#RSP16 Webinar Series Delivers Strategy And Planning Insights

The #RSP16 Retail Strategy & Planning webinar series offers a concentrated burst of information, insights and best practices for retail decision-makers. Over four days, from Sept. 19-22, Retail TouchPoints will present seven webinars on some of the industry's hottest topics, including:

• Using location data to boost business results;

• Harnessing distributed analytics to drive revenue, CX and supply chain excellence;

• Building an "advocate army"; and

Safeguarding your e-Commerce business from the ravages of data-scraping "bots".


MICROS Data Breach Could Involve Russian Cybercriminals

Computer systems at MICROS, a division of Oracle, have suffered a data breach that also has compromised a customer support portal for its MICROS point-of-sale credit card payment systems, according to a report in KrebsOnSecurity.

Oracle, which purchased MICROS in 2014, has confirmed that it is investigating a breach at the POS division. In an email to ZDNet, the company said it had "detected and addressed malicious code in certain legacy MICROS systems," but that Oracle's own systems, corporate network, cloud and other services were not affected. The company also noted that payment card data is encrypted both at rest and transit in MICROS-hosted environments.


Brexit's Retail Impact: The Sky Is Falling! (Or Is It?)

One thing is clear about the impact of Brexit on retailers and consumers: nothing is very clear about the impact of Brexit on retailers and consumers. Yes, there have been immediate effects from the June 23 UK vote to leave the European Union (EU), but most of these have been the result of the nosedive that the British pound has taken relative to other world currencies.

So while economists and pundits are full of predictions, many of them dire, it's important to remember that at this point the effects are more psychological than concrete. The actual shape and scope of the Brexit is unlikely to be known for at least two years, not least because the UK has not even formally filed for its "divorce." British Prime Minister David Cameron, who has said he will resign in October 2016, will leave the invocation of Article 50, which starts the Brexit process, to his successor.


Three Questions To Answer When Balancing Personalization With Data Security

0btmWould you trade your personal data for a more customized retail shopping experience? More and more consumers are saying yes. In a study this year by and the research firm Bovitz, more than 70% of Millennials are somewhat or very interested in personalized offers and willing to trade information about themselves to get them.

This is good news for retailers that want a better understanding of their customer base in order to shape a personalized shopping experience. Yet consumers’ willingness to give you details of their data — beyond basic contact information — goes hand-in-hand with the expectation that you’ll do everything in your power to safeguard it.


Despite Security Concerns, 49% Of Retailers Lack End-To-End Encryption Protections

Although data security measures should be a major priority in the wake of the numerous large-scale data breaches that have occurred at retailers including Target, The Home Depot and Michaels, many retailers still haven’t taken every effort possible to beef up their payment systems' protections.

Only half (49%) of retailers have implemented end-to-end encryption (E2EE) into their payment security plan, while 35% have implemented tokenization of payment data, according to a report from Boston Retail Partners.


Heartland, Smart Card Alliance Team Up To Improve Data Security

1heartlandsmartcardPayment processor Heartland Payment Systems is working with the Smart Card Alliance, a non-profit, multi-industry association that works to streamline smart card technology, to launch the National Center for Advanced Payments and Identity Security. The center is designed to help protect consumer privacy and accelerate the data security of payments and identity, by offering education on industry best practices and advances in security technology.


Modell's Sporting Goods Adds Protective Gear Against Cyberthreats

Modell's Sporting Goods is strapping on protective tech gear to keep its IT and data systems as safe as possible. The 150-store family-owned retailer is working to combat creative, fast-moving hackers and cybercriminals.

"The current threat landscape is ever changing," said Vincent Damiano, VP of Information Security and Compliance at Modell's in an interview with Retail TouchPoints. "We are seeing more sophisticated attacks and traditional solutions are not able to keep up."


New HP POS Integrates Intel Data Security Technologies

HP RP9 Retail System frontA new point-of-sale system from HP is the company's first to include key integrated peripherals enabled with Intel Data Protection Technology for Transactions (DPT for Transactions) technology. The HP RP9 Retail System, which was introduced at the NRF 2016 Big Show, provides end-to-end protection of both payment and non-payment customer data. This creates a secure transaction path that routes data directly from the point of entry to a bank's servers, encrypting sensitive information throughout the process.

"We know the safety of personal data has become a growing concern for retail customers in recent years," said Joe Jensen, VP of Intel's Retail Solutions Division in a statement. "Our Data Protection Technology implemented on the new HP RP9 retail system helps assure customers their data is safe from the moment they make a purchase and provides peace of mind for retailers who are ultimately responsible for customer information."


Speech Recognition Security Tool Redacts Payment Card Numbers In Real Time

When we think about data breaches, the mental image is of a literally silent crime: hackers surreptitiously extracting payment card or personal data from online purchases, or someone sneaking away from a store's point-of-sale with a device that has recorded the data from that day's card transactions.

It's easy to forget that many transactions are still conducted by voice — over the telephone with call center agents. In some retail verticals, as many as 20% to 30% of calls contain sensitive financial information, according to mobile advertising analytics firm Marchex. Safeguarding the sensitive information exchanged during these purchases involves deleting or masking the payment card numbers that are shared by customers.


Breach Exposes Details Of 3.3 Million Hello Kitty Users, But No Data Is Stolen

More than three million accounts associated with the Hello Kitty brand on, and were left vulnerable to data theft, according to a report from CSO Online. Sanrio, the retailer and designer that owns the Hello Kitty brand, said it has since secured the servers.

Online security researcher Chris Vickery uncovered the database vulnerability on Dec. 19, contacting CSO Salted Hash and The leaked information included users' first and last names, birthdays, genders, countries of origin, email addresses, password hashes, password hint questions and answers and other data, according to Vickery.

In a statement, Sanrio Digital said, “At this time we have no indication that any personal information was stolen.” Credit card and additional payments information was not included in the leaked data, and user passwords were encrypted.

In addition to the primary SanrioTown database, two additional backup servers containing mirrored data also were discovered. The earliest logged exposure of this data is November 22, 2015.

Vickery, who explores security vulnerabilities in his spare time and reports them to the affected companies, said the hole in the Hello Kitty site was the result of a database misconfiguration, leaving it open to public access without a password or authentication, according to Reuters.

This is the second time Sanrio has had to deal with a database leaking information. Earlier in 2015, the company investigated a database leak that exposed information on more than 6,000 shareholders.

The incident comes on the heels of the data breach of another Hong Kong-based children’s product brand, VTech. That hack exposed personal data, chat logs and photos of as many as 6.3 million people, including 200,000 children. This month, UK police arrested a 21-year-old man in connection with the VTech breach.

Subscribe to this RSS feed