Christmas is a time for celebration as many retailers are hoping for bumper sales to bolster their annual takings. However, while events like Black Friday at the end of November have tempted shoppers back to the high street in their droves, the festive period is also a catalyst for retail crime, and shops are vulnerable to attack – as David Russell of specialist payments provider, Secure Retail, explains.
Although Christmas is traditionally a season for giving, in the case of customer data, sadly, it‘s also a time for taking. Research from Feedzai has found that November is the cyber criminal‘s favourite month for both card holder present and card holder not present (CNP) transactions. In 2013, the 10 days with the most CNP fraud all occurred in November.
Despite this, payment security has a relatively low profile among UK retailers. A recent study by the Government‘s Cyber Streetwise campaign found that UK small businesses spent £1.6 billion preparing for Cyber Monday, but less than a third consider online payment security a big priority for their business this Christmas.
In fact, Ed Vaizey, Minister for the Digital Economy, has warned that a lack of data protection investment can lead to businesses losing custom, as consumers don‘t trust retailers to deliver a secure payments service.
Complacency isn‘t just creeping into ecommerce companies, either; retail stores are struggling to meet the latest security standards, with only 11% of businesses maintaining PCI compliance standards for a period of two years according to a recent Verizon report.
Any chinks in the armour leave retailers vulnerable to attack year-round, but the sheer volume of transactions being made at this time makes festive fraud a considerable concern for businesses.
Black Friday on 28 November had a massive impact on retail footfall; the Experian FootFall National Retail Index reported an increase on the year of +10.8% and the Experian Footfall Retail Park Index reported an increase of +29.4% on the year. This increased business means retailers are likely to be straining every member of staff to meet customer needs and re-stock shelves and therefore may not be as vigilant to threats as they might be at quieter times.
While it‘s important to remain alert about the threat of customer information breaches, vigilance alone may not prove powerful enough. To avoid data threats continuing into the New Year, retailers are well advised to consider updating their payments network to a Point to Point Encryption (P2PE) solution.
P2PE increases customer data security by encrypting data at the moment the card is inserted, until it reaches the solution provider‘s secure decryption environment.
In addition to minimising the chance of falling victim to fraud, P2PE solutions also reduce merchants‘ scope for PCI compliance, enabling businesses to meet the latest requirements with fewer processes to uphold these standards. As a result, retailers can instead concentrate on delivering outstanding customer service, with peace of mind that shoppers‘ data is receiving the utmost levels of protection.
While it might be too late to implement a P2PE solution this side of Christmas, businesses can reduce the threat to consumer data by making payment security a priority investment in 2015. A system that prevents sensitive customer card data from being stolen may not be top of a cybercriminal‘s wish-list, but it could prove just the thing for Santa to bring a busy retailer this festive season.
David Russell, Sales Director at Secure Retail
