How Online Retailers Can Rebuild Consumer Confidence: 10 Data Points

By Chris Preimesberger

Retailers should be communicating outwardly to customers with frequency that security measures are in place, and that securing their data is a high priority. Retailers can do this by: a) offering optional higher security checkout lanes where employees spend a few extra minutes validating the identity of the customer to reduce fraudulent activity; b) posting placards and posters that provide awareness to consumers on various risks they incur when using certain payment methods; and c) offering prepayment options, so no actual credit card transactions occur at the point-of-sale (POS) terminal.

Retailers need to change their mindset and practice methods of early detection and mitigation. The retail industry should face the fact that breaches are not going to stop occurring. Anticipate that you will be hacked. Zappos is an example of how a retail breach can be a nonevent. Zappos built its systems expecting to be hacked, so when information was compromised, credit card numbers and usernames and passwords were protected and no customers were affected. This mindset and approach saved Zappos from becoming another victim of a massive retail breach.

Not all best practices surrounding security are effective. They can be too broad—or too specific for certain vertical industries. They must be customized for each company, based on a retailer’s risk level.

Market-leading retailers must get into the driver’s seat to help define and communicate security standards that raise the tide for all retailers. This also will work to illustrate what smaller companies don’t need to do that large companies must. For example, the big-scale technology deployed to maintain Walmart’s security posture may not be the best approach for a small retail chain.

This should be made available to security teams at retailers and be focused on detection and monitoring of security threats in addition to preventive-type training. When prevention fails, it does so on a massive scale, providing potential attackers with an open environment from which to take advantage.

The reality today is that organizations are under a constant barrage of attacks from persistent and diligent hackers, requiring a military-type focus to prevent attacks from going undetected. This steadfast approach and disciplined strategy comprises planning, hours of preventative training and a tactical military-style approach to combating the bad guys.

Retailers must transition from using weak systems that leave them unprotected and open to attack; these include Microsoft Windows XP as well as POS terminals that are rife with issues. It is negligent to allow these technologies to continue to run in a retail organization when a slew of safer solutions are available at a low cost.

Despite the fact that alternative technologies such as Apple Pay enable a more secure transaction, retailers are still using their own competitive solutions—such as Merchant Customer Exchange—potentially depriving customers of better security and leaving the door open for a breach.

What banks do really well is assure consumers that they have tools in their security arsenal to mitigate risk and protect their customers. Today, very few, if any, retailers have instilled this same type of trust with consumers.

Rather than completely overhauling and immediately implementing new POS terminals inside every retailer (which can seem like a daunting process), deploy one or two per store to start and advertise to customers that alternative options are available. Then continue replacing POS terminals at a steady pace. This increases security posture for the retailers, reduces risk and ensures that customers are secure.