads at lunch, and tacos every Tuesday. This may sound intrusive, but it can be highly convenient as you order groceries online, as Amazon will be able to know precisely what you want so you can add to your cart seamlessly.
Do you have a Ring doorbell or security system that links to your phone? Any integrations that include your smartphone give companies access to a great deal of your data. Especially something like a Ring doorbell, this device is recording everything about your home 24/7. This has been an incredible security system keeping millions safe every day, but 24/7 surveillance contains an enormous amount of sensitive data. You may be able to hide your online shopping splurges from your significant other, but not from Ring.
You're looking up a fun winter vacation spot, and now all of your social media ads are about ski gear. While third-party cookies aren't as accessible as they once were, the sharing of data between what you're searching for and applications like Instagram is still happening all the time. Instagram especially is evolving into an e-commerce platform—a long road from a simple photo-sharing app. One minute you can be buying new ski poles, and the next, you'll be watching a Reel of puppies (because Instagram knows you just got one).
Your Apple Watch or Fitbit is doing a ton of behind-the-scenes work while you're working out. With the popularity of tech wearables, Biometrics has become an easy way for retailers to enter the healthcare arena and vice versa. Amazon and Apple have quickly become significant players in the healthcare space, pushing innovation for the patient experience with convenience and accessibility. The Apple Watch is taking things to even higher heights with EKG monitoring, blood pressure, knowing if you fall off your bike- all of which contains endless personal data about users.
Online retail has remained to be one of the biggest targets for cybersecurity threats. The more people continue shopping online, the more hackers have become interested in consumers' data. Personal data is a valuable asset, and with the continued growth in the online retail industry, it is clear why there's a surge in hacking.
As explained above, customers have to provide a lot of personal data when shopping online. This means that they entrust crucial information like email address, credit card information, password, and username to these companies. Cybercriminals can steal this information from online retail databases and make money from it, which can quickly ruin a business's reputation. So, which are the biggest cybersecurity threats to online businesses? Here is a breakdown of common cyber threats you should know about.
"Consumers should be extremely vigilant about phishing and spoofing emails. Bad actors are targeting them with spoofed offers from what look to be well-known companies. Please take the time to look at the actual email address and make sure you don't click links, give information on phone calls or texts to any bad actors." – Ben Pivar, SVP & Chief Information Officer of Carter’s
Phishing is a type of fraud aimed at accessing buyers' details like logins, bank card details, and passwords. Hackers often use mass mailing and links to fake online stores that look real to collect consumers' data and steal from them fraudulently.
"Malware" is a short term for malicious software. Examples of malware that hackers can use in your online retail stores include worms, viruses, spyware, adware, and Trojan viruses, and ransomware. Cybercriminals are using malware by infecting computers and mobile devices. They can use the malware to collect personal passwords, steal money, and even block consumers' devices.
Ransomware has quickly become a cybersecurity threat to many online shoppers. Hackers use a specific type of malware to lock devices from their users. Therefore, device owners must buy passwords from hackers to access their devices. Hackers can inject ransomware into your device through pop-ups, fake sites, and phishing emails.
Cybercriminals use DDoS by sending several requests from several compromised I.P.s to destroy your web resources. When your online store floods with a large amount of traffic, your customers will not purchase. As a result, your customers cannot make any purchases which could make you lose them.
Secure online shopping is a mutual responsibility for both the consumers and the service provider. Here are a few tips that can help you secure your customers' data as a business.
Some businesses collect data they don't need, mainly relying on software that automatically collects information. However, a company should only select the information they need and handle it to avoid having a lot of information prone to cybercriminals.
"Retailers should treat PCI and PII data with utmost caution. PCI data should be segmented in the network, so that customer's PCI data is sent directly, using encryption to payment providers and without hitting the retailer's network." – Ben Pivar, SVP & Chief Information Officer of Carter’s
Your organization needs a team that is responsible for collecting, storing, and securing consumers' information. Otherwise, you won't have anyone to pay attention to any forms of threats against the data that you collect and hold accountable.
You can start by using a security awareness training program to educate your employees about data security. A security awareness program has two major initiatives you should consider.
First, create a team of executive management support and initiative leaders. This team will ensure that your data security financing is well utilized and that data security remains a top priority for your business.
Second, your team should create a strategic plan for an online security program. Your plan should outline short and long-term goals that create a qualitative measurement of your data security goals.
Proper data security measures involve determining who should access your data and sufficiently securing your company's website, databases, and networks. Businesses should also use encryption standards relevant to the storage and transmission of sensitive data.
"Retailers should work to protect from internal bad actors by carefully managing privileged access so that only specific employees have access to secure data. Setting up multifactor password management is also important to protecting assets." Ben Pivar, SVP & Chief Information Officer of Carter’s
Employees with access to consumer data should create complex passwords that hackers cannot break. Otherwise, you might be hacked if you use weak passwords or use the same password for numerous accounts.
Multi-factor authentication stands to be the best means to protect your consumers' data. Multi-factor authentication requires a user to present two or more pieces of evidence to gain evidence and access a login account. Examples of evidence a consumer should present include email address, phone number, and security questions.
Although multi-factor authentication can use several authentication factors to validate a user's identity, two-factor authentication is most commonly used. A multiple-factor authentication process can be triggered if some form of suspicious user behavior is detected.
Your privacy policy should clearly outline your business practices. A well-outlined policy serves as a robust legal agreement that protects your business in case of a security breach. Since many consumers don't read the privacy policy, you should provide reminders on how your business will manage their information at crucial moments, like giving personal data.
As a business, invest in current security software, web browsers, and operating systems to defend yourself from hackers. Outdated programs are easy to infiltrate, so regular updating strengthens their defense against viruses and malware.
Consumers also have the responsibility to avoid cyber danger while shopping online. There are several warning signs to determine whether a website is safe or not. Keep an eye out for the following:
"Manage and protect your passwords! Too many consumers use the same passwords across multiple accounts. Worse, they often use simple passwords that any bad actor could figure out by looking at social media posts. I suggest a good password manager solution that recommends complex passwords and for consumers leverage multifactor identification on websites to protect themselves." - Ben Pivar, SVP & Chief Information Officer of Carter’s
Ensure that all your electronic devices have antiviruses running on their software and apps. You should also ensure that the antiviruses are updated to maintain optimal security.
Using a credit card is more secure than a debit card since there's more consumer protection. Apart from that, debit cards are directly linked to your bank account, putting you at risk of more severe damage.
Always use secure Wi-Fi when making online purchases. Avoid public networks to login into payment sites like PayPal or your bank account. Hackers might be able to access your personal information from public networks since they are usually insecure.
To guarantee added safety, ensure that your online shop website has encryption. Look out for a closed padlock or a URL that starts with "HTTPS" to confirm whether a site is secure. By confirming these two elements, you will guarantee that your information is safe and secure.
A message from cybersecurity experts at Eden Data:
We live in a data-driven world, and no time of year is driven by more data than the holidays. Thanks to our good ol' pal Kris Kringle promising trendy treasures to every family member, friend, colleague, and dog on the nice list, sensitive data is shared more frequently than Santa stops on Christmas Eve. But just like we've all watched in Home Alone (and, let's be honest, will watch again at least once this year)- criminals love to prey during the holidays in places they think won't be safeguarded. Which brings me to the newest era of shopping and the topic of our security awareness... shopping through social media ads. By simply paying to advertise on social, scammers can attract unsuspecting customers and bypass verification measures inherently built into other platforms like Google's search engine. So how can all of you little Kevins stay vigilant against crime this holiday season? Here are some booby-traps scammers often fall into:
The holidays are stressful. Don't let the safety of your data add to it (... that's what in-laws are for). Safe shopping, ya filthy animals!
Cybersecurity is one of the most discussed topics across our Innovation Advisory Councils and Roundtable Sessions. As data becomes more and more valuable, so does the threat landscape businesses face in protecting their data. Interested in what tomorrow’s cybersecurity landscape looks like and what early-stage technologies are changing the game? Get in touch today.
As we enter 2025, we see the significant influence of artificial intelligence (AI), a force that is deeply reshaping industries and their strategies. The Vation Ventures State of the Industry 2025 article unpacks AI’s transformative impact on businesses and industries worldwide.
The ongoing development of the Vation Ventures Platform presents a future where technology alignment and strategic business planning are more closely connected, enabling companies to navigate the complexities of the digital age with greater agility and informed confidence.
The End Customer Panel at the 2024 Global Summit provided an invaluable look into the perspectives of technology executives who have real-world experiences in implementing AI within their organizations.