Mobile Shopping Goes Mainstream, But Where’s the Security?
The holiday shopping season kicked off with a bang on Thanksgiving weekend as usual, but this year the way in which shoppers bought their gifts and goodies was very different. While people still shopped in stores and online, they turned to their mobile devices to complete the sale. According to figures from IBM reported on TechCrunch sales completed on mobile devices were up by approximately 15 percent on 2014 figures, with smartphones being the “device of choice” accounting for almost 50 percent of online shopping traffic.
The rise of mobile devices as the lynchpin of the online shopping experience further confirms that our mobile devices are an extension of ourselves. They’re in our pockets, readily accessible, enable us to find deals via social platforms and complete the sale in one seamless experience, but they are also extremely vulnerable to security exploitation if some basic precautions aren’t put in place. Since mobile shopping can happen from anywhere – your home, a café, in the store, or on a plane – and because you see less information, rely on shortened URLs, and unsecured networks, all of which allow security vulnerabilities to slip by, data security measures are even more vital.
What surprised me when reading the holiday shopping trends data and the expectations (and hopes) that retailers have for mobile shopping was that security was left out of the discussion. The tips for encouraging mobile engagement focused solely on ease of use and rewarding loyalty, but nowhere was there mention of assuring customers of the integrity of their data and the security of their payment information.
In the two years since the now infamous Target breach, consumers have become far savvier about their personal online security and it’s time for retailers to do the same. We’ve seen the emergence of various platforms – both device-based and web-based – introduce additional layers of security for consumer protection, but retailers need to talk more about the steps their taking in order to protect their customers. Obviously we’re not encouraging retailers to divulge specific plans and solutions, but taking steps to demonstrate to consumers that while they’re in pursuit of the deal, that their PII and payment information is not being left out there like a cookie crumb trail as they wander around town or the store.
In a recent article my colleague, John Lloyd, discussed how data security and top notch security hygiene could, and should, be a differentiator for companies in terms of building brand and customer loyalty. While John discussed these issues in the context of ISPs and telecommunications companies, retailers could foster a big win with customers if they put data security at the center of their mobile platforms and user experience.
Before anyone raises their hands with the all too familiar refrain that security protocols dissuade customers from using a platform because they are cumbersome, it’s time to take a look at next generation solutions. By this I mean the type of solutions that give the user a simple interface, but do an amazing amount of heavy lifting on the backend – cloaking and obfuscating credentials to keep them from malicious actors, moving authentication out of band so that easy exploits like man in the middle attacks become impossible, and authenticating identity in several different ways beyond the username and password combination.
While some might see this as creating an additional cost center at a time when margins are razor thin and the pressure from Wall Street to exceed expectations is at an all time high, the costs of a breach – in everything from fines and legal fees, notification costs, the loss of goodwill and customer confidence – versus the benefits of a loyal customer who puts their confidence in your brand and another product in their shopping cart, starts to turn the tide on that thinking. Based on a recent Ponemon Institute study, the average cost incurred for each lost or stolen record containing sensitive and confidential information is between $145 to $154. While healthcare still ranks first for the highest costs per stolen record, at $363, costs are on the rise for retail with a dramatic jump for the average cost per stolen record jumping from $105 in last year’s study to $165 this year.
From my perspective, we’re just at the beginning of both the mobile shopping era and the idea of data security as part of corporate responsibility and brand value. For those retailers that take the step for their customers there’s a clear win to be had. For those retailers that take the step for their customers but also follow through with updating their entire ecosystem – from the consumer all the way through their organization and beyond to their supply chain – there’s an even greater opportunity to build their reputation, their brand, and their balance sheet.