Don’t Ignore These Holiday Security Issues
In the lead-up to this year’s holiday season, retailers across the country are already making important preparations in the hopes of increasing sales, improving customer service, and preventing data breaches. This last concern carries with it a heavy price tag; according to a survey from the Ponemon Institute, the average cost of holiday season cyber attacks is $8,000 per minute or nearly half-a-million dollars per hour.
In addition to the high monetary cost for retailers, these types of breaches also impact a significant amount of individual customers by exposing sensitive information. For example, between May 2013 and January 2014, Michaels suffered a data breach that compromised the information of potentially 2.6 million payment cards.
With this and other past breaches in mind, here are four security issues that retailers should be aware of in anticipation of the upcoming holiday shopping season.
Often during the busy holiday season, a retailer’s number one priority is to ensure sales. With a heavy influx of customers both in-stores and online, and therefore an increased number of transactions, security can sometimes suffer. An example of this is frequently found in retailers’ point of sale (POS) systems.
POS devices are constant targets for cyber criminals primarily because of their highly distributive nature. A third party is usually involved in the management of a company’s POS system, which in some cases can lead to a lack of understanding by the in-store employees of how the system actually operates and its potential vulnerabilities. This, paired with a retailer’s desire to execute as many transactions as possible in the quickest amount of time, explains why POS devices are frequently the starting points for many intrusions — the Michaels data breach originated in a POS system infected with malware.
Once retailers find a POS system that works for them, they often look for practices that will help ensure it remains reliable for employees and buyers throughout the holiday season. The closer it gets to the busy season the less likely a system update will be performed, as it can prevent possible malfunctions that would slow down transactions and inconvenience holiday shoppers. It is very commonplace for production systems to be "frozen" during peak use periods. Unfortunately, it can also lead to major problems if a hacker is able to find vulnerabilities in the system’s setup. As a result of the frozen configuration, criminals who gain access to a POS system can remain undetected for a great length of time with known vulnerabilities at their disposal. The longer they can persist, the more data they can collect.
Vulnerabilities of the franchise model
When opening a new franchise location, owners are often given a specific playbook on such things as branding, employee practices, and business models. However, when it comes to cybersecurity, these franchise owners sometimes experience a shortage of guidance and support from corporate.
Smaller franchise owners often do not have the resources to build a model on their own that is as effective as enterprise-grade security and monitoring platforms. Yet, the damage of a security breach to a company’s brand occurs at a national level, even if the breach itself only takes place at a handful of franchises in a single city or town. Consumers will ultimately blame the entire company for an instance of compromised data, rather than the individual owners at the affected location.
By creating stronger corporate to franchise/top-down cybersecurity policies and equipping franchise owners with more security resources, both the franchises and companies can better protect their bottom lines.
Prioritizing physical over digital
Though a major focus in past holiday seasons has been physical loss prevention at the inventory and store levels, theft has become more and more digitized. In order to fully address the large spectrum of threats affecting today’s retailer, technologies used for both physical and digital loss prevention need to be paired together.
From a sales perspective, this marriage has already occurred. We have seen the presence of market analytics injected into the physical retail environment in order to better gauge sales information and opportunities. For example, many retailers use video surveillance; Apple’s iBeacon technology, which enables them to track the location of customers near or inside stores and send appropriate sales messages to their mobile devices; and eye-tracking, which measures where consumers look when viewing an advertisement or online article, in order to optimize sales opportunities. Apart from being useful for analyzing shopper behavior, such technologies are also valuable to enhancing retail security.
A truly effective retail security operation makes sure that a company’s digital security and physical security operations are aligned. The retail environment is unique because many cyber breaches are perpetrated through physical action. For example, POS systems become infected with malware after a person is physically able to tamper with a device at the actual point-of-sale. These frequent occurrences illustrate the convergence of digital and physical threats, thereby creating a new type of risk that requires a combined protection plan.
Creating a narrow security timeline
The highest volume of customers, and therefore the greatest payoff for hackers, occurs during the period between Thanksgiving and Christmas. This timeframe, which includes the two holidays along with Black Friday and Cyber Monday, has heightened purchase and transaction activity. As a result, security operations centers are watching more closely for irregular retail activity at this time. However, it is equally as important to begin these operations in the months prior to and after the holiday season.
Most sophisticated hackers have embedded themselves in a store’s system long before Black Friday or Cyber Monday. Just like retailers, hackers take time to make preparations — they patiently wait to spot vulnerabilities that they can exploit or insert malware into. These preparations allow them to strike immediately when the transaction frenzy of the holiday season begins. Recognizing that the setup for holiday hacks begins far before the actual holidays allows retailers to spot potential hacks early on.
By understanding these four issues and constantly monitoring their systems for behavioral changes, retailers can better identify security vulnerabilities early and protect their sales and customers during the upcoming holiday season.
