This year's Black Friday is expected to be bigger than ever, with spending predicted to reach the £1 billion mark. But, despite the expectations, studies have revealed that many online retailers aren't yet prepared for this year's sales.
In the build up to the biggest shopping day of the year, we spoke to Willy Leichter, Global Director of Cloud Security at CipherCloud, about how retailers can prepare for the Christmas shopping frenzy.
1. Black Friday is predicted to be the biggest shopping event in 2015. Do you think we will see an increase in the number of businesses - large and small - that slip up on tightened security measures during the festive period?
Nobody wants a repeat of the Target fiasco, and many companies have strengthened their security tools and procedures. However, no retailer can afford to go offline during the Black Friday weekend, and there will continue to be a risk that IT security concerns will be overridden during the business rush.
2. What are the greatest online risks to Christmas shoppers’ financial security?
Although the brand name breaches receive the most press, the greatest risks for consumers still lie with unknown, lower-tier online resellers. Online shoppers should continue to stick to known, legitimate retailers, and avoid storing credit card information with smaller merchants. And they need to continuously, and vigorously monitor all accounts for unauthorised activity. Most legitimate retailers will reverse unauthorised charges, but only if they are reported by the consumer.
Finally, consumers need to avoid unnecessary risks by not responding to phishing attacks from fake charities or buying goods from fake sites offering deep discounts.
3. During Thanksgiving in 2013, Target suffered a catastrophic attack which saw the theft of up to 70 million cardholders’ information and led to considerably damped sales. Do you think it’s only a matter of time until another major retailer is a victim on cyber crime?
Most security experts say it’s not a matter of if major retailers will be attacked, but when. But the ongoing damage caused by the Target breach (and subsequent firing of many c-level executives) has prompted many companies to beef up security and vigilance. The best to hope for is that retailers discover embedded malware earlier, and react faster to attacks.
4. There have been a few major UK retail breaches this year. Moonpig and Carphone Warehouse to name a few. What can businesses learn from them?
The glaring security takeaway in both breaches was the absence of data encryption. Carphone Warehouse was also a repeat offender that should have taken steps to include encryption of customer information.
5. What do businesses need to do to ensure they can keep their customers’ data secure and inaccessible to hackers?
In a nutshell, companies must protect access points and information across the entire IT stack. A couple of core technologies that can secure data (and in doing so, comply with data privacy regulations around the world) are strong data encryption and tokenisation to prevent unauthorised users from accessing personal and financial details.
6. Do you think mobile payment services such as Apple Pay will help protect retailers and their customers from fraud?
Done right, these mobile payment services can build security into convenient transactions. Apple Pay uses a one-time number for each purchase instead of the actual credit card number. While the consumer to merchant layer is secure, there are still risks from fraudulent purchases made with stolen, unsecured devices.
7. The Court of Justice of the European Union (CJEU) recently invalidated the “Safe Harbour” agreement. How does this impact retailers and what risks (if any) might this bring during the online Christmas shopping period?
While the implications of the Safe Harbour ruling are enormous, it will take some time for the details to be sorted out between the 28 separate EU data protection authorities. Most retailers and providers are taking interim steps to limit exposure, including more localisation and anonymisation of personal data, encryption or tokenisation of data leaving Europe and stronger contractual clauses from cloud and supply chain providers. We don’t expect this to directly impact 2015 holiday sales, but it does increase risk and overhead for global retailers moving forward.
8. Reports suggest that most consumers do not feel safe when shopping online. Do you think retailers are doing enough to reassure online shoppers that they are trustworthy?
Consumers continue to hold contradictory views – they don’t generally feel safe when shopping online, yet online sales continue to grow and displace more brick-and-mortar stores. Online retailers have stepped up their security messaging and are assuring customers that they won’t be held responsible for rogue purchases.
The area where retailers need to do more is in helping customers whose accounts have been compromised to deal with the hassles and risks to their credit.
Image source: Shutterstock/wavebreakmedia