Customer data pours into retail organisations from various sources — point-of-sale (PoS) devices, e-commerce portals, social media and loyalty programmes.
Of all these sources, loyalty programmes act as the principal source of customer data. This helps retailers harness meaningful insights on customers’ purchasing behaviour, personalise offers, and increase sales and retention.
However, when it comes to loyalty and engagement programmes, customers continue to harbour concerns on whether retailers take good care of their personal data. Ensuring data security is a key challenge in the face of the increasing scope and impact of data security breaches.
Key factors that heighten concerns of customer data security include:
• Cyber hacks resort to highly sophisticated methods to thwart existing data security controls, and effectively exploit gaps in the payments systems;
• There is an increase in Advanced Persistent Threats (APTs), and a spurt in Card Not Present (CNP) fraud and hacking; and
• Traditional data security solutions protect customer data in databases but not in transit, or while it is being used or analysed.
Retailers need to seamlessly orchestrate security into all processes and applications to eliminate the risk of customer data loss. Systematic and strong measures are essential to avoid unauthorised access, collection, use, copying, modification, or disposal of customer data.
It is imperative to establish a well-defined information security policy with clear-cut rules on how a retailer’s staff and vendors can handle customer data.
Intelligent customer engagement requires harvesting insights from data flowing between customers and the brand. Adopting the latest security practices and technologies helps retailers protect customer data as well as their brand integrity.
Some of the proven best practices that retailers and vendors need to consider include:
Enabling encryption: It is important to carefully encrypt data both while in transit and at rest. Retailers can enable point-to-point encryption (P2PE) of PoS systems and PIN entry devices. This protects data at the point of capture such as an ATM machine, stores or website, as well as across the merchant’s IT systems and payment chain.
Ensuring authentication: The risk of data misuse and loss can be reduced by enabling at least two layers of authentication for employees, securing servers across locations, and encrypting data on all employee mobile devices. These processes can be aided by effective key management, access control and monitoring of data access.
Adhering to global security standards: Retailers must adopt international standards for information security such as ISO 27001:2013, and PCI Data Security Standards (PCI DSS) for payment card security to further bolster customer confidence.
Facilitating compliance: The key to managing data responsibly is to adhere to geo-specific regulations and industry standards on data security and privacy. As the legal and compliance environment across the world is in a flux, retailers need to stay abreast of the latest developments of regions they operate in.
By drawing upon integrated solutions with automated security reports, these organisations can track the flow and management of information across the enterprise for effective compliance.
Implementing security audits: Retailers must deploy a third-party to conduct routine security audits of their information security infrastructure. Key technical, administrative, and physical security controls must be evaluated thoroughly for any weak links.
They must also maintain a record of the complete audit trail of all endpoint and server activity. This will help promptly address alerts or incidents, track compliance, recognise unusual activities, and proactively improve their security and compliance status.
By adopting these processes, retailers can effectively protect their point-of-sale, store systems and corporate endpoints from malware and attacks. This will give customers the confidence to provide personal information, and assure them that their data will be secure throughout the data life cycle.
Retailers can thus launch compelling loyalty programmes that evoke positive customer participation.
Current trends indicate customer engagement and loyalty programmes are gaining popularity at a rapid pace. Customer confidence in these hinges on the adoption of best practices and methods that ensure transparency and security.
Several global retailers have experienced the impact of data breaches, which have grown in scope and scale in recent times. This makes it very critical for retailers to ensure that they deploy adequate security measures to safeguard the privacy of their customer data.
— The writer is the regional head at Capillary Technologies.