Christopher Ensey is COO of Dunbar Security Solutions.
Tech Guest Viewpoint: E-commerce Content: Emerging Trends
The e-commerce industry has historically lacked significant data on the nuances of content and how retailers are tackling it. We’ve been asked time and time again pertinent questions on content: How are retailers prioritizing content? What types of content and how much are retailers producing on average? How often are retailers generating content and what type? This type of data enables retailers to benchmark against their peers and understand where they rank. We scoured recent industry research looking for data and came up empty-handed. So, we decided to launch our own survey.
Numerous retailers, including Williams Sonoma, Desigual, New Balance and QVC, responded to offer their perspectives. We focused our questions on first defining the types of content, then where content ranks strategically for the retailer and how they plan to leverage the content.
We found three major takeaways:
1. Rich, interactive content is a priority for most retailers.
We started by asking retailers what type of content they currently have on their websites versus what type of content they ideally want to produce. Surprisingly, only 9.4% actually have rich, shoppable content. This means that more than 90% of surveyed retailers do not have commerce-enabled content. Making the stats more concerning, 27% are limited to just static lifestyle imagery.
But when asked what sort of content retailers want on their sites, 53% answered “shoppable content.” This dissonance between these statistics is clear: Without the current barriers, retailers would have rich, shoppable content on their websites.
2. Retailers lack resources to produce more content.
Despite 81% of retailers ranking content in the top five strategic initiatives, most retailers cannot deliver the level of interactivity that they want. Our results point to the usual suspects — time and money. Of the retailers surveyed, 36% responded that it was simply too technically challenging to create shoppable content. Many retailers have to hand-code any embedded commerce functionality, and the workflow between creative and development can be time intensive.
When asked how long it takes to get rich content online, 67% said that it takes a week or more, while 19% reported it takes more than three weeks to create and publish rich content! When the production process is that drawn out, it’s not surprising that retailers are not creating high volumes of content.
3. Shoppable content is a game-changing ecommerce trend.
Retailers acknowledge the importance of shoppable content, with 92% of respondents saying that content increases conversions. Given their hurdles in producing this rich content to generate conversions, 47% of retailers are prioritizing technology that enables them to make content more interactive and shoppable.
United Kingdom retailer Marks & Spencer recently showcased the power of shoppable content on their site. After implementing quick views on their annual vacation digital campaign, the results were staggering. Compared to the year before, engagement increased by 90%. Average order value increased by 50%. And revenue increased by 100%. The simple act of making their beautiful lifestyle imagery commerce-enabled made a world of difference to their metrics.
Neiman Marcus experienced a similar lift. Adding shoppability to their lookbooks increased their click-through rate by 10% prompting VP of Webstores Peggy Trowbridge to note, “It was a clear miss for us to not enable the customer to shop the lookbooks… [it] was a functional gap.”
As retailers strive to create impactful digital content, many are running up against technology and resource constraints. It comes as no surprise that in the retailer’s quest for engaging experiences, they are looking for tools that give control to the business or creative user. They want to be able to reduce time to market and quickly respond to trends. This year, retailers are demanding more content, and they are betting on technology to help them create it.
Brian Rigney, CEO ofZmags, has over twenty years’ experience leading high performing, entrepreneurial teams in launching new businesses and bringing innovative new products to market.
Aeropostale back from the brink after auction
Aeropostale Inc. will live to see another day after all.
A consortium, including Simon Property Group Inc. General Growth Properties Inc. and Authentic Brands Group, won the bankruptcy auction for Aeropostale Inc. The group, which also includes liquidators Gordon Brothers Retail Partners LLC and Hilco Merchant Resources LLC, plans to keep at least 229 of the teen retailer’s stores up and running along with Aeropostale's e-commerce business and international licensing business.
The purchase price was $243.3 million, and assumption of certain debt.
The deal, however, still has to be approved by a Manhattan bankruptcy judge, who also has to hear any objections. The hearing is set for Sept. 12.
"Aeropostale looks forward to closing the sale and emerging from bankruptcy with new ownership as a financially stronger company positioned to compete and succeed in an evolving retail landscape," the retailer said in a statement.
The deal also ends the bitter disagreement between Aeropostale and its major lender, Sycamore Partners, which the retailer accused of planning a "loan-to-own" scheme to force the chain into bankruptcy.
Aeropostale had to make merchandise purchases MGF Sourcing, which is owned by Sycamore, as a condition of a loan it received from the private equity firm, Reuters reported.
Aeropostale accused Sycamore, of imposing, through MGF, "onerous" payment terms on the retailer in attempt to hurt its cash position. The private equity firm refuted the claims.
“We are pleased with the outcome of the Aeropostale bankruptcy auction, which will result in the repayment of our debt while enabling the company to keep open more than 200 stores, preserve thousands of jobs and continue to serve customers," Sycamore said in a statement.