"It can take weeks before a security hole at the POS system has been fixed in retail chains"
Interview with Rick Chavie, Chief Solution Officer for hybris software
01.04.2015
Retail is one of the most frequent targets for fraud and data abuse –nearly one quarter of all data abuse cases strike the retail and gastronomy sectors. Thanks to modern technologies, eCommerce is able to provide a high level of transaction security. This is a clear advantage over brick-and-mortar retailers, who often still use outdated systems, explains Rick Chavie, Chief Solution Officer for hybris software in this interview.
Mr. Chavie, why is the retail industry so attractive to fraudsters?
One reason is definitely the frequency of transactions. With every single transaction, it is possible to access the customer information that’s linked to credit and debit cards. And unlike often assumed, it is mainly companies with retail stores that rely on tried and tested POS software (point of sales) for their sales transactions, who deal with problems here and less so online retailers, who usually update their order management and payment processing software on a more regular basis to protect the sensitive personal and bank information of their customers.
Why does brick-and-mortar retailing in particular grapple with so many problems?
Many retailers still rely on software from before the dot-com boom. Back then, it was common to update POS software every several months via “golden disk“. What’s more, POS systems had a product life cycle of ten or more years. These retailers need to ask themselves how they can effectively fight today’s hackers, who search their industry sector for soft spots.
Even if data abuse is known, it can take weeks or even months with such POS systems before a security hole within a large retail chain has been fixed. However, it is them in particular, who often face a unique challenge, since hackers also “follow the money” and like to specifically attack popular brands such as Target, Neiman Marcus, Home Depot, Staples and JP Morgan Chase.
It also increases the risk when both the retailer and the bank are potential targets of hackers. Ironically, this is why more and more customers revert to cash to avoid such risk from the start when they shop at a store.
What impact does this have on the competitiveness of retailers and their image in the eyes of the customers?
More than ever, retailers are facing the decision of whether they want to invest in new technologies or risk falling behind their competitors. Customers turn away from companies and brands that don’t adequately protect their information and customer data.
According to a study by POS systems review site Software Advice, more than three quarters of the participating consumers indicated that it is highly unlikely or not likely, that they would shop at a company that compromises their personal customer information.
It may sound surprising, but by now, many consumers consider online purchases safer than credit card purchases in the store. This is one of the reasons for the growth of eCommerce; customers want convenience and security and it offers them both. For multichannel concepts in retail to work, retail stores must not fall behind.
What can retailers do to protect themselves and become less vulnerable?
Fortunately, there are alternatives for retailers and their omnichannel concepts: for brick-and-mortal retail, switching to EMV standard for example promises increased security for POS systems and fewer cases of fraud. Credit and debit cards with EMV technology contain a microprocessor chip instead of the less secure magnetic strips. What’s more, you have to enter a PIN, which can also be verified without online access.
Tokenization is another option to increase security during the EMV payment process; in this case, confidential data is replaced by so-called tokens that can only be decrypted with special readers, thus further decreasing the risk of disclosure. International banks and credit card institutes, among them Visa and MasterCard, want to bind brick-and-mortar businesses to introduce EMV technology and its special readers by October 2015 or bear the default risks themselves.
Doesn‘t the omnichannel trend complicate the entire process even more and make data protection more difficult?
The digital and physical business worlds will merge faster than most people believe. The traditional POS systems will then be obsolete models. They are being replaced by tablets and other mobile devices – ultimately even by the cell phone of the respective customer where the payment process to the retailer is being initiated and processed without transmitting any personal data to the retailer’s payment systems.
Yet despite all this progress, we are going to experience a kind of race: on the one hand are the retailers and payment service providers, who develop increasingly secure payment methods with integrated encryption and on the other hand are the hackers, who are going to try to circumvent this protection with ever more sophisticated methods.
What technological solutions can help in supporting retailers?
For most retailers, modern eCommerce and POS technologies are crucial to improve data security and hence the perception to their customers. Thanks to progressive technologies –such as the seamless integration of digital and physical touchpoints on a single platform as well as improved real-time analytics for instance – and solid solutions for fraud prevention, the risk of data misuse can be significantly reduced.
With the help of powerful eCommerce technologies, branded companies can better prepare against risks in data communications. Thanks to such agile and solid commerce solutions, retailers are able to adapt their systems more quickly to the latest threats – including those in the retail store. This way, they are able to reduce the likelihood of security concerns and instill the necessary confidence in customers to remain loyal to their brand.
Author: Daniel Stöter; EuroCIS First published at iXtenso.com