Whether they are buying online or in-store, at a fixed register or mobile point-of-sale device, by swiping or typing, customers need to know their personal and payment data is secure. Omnichannel needs omnisecurity.
iSheriff released a new report illustrating how technology-driven omnichannel retail will significantly increase cybersecurity risks for consumers and companies.
As retailers expand their online- and network-based customer interactions to blur the lines between traditional in-store retail and online retail, they will exponentially increase their exposure points and opportunities for security breaches. Unfortunately, many of the same companies aggressively building omnichannel capabilities are struggling with cybersecurity: the top five retail breaches of 2014 alone exposed a collective 495 million customer accounts, and 2015 saw 523 security incidents in the retail sector, 164 with confirmed data loss.
“The benefits of omnichannel are clear for retailers as they try to change the game on the e-commerce leaders. But the costs and risks should not fall on the backs of consumers who will now have much more personal data at risk of exposure,” said Oscar Marquez, iSheriff’s chief technology officer. “Whether they are buying online or in-store, at a fixed register or mobile point-of-sale device, by swiping or typing, customers need to know their personal and payment data is secure. Omnichannel needs omnisecurity.”
In the white paper, iSheriff identifies three major security risks of an omnichannel strategy:
- Protecting multiple points of exposure. Expanding security from today’s infrastructure of a limited number of point of sale (POS) terminals and employee computers to multiple mobile POS devices, sensors, employee smartphones, in-store beacons, workstations, and tablets on the corporate network, will increase exposure points and risk exponentially. In addition, transactional data that moves from online to in-store and between in-store devices creates many more points of entry for cybercriminals.
- Enhancing security visibility and policy enforcement. Deploying new technologies and point products will make it more difficult for IT departments to get a clear and comprehensive view of their security posture. More points of delivery means a more complex information supply chain. Likewise, the need to interact with and manage many vendors can create additional risk and introduce devices that are no longer “owned” by the retailer.
- Addressing new, device-specific malware. As recent history with POS devices has shown, cybercriminals will develop malware that is device-specific. As new omni-channel devices become part of the retail IT infrastructure, malware will emerge specifically targeted to exploit vulnerabilities unique to those devices.