Artificial intelligence (AI) tools offer retailers large chunks of data that are helpful in creating robust customer profiles, as well as curated and frictionless customer experiences. Many retailers are aware of the benefits offered by the subset of AI tools that involve biometric data. Facial recognition technology is automating and improving the customer experience in both the online (mobile try-on features) and brick-and-mortar (cashierless stores) sales environments. Some retailers use it as an asset protection measure (to identify known shoplifters). Fingerprinting employees is likewise automating retail timekeeping and jumpstarting wellness programs. Third-party vendors are out in the marketplace aggressively pitching retailers on the exciting benefits of cutting-edge technology tools. Yet retailers’ use of biometric data in certain jurisdictions presents legal and compliance challenges distinct from other types of data. Select state privacy statutes and the European Union’s General Data Protection Regulation (GDPR) impose additional requirements on businesses that collect or utilize biometric data from either customers or employees. While no federal law preempts those state statutes, the Federal Trade Commission has issued guidance on facial recognition technology that cites its authority under Section 5 of the FTC Act to police unfair or deceptive biometric data practices.

As online and mobile shopping continues to gain in popularity, identity thieves have more opportunities than ever to steal sensitive financial information from unsuspecting consumers. Customers expect retailers to take extra steps to keep their data safe, but with record-setting data breaches constantly in the news, it’s no surprise that nearly half of respondents to Generali Global Assistance’s recent Cyber Barometer indicated that companies are not doing enough to protect their personal information.

With the rise of e-Commerce and prevalence of mobile devices, shopping has reached a new level of ease for consumers. Expectations for fast and easy experiences are higher today than they were just a few years ago, and while the growth of these convenient channels equals higher sales, it also opens the door for fraud. Most consumers are aware that data breaches and digital fraud are increasing at a rapid rate, and that their personal information is potentially already available on the dark web, yet their tolerance for adding friction to the authentication process for fraud prevention only goes so far: research from IDology’s Consumer Digital Identity Study showed that one in three consumers will abandon creating an account if the process is too cumbersome.

When many of us think of sensitive data, we automatically think about credit card information. But what about all the rest? As recent data breaches taught us, hackers and bad actors can do quite a bit with other types of personal information, such as user names, passwords, addresses, phone numbers, birth dates and so on. As more retailers embark on a truly hybrid sales strategy that encompasses an online presence as well as a brick-and-mortar store, they find themselves with a wealth of sensitive information. So how can retailers keep that information safe? Payment Card Information (PCI) regulations cover credit card data during transactions, but do nothing to protect that information after a business has stored it in its IT systems. When PCI regulations were introduced, they were hailed as a great leap forward in ensuring that businesses maintained stringent levels of safety around payment cards. But since that time, we’ve seen an explosion in the online marketplace, which has made existing security regulations like PCI confusing to implement because they’re usually either limited or too broad.

An increasingly large number of retailers are waking up to an unfortunate fact: despite loss prevention and asset protection professionals’ best efforts, organized retail crime and return fraud continue to rise. In order to combat these rising concerns, forward-thinking retailers have started employing facial recognition solutions to protect merchandise, employees and customers from threats. And while this technology is relatively new for retail, it just might prove to be the secret sauce for preventing shrink.

You’ve seen it before, the long form you must sign before participating in a potentially dangerous activity, the checkbox at the bottom of an end user agreement before you can use a new piece of software, the numerous documents that are part of every major financial purchase. These arduous processes are developed by companies in response to a regulation, an issue or advice from a lawyer. Not surprisingly, organizations are responding similarly to growing regulatory concerns such as GDPR, ePrivacy and CCPA. In hopes of addressing the new regulations quickly and efficiently, enterprises err on the “science” side of consent collection while ignoring the “art” of consent collection. This is an important distinction because customer consent is the key that unlocks customer conversation and insights that drive a more meaningful exchange.

By now, retail operators are very familiar with the reasons for moving their networks to the cloud: flexibility, scalability, centralized management capability, consistency of commerce experience and cost, to name a few. They also likely are well aware of the issues that can accompany such a move, none of which is more concerning than that of network and data security. Given the U.S retail sector’s growing dependence on the cloud, along with that sector’s apparent vulnerability to data breaches, the concerns about security are justified. Half of U.S. retailers were breached in the past year, well above the 27% global average for retailers, according to a recent report from Thales eSecurity. What’s more, U.S. retailers lead the world in security breaches; three-quarters of them have been breached at least once.