Security / PCI Compliance

The stakes have gotten higher when it comes to protecting consumer data. Some highly publicized, significant data breaches have motivated retailers and solution providers to rethink their approaches to data security. It’s a constant challenge to stay ahead of hackers and other criminals, but it’s also an industry mandate. Find out more about new solutions and how to keep up with PCI compliance here.

Consumer Behavior Fuels Fraud And Retailers Need To Fight Back

Trying to provide customers with a simple, streamlined and frictionless interaction is a more-or-less universal goal. Every retailer wants to give customers a great experience that will have buyers coming back again and again. Unfortunately, the trend toward frictionless commerce has its downsides. Consumers expect to receive products faster and pay less for them. In effect, we’ve created a culture of instant gratification surrounding online retail, and that fact holds consequences for consumers and retailers alike.

Minimizing Legal Risks For Retailers That Use Biometric Data

Artificial intelligence (AI) tools offer retailers large chunks of data that are helpful in creating robust customer profiles, as well as curated and frictionless customer experiences. Many retailers are aware of the benefits offered by the subset of AI tools that involve biometric data. Facial recognition technology is automating and improving the customer experience in both the online (mobile try-on features) and brick-and-mortar (cashierless stores) sales environments. Some retailers use it as an asset protection measure (to identify known shoplifters). Fingerprinting employees is likewise automating retail timekeeping and jumpstarting wellness programs. Third-party vendors are out in the marketplace aggressively pitching retailers on the exciting benefits of cutting-edge technology tools. Yet retailers’ use of biometric data in certain jurisdictions presents legal and compliance challenges distinct from other types of data. Select state privacy statutes and the European Union’s General Data Protection Regulation (GDPR) impose additional requirements on businesses that collect or utilize biometric data from either customers or employees. While no federal law preempts those state statutes, the Federal Trade Commission has issued guidance on facial recognition technology that cites its authority under Section 5 of the FTC Act to police unfair or deceptive biometric data practices.

Identity Theft Can Even Make Shopping Stressful

As online and mobile shopping continues to gain in popularity, identity thieves have more opportunities than ever to steal sensitive financial information from unsuspecting consumers. Customers expect retailers to take extra steps to keep their data safe, but with record-setting data breaches constantly in the news, it’s no surprise that nearly half of respondents to Generali Global Assistance’s recent Cyber Barometer indicated that companies are not doing enough to protect their personal information.

Fraud Report Reveals Importance Of ID Verification In Delivering A Seamless And Secure Customer Experience

With the rise of e-Commerce and prevalence of mobile devices, shopping has reached a new level of ease for consumers. Expectations for fast and easy experiences are higher today than they were just a few years ago, and while the growth of these convenient channels equals higher sales, it also opens the door for fraud. Most consumers are aware that data breaches and digital fraud are increasing at a rapid rate, and that their personal information is potentially already available on the dark web, yet their tolerance for adding friction to the authentication process for fraud prevention only goes so far: research from IDology’s Consumer Digital Identity Study showed that one in three consumers will abandon creating an account if the process is too cumbersome.

PCI Isn’t Enough — How Retailers Can Truly Protect All Sensitive Data

When many of us think of sensitive data, we automatically think about credit card information. But what about all the rest? As recent data breaches taught us, hackers and bad actors can do quite a bit with other types of personal information, such as user names, passwords, addresses, phone numbers, birth dates and so on. As more retailers embark on a truly hybrid sales strategy that encompasses an online presence as well as a brick-and-mortar store, they find themselves with a wealth of sensitive information. So how can retailers keep that information safe? Payment Card Information (PCI) regulations cover credit card data during transactions, but do nothing to protect that information after a business has stored it in its IT systems. When PCI regulations were introduced, they were hailed as a great leap forward in ensuring that businesses maintained stringent levels of safety around payment cards. But since that time, we’ve seen an explosion in the online marketplace, which has made existing security regulations like PCI confusing to implement because they’re usually either limited or too broad.

Retailers Are Turning To Face Recognition To Thwart Growing Fraud And Shoplifting Threats

An increasingly large number of retailers are waking up to an unfortunate fact: despite loss prevention and asset protection professionals’ best efforts, organized retail crime and return fraud continue to rise. In order to combat these rising concerns, forward-thinking retailers have started employing facial recognition solutions to protect merchandise, employees and customers from threats. And while this technology is relatively new for retail, it just might prove to be the secret sauce for preventing shrink.

Study: Only 11% Of Consumers Trust Retailers To Handle Data Breaches Properly

Retailers face a significant mistrust issue when it comes to data breaches: only 11% of consumers trust retailers to properly handle data breaches, according to a survey by First Data. High-profile events, such as the HBC data breach that affected as many a 5 million shoppers in 2018, can erode trust across the entire industry. But retailers have many tools to help them build up shoppers’ trust. “The media continues to give breach events a public profile, and they pounce when they discover them and disseminate that information pretty broadly,” said EJ Jackson, SVP and GM of Security and Fraud Solutions at First Data in an interview with Retail TouchPoints. “I think that’s also a reflection that fraudsters are getting more sophisticated and more successful, and I think retailers aren’t quite keeping pace. They really have to solidify their efforts to protect trust.” The most important step retailers can take to build trust with shoppers is also the most straightforward: protect themselves from data breaches before they can happen. While this is a complex process with no single solution, adhering to best practices can help retailers rise to the challenge: Ensure anti-fraud efforts are properly funded. The first step in…

49% Of Shoppers Abandon A Retailer After Experiencing Credit Card Fraud

Nearly half (49%) of consumers have reported being a victim of credit card fraud where their card information was illegally used by someone else, according to a survey from Riskified. Among these victims, 49% abandon the retailer entirely after learning of the fraud, with 29% blaming the merchant that approved the fraudulent purchase. Retailers also can lose customers when they adopt strict anti-fraud measures. Merchants often decline orders out of caution, which means they sometimes reject good, honest customers. Up to 30% of shoppers say they have had their purchase wrongly declined, and 57% of those declines happen to returning customers, with a corresponding negative impact on their satisfaction and return shopping. These false declines end up robbing retailers of as much as 5.5% of their annual revenue.

The ‘Art’ And ‘Science’ Of GDPR Consent For Retailers

You’ve seen it before, the long form you must sign before participating in a potentially dangerous activity, the checkbox at the bottom of an end user agreement before you can use a new piece of software, the numerous documents that are part of every major financial purchase. These arduous processes are developed by companies in response to a regulation, an issue or advice from a lawyer. Not surprisingly, organizations are responding similarly to growing regulatory concerns such as GDPR, ePrivacy and CCPA. In hopes of addressing the new regulations quickly and efficiently, enterprises err on the “science” side of consent collection while ignoring the “art” of consent collection. This is an important distinction because customer consent is the key that unlocks customer conversation and insights that drive a more meaningful exchange.

A Cloud Security Blanket For Retail Operators

By now, retail operators are very familiar with the reasons for moving their networks to the cloud: flexibility, scalability, centralized management capability, consistency of commerce experience and cost, to name a few. They also likely are well aware of the issues that can accompany such a move, none of which is more concerning than that of network and data security. Given the U.S retail sector’s growing dependence on the cloud, along with that sector’s apparent vulnerability to data breaches, the concerns about security are justified. Half of U.S. retailers were breached in the past year, well above the 27% global average for retailers, according to a recent report from Thales eSecurity. What’s more, U.S. retailers lead the world in security breaches; three-quarters of them have been breached at least once.

You Can Have It All: Customer Security And Convenience

As online retailers, you constantly struggle. You want your customers to have a great experience and avoid any hassles or unnecessary hurdles when visiting your site, but you also want them to be protected. We know that customers can find security protocols tedious. It’s frustrating to forget which password you used for a certain site, get locked out after a few login attempts, and then have to experience more obstacles to gain access. We live in a world with an ever-changing technology landscape, yet fraud continues to be a concern year after year. Despite occasional inconveniences, most consumers prefer to have some level of assurance that their personal data is safe when online. The balance between convenience and security is one of the more difficult challenges faced by all online businesses, including retailers. According to our Global Fraud and Identity Report, 66% of consumers prefer security protocols when making transactions online because the extra steps make them feel protected. In fact, lack of visible security was the number one reason customers abandoned a transaction. While your customers may feel protected, these steps may also contribute to a lower frequency of customer logins and transactions due to unpleasant user experiences. Fewer…

2017 Shrink Cost U.S. Retailers $42.49 Billion, 1.85% Of Sales

Global retail shrink led to losses of $99.56 billion in calendar 2017, according to the Sensormatic Global Shrink Index compiled by Tyco Retail Solutions and PlanetRetail RNG. U.S. shrink generated losses of $42.49 billion, accounting for 1.85% of retail sales, slightly above the global average of 1.82%. The National Retail Federation and the University of Florida also analyzed U.S. shrink trends by interviewing 63 loss prevention and asset protection professionals from a variety of retail sectors. This study found that shrink averaged 1.33% of sales in 2017, down from 1.44% the year before. A total of 59% of those surveyed said that shrink was flat or decreasing, up from 51% in 2016. In comparison, 41% of respondents claimed shrink was growing, down from 49%. The Sensormatic report surveyed 1,120 professionals from retailers in 14 countries that collectively operate more than 229,000 stores. Shrink rates in the U.S. varied by retail sector, with the highest level, 2.43%, experienced by fashion and accessories stores. Other U.S. retail segments with high levels of shrink included: Convenience Stores: 2.05%; Home, Garden and Auto Stores: 2.05%; Drug Stores, Pharmacies and Perfumeries: 2.03%; and Variety Stores: 1.95%. “Fashion merchandise is always in high demand and items…

Footwear Retailer Schuh Kicks Online ‘Hijackers’ Off Its Site

As many as 19% of online customer journeys for UK footwear retailer schuh used to get interrupted by various forms of injected ads, often from competing brands. These ads, generated when consumers unknowingly infected their browser or smartphone with malware, were not visible to schuh’s online team — but they were definitely a visible distraction for shoppers. Namogoo alerted the schuh team about the extent of the online hijacking problem in June 2014, according to Stuart McMillan, Deputy Head of eCommerce at schuh. “I was a bit surprised about the extent of the problem, but given the diversity of users on our web site it made sense,” McMillan said in an interview with Retail TouchPoints. “The biggest surprise was that I hadn’t even considered the problem until Namogoo came along.”

Macy’s Reveals Two-Month-Long Data Breach

Macy’s has informed online shoppers of a data breach that lasted nearly two months. The breach affected an unspecified but “small number of our customers,” the retailer revealed in a letter emailed to customers last week. Macy's cyber threat alert tools detected suspicious login activities on June 11.
Subscribe to this RSS feed