Time to Get Serious. How to Protect Your Shoppers Data?

October 31, 2018

Data protection and privacy is a hot topic right now following the recent Facebook scandals and numerous other data breaches. More than ever, many shoppers are hesitant about giving away information they do not need to.

While the switch to EMV chip-based credit cards has helped reduce credit card fraud at the point of sale in 2017 by 66% according to Visa, it is surprising how many retailers (enabled by software companies) are still storing credit card data and sensitive customer information locally - a hacker’s dream. Technology continues to advance to help prevent the stealing of information, but it is still the responsibility of the retailer to make sure their shoppers are not at risk.

Protecting Point-of-Sale Data

Retailers should start by making sure that they have secure in-store protection for their point of sale (POS) system. Ideally, the solution will at least utilize point-to-point encryption (P2PE) which encrypts card data right at the payment device. This data is sent to the gateway, and then on to the merchant processor, without any sensitive data ever touching the POS software or merchant’s environment. Superior to P2PE is end-to-end-encryption (E2EE). Similar to P2PE, one vendor (such as Square) provides their own payment devices connected directly to their merchant processing facilities. With less moving parts, E2EE represents the highest performing and most secure payment processing technology available today.

What is important is that both P2PE and E2EE put the POS software itself out of PCI scope and helps a merchant more readily maintain PCI compliance.

Beyond direct PCI concerns, it is also best practice to secure customer and transactional information. Phone numbers, addresses, purchasing habits and other customer data can be exploited to almost the same extent as credit card data. Rather than storing this data on PCs, local servers or servers placed in a datacenter, native Apple-based solutions (Such as SuitePOS) are generally virus free and impenetrable due to the way data is encrypted in the keychain and PIN/biometric authentication. Coupled with a modern, multi-tenant cloud-based solution as a service on the back-end (NetSuite and Salesforce are two examples) ensures superior protection of this data.

Switching to a proper multi-tenant back-end platform provides retailers the benefits of the latest technology and industry best practices for customer data security. As always, even with the most modern mix of technologies, it is important to conduct routine audits and tests to ensure that the POS and backend systems have the level of security needed to protect data.

Protecting eCommerce Data

Consumers are sharing more data than ever through online shopping and social media. So many consumers are opting to do their shopping online as opposed to brick and mortar because it is extremely convenient. For this reason, online retailers have taken steps to make the shopping experience faster and easier by storing a card on file for repeat purchases.

Even though getting off the couch while shopping online to go get your credit card is not the best experience, retailers need to keep in mind that this convenience can cost much more than the two minutes it takes for the shopper to grab his wallet.

The best thing for online retailers to do to protect their eCommerce customer data is to not store credit card data themselves, and enforce strong password requirements. For those who do choose to store information, it is important to make sure that data is encrypted and tokenized

Another way to help protect customer privacy is to keep your eCommerce separate from social media. Often times, online retailers allow their customers to sign up for their shopping account via Facebook or Google. Again, this is convenient for shoppers who do not want to take the time to create a separate username and password, but it puts customers at a higher risk of having their data unintentionally shared. For instance, Facebook users that recently had their profiles linked to third party apps and accounts, suffered from more of their private data being shared, than those who did during the Cambridge Analytica scandal.

Final Thoughts

Unfortunately, a data breach or cyber attack can happen to anyone, but there are many steps that retailers can take to prevent it from happening to them. It is a retailer’s responsibility to not only protect themselves, but also their shoppers by investing in and modernizing their processes in-store point-of-sale and ecommerce solutions.

For More Information on SuitePOS

Also in Blog

Kiss Your Empty Store Goodbye: 9 Tips to Turn Your Layout Around

May 02, 2023

But get your store layout right, and shopping becomes easy and enjoyable — boosting both customer satisfaction and sales. From the flow of foot traffic to where you place your best-selling products, every detail counts.

Get POS-itively Gorgeous: Choosing the Best Point-of-Sale Solution for Your Health and Beauty Retail Business

March 06, 2023

Beyond standard POS features that make it easier to sell and manage stock, health and beauty retailers will want to make sure the system can handle the industry’s specific needs.

Raising Your Spirits: What Do Wine and Liquor Retailers Need From a Retail Suite?

December 21, 2022

Fortunately, a good retail software suite, which includes modern ERP back-office software as well as in-store POS checkout can help wine and spirits retailers overcome these challenges and run efficient, profitable businesses.

Follow

Oracle NetSuite and Salesforce logos are the service marks of Oracle and Salesforce respectively. SuiteRetail is an independent service provider. Any other third-party trademarks mentioned are the property of their respective owners.