According to a recent survey conducted by independent research firm Forrester, 97% of retail CIOs prioritized digital innovation and cybersecurity in 2015.
This should not surprise readers of this blog, as the spike of cyber incidents at major retailers in 2014 and 2015 showed that businesses are open to customers and cybercriminals alike.
The retail sector is undergoing its biggest transformation in history. Consumer behavior is changing rapidly. Buying patterns are variable and may differ based on mood, meaning, situation, product or self-awareness. At the same time, eCommerce providers, eBusiness models and easy consumer access to market information erode the wallet share of well established retailers.
Every brick-and-mortar business model will be tested at one point in time by a digital alternative. And according to McKinsey, retail success today is all about taking advantage of technology, tools and talent to be relevant to customers.
Retailers are experimenting with emerging technologies (e.g. mobility, IoT, big data analytics or social media) to enable digital integration and innovation in this interconnected world. However, technology without information security can quickly become a factor of failure rather then success.
In order to understand threat vectors and risk and identify countermeasures, we first need to understand the latest trends in retail. Here are some of the most intriguing:
Once static environments, such as a dressing room or display shelves, are reimagined with the help of digital technologies. The objective is to improve upsell potential, provide recommendations, add user feedback or in general complement the shopping experience with an element of discovery and immersion.
New point of sale (POS) locations pop up. Of course, consumers shop virtually from their mobile phone, tablet or computer but what about other locations? In a pilot, a Korean supermarket chain covered subway stations with images of supermarket shelves containing hundreds of items. Consumers wanting to do their grocery shopping could scan each product’s Quick Response (QR) code with their smartphone and add them item to their virtual shopping cart. Items were then delivered to their home address.
Consumers embrace a personalized shopping experience. Consumers wearing devices such as an Apple Watch can receive individualized information based on the data stored on their device, their existing consumer profile or sensors at the retailer. Price tags are digital and can be adjusted to offer individual discounts adding multiple impulse purchase moments.
Complementary third-partner offerings enhance consumer value/experience. To differentiate from competitors and address consumers’ urge for convenience, retailers will form new alliances with third parties. Online retailers increasingly add partners that offer a physical location. Moreover, stationary retailers integrate digital business partners (e.g. social networking services), providers of loyalty cards and other third-party vendors that cover more elements of the value chain or tap into completely different ones.
Single customer profile established across all channels. A single customer profile that is constantly refined with internal and external data (where available) allows the weaving of perks or personalized service into the transaction, wherever it takes place.
Connections with the sales assistant enhanced. Whether in-store or online, sales personnel is enabled to do consultative and intimate selling by getting access to customer profiles and product information through various mobile devices. Some retailers have started testing the robots to assist in customer interaction. Current-generation robots are equipped with sensors, scanners, tablet-like screens and mobility to guide customers through a store.
Ecosystems created and dominated. Consider Apple or Nestle’s Nespresso. Both companies lock-in consumers, heavily invest in branding and have multiple direct and indirect consumer relationships. In addition, non-core activities are sourced to a partner network (phone production to Foxconn or coffee machines to OEM producer Eugster/Frismag).
New shopping behaviors enabled. Customers can pre-order to get special treatment in the queue or make appointments in real-time. And customers can make a payment in another channel or have multiple points of payments in a store.
Pick-up and return happens 24×7. Customers can pick up or return their purchases from the store or at a number of locations within or outside of regular business hours. Locations could be vending machines, kiosks or gas station partners.
Companies maintain low to zero inventories. A concept deriving from “just in time” commonly applied in manufacturing is being applied to retail. The idea is to pass on savings to consumers by having a central inventory hub or on-demand production facility. The latter especially could be a retailer’s attempt to provide localization or personalization to offerings to meet changing consumer expectations.
Data and cloud-based products/services drive revenue. Retailers can now build very detailed customer profiles and patterns using Big Data analytics. That data could be useful in other settings and in combinations with other data sets out of scope to retailers. Accordingly, retailers could start selling their data to other companies. Furthermore, retailers can offer virtual product or services through third-party white labeling or in-house activities.
These innovations allow not only better customer experience but also more efficient operations and increasing revenue. They also result in a changing threat landscape, leaving retail firms more open to attacks targeting the entire ecosystem. We’ll explore the cybersecurity issues in the next post.
Alexander Schellong is CSC’s General Manager Cybersecurity in Central & Eastern Europe, Italy and Turkey.