Technology is enabling an exciting revolution in the retail industry. The need to connect with customers over preferences and enhance their shopping experience is driving fascinating changes. However, these developments bring information security risks, which retailers need to address upfront if they are going to take full advantage of this change.
Improving the personal experience for shoppers is one of the initial strategies in which retailers are investing. Understanding and collating a shopper’s purchase history and habits enables organizations to predict patterns of behavior and offer right time marketing. In collecting all this information, retailers come up against a challenge -- how to ensure that the use and storage of data can take place securely on multiple platforms for the purposes of crucial activities such as analytics or customer service? Increased users, data sources and platforms make for a challenging proposition for security teams using traditional perimeter and end-point security. Security needs to rise above the platform and offer consistent protection of regardless of where the data is. In the meantime, online sales continue to increase dramatically. Technology to grow basket size, increase customer account creation and improve conversation rate is still a priority.
Customer analytics and insight platforms are at the core of driving these changes to ensure companies remain competitive. Retailers are already finding that it is best to resolve data security challenges in advance of bringing in these technology changes. By protecting the data as soon as it lands on a platform ensures the data can flow around the enterprise in a protected format. Only users with appropriate levels of authorization should need to see clear, sensitive information, while 80 percent of the users can typically work with protected data.
As part of this digital transformation, industry analysts predict a surge in the use of artificial intelligence and internet-connected devices within the shopping experience. While AI and the “Internet of Things” will undoubtedly save money and help with the personalisation of the shopping experience, these systems are a potential weak point. Best practices indicate that AI tools and IoT devices should only have access to the sensitive data they require to fulfill their specific function. This should be managed centrally by policy, regardless of where the data is stored or how it is consumed.
RFID technology is providing a particularly exciting development for retailers. Frictionless check-out will see the end of long queues when shoppers choose to shop in person. Amazon has already outlined their version of this store, “Amazon Go,” using Just Walk Out technology which will monitor when items are removed or replaced on shelves, keep track of the virtual shopping basket and enable the shopper pay to leave the store – all without needing on-site human support. This will require a huge amount of data about the customer across multiple platforms to empower this, not least location data. Under GDPR and PCI DSS the data for frictionless checkout will need to be carefully protected without slowing down performance. Pseudonymization is an approach retailers can implement to appropriately protect sensitive customer data while preserving its inherent value during business processing.
When done right, a data-centric approach to data security can unleash opportunities for retailers that they were previously hesitant to take advantage of. Data and analytics leaders, along with other IT and business stakeholders, routinely but erroneously assume that privacy principles discourage or even prohibit the monetization of personal data. The resistance to the monetization of personal data typically originates from security compliance leaders who prioritize securing personal data over the opportunity to monetize it.
To learn more about how other retailers are utilizing this method of data protection, we recommend reviewing some additional retail content: