printer friendly version

Personalise customers’ in-store experiences. First step: security

Mark Scanlan.

Adding more personalised digital consumer experiences in the store, and on-the-go, opens the door for new opportunities … and vulnerabilities. Digital transformation enables retailers to meet consumers’ ever changing expectations across all channels, but also means potential exposure of highly valuable personal and financial data.

Protecting the consumer (and the brand) is part of the new retail experience that shoppers want and expect. Not to mention, integrating an effective security strategy brings the added bonus of mitigating the financial consequences of a security breach, a large portion of which are in domains other than IT.

Security at the core

Retailers already represented a major target for bad actors due to the amount of payment data and personally identifiable information (PII) that is held on consumers. During the pandemic, this was exacerbated because many retailers needed to rapidly pivot to meet the demands of a completely new and unexpected business landscape, often at the expense of solution security – it was viewed as ‘something we’ll take care of, once we catch our breath’. Ultimately, this resulted in a significant increase in cyberattacks against retailers, according to the FBI.

Consumers want to shop anywhere, anytime, on any device, while engaging with a retail brand – including online shopping while in-store. As a response, retailers are working towards providing a frictionless shopping experience where security is at the core. As such, the consumer’s device can both be at risk from the retailer’s environment, and conversely can form an attack vector into the environment. With so many digital touchpoints, an integrated, security-by-design, end-to-end solution has become critical.

Retailers know that security is of utmost importance now more than ever, but finding the right security solution that fits the size and subtleties of their enterprise and budget can be quite a daunting task. While a robust, resilient infrastructure, and network and endpoint security tools are essential enforcement mechanisms, cybersecurity starts with people and process – if appropriate policies are not defined and staff are not educated and trained, then an organisation can own every tool in existence, but they may be ineffective in their application.

Share this article:

Further reading: