The Retailers Guide to Information Security 2012


Published on

With the advancement of in-store technology and new ways to pay ( mobile payments & near field communications) information security is not just a priority for online retailers. Find the latest stats and trends in retail and information security in retail.

Published in: Business
  • Be the first to comment

  • Be the first to like this

The Retailers Guide to Information Security 2012

  1. 1. A Retailers Guide toInformation SecurityKeeping You Up To Date With Trends InRetail Technology
  2. 2. Contents• Online Sales & E-commerce• The Influence of Smart Phones• A New Way To Pay• Trends For The Future• The Cost of E-Crime• Information Security• The Cost of Security• Christmas Predictions
  3. 3. Get OnlineThe UK has the third largest retail The minimum a retailer can The risks of e-commercesales, after the USA and Japan, do is to have a website.totalling £330bn. The benefits on going online Basic ways to integrate your come with the threat of exposing 9.4%Online retail is a growing market website with your physical store your company to e-crime.which many ‘pure players’ include: Common threats include:are cashing in on - using only of UK sales werea website without the costs of • Offering pick up & return of Distributed Denial of Service online in Octoberrunning a brick-and-mortar store. online purchases in store (DDoS) 2012High street sales are decreasing • Offer the ability to check Credit card theft byas online spending increases. The local shop inventory in-store • SQL injection proportion of sales captured on • Getting social -the ability to 71%the high street fell 6.9% in 2011 • Session Hijacking ‘share’ and ‘like’ products • Cross Site Scriptingand is expected to fall a further2.5% by 2014. However, online • Read how larger retailers • Malwaresales are expected to reach 14% of European online integrate in-store with • Path Traversal retail is UK, Germanyof all retail sales by 2015. e-commerce sites. & France Protect your brand with PCI DSSThe UK has the highest per capita compliancespend online in Europe with 40%of the UK shopping online at leastonce a week. £43bn £ • £6.8bn average weekly UK retail sales in predicted UK total online sales by October 2012 2015 • £562m average weekly UK online retial sales in October 2012 • £25bn total UK online spend in 2011
  4. 4. M-CommerceWith the increasing popularity Unite smart phones with yourand availability of smart phones, in-store experiencem-commerce is a rapidly growingretail sector. Smart phones are Research has shown that thenot only being used for directpurchases but are also influencingin store sales. UK is leading the way in Europe when it comes to integrating mobile devices into the shopping 86% use a smart phone experience. to access the58% of UK consumers own a smart Internet (UK)phone and almost half of these Ways to do this include:have already used it to shop • Mobile sites & appsonline. By 2020 up to 95% of theUK is expected to own a smart • Mobile store navigationphone.The influence of smart phones • • Barcode scanning Mobile checkout & tap-to- pay 75% research both andon in store sales is expected to online & in storeincrease by 300% by 2016, with • Geofencing before purchasing15-18% of in store sales being • Mobile specific dealsinfluenced. 36% £ • £15.2bn estimated UK in-store sales influenced would like the to use a phone to by smart phones scan for more info • £1bn in direct mobile purchases (UK) • Mobile sales increased by 100% in 2012 for Amazon
  5. 5. A New Way to PayThe development of Near Field Secure your mobile payments Standards for secureCommunication (NFC) has paymentscreated a new, convenient, The threat to this market lies in its both real and perceived risk. A 14%tap-and-pay way to shop. Skrill Ensure you are PCI DSS Compliantresearch found that 13% would major incident at this early stage (Payment Card Industry Databe happy to give up cash today. in the implementation of mobile Security Standard). payments could easily throw off would pay byAround 70 million people in Recently developed standards to mobile device consumer confidence for good. instead of cardIndia already mobile payments, improve security include ISO/IECaccording to a survey in 2011. Who is securing mobile payments? 27032; covering e-commerce, Javelin research found that many online banking, virtual medicalJuniper research into mobile consumers expected banks and records, remote officecommerce predicts NFC credit unions to be responsible applications as well as other $74bnpayments are set to triple by for securing payment tools -even key areas of concern for cyber2015 to $74 billion worldwide. if they didn’t actually provide security.Mobile money transfers, banking, them.payments and coupons will also predicted globalshow significant growth. Banks will need to ensure that NFC payments by mobile payment tools they back 2015 are secure as many consumers see and trust them as security experts. Threats 21% think physical money will disappear in the next 20 years Any kind of online banking is a main target for cyber criminals and NFC & e-wallets are no exception. Beware of man-in-the-browser and man-in-the-middle attacks
  6. 6. Trends For The Future• Use customer data to • Radio Frequency create a personalised Identification shopping experience Technology (RFID)• Digital in-store touch points • Mobile check out • Tablet assisted shopping 95% of the UK will own a smart phone by - display product 2020 & related product • Geofencing information, review and - alerting customers video tutorials. of real time deals as $74bn• Electronic Shelf Labelling they cross a ‘digital (ESL) & automated till boundary’ near a store. pricing updates, predicted global NFC payments by• Supply chain 2015 management• Loss prevention Inspiration £43bn predicted UK total online sales by • Burberry - Flagship store London 2015 • adiVerse - Virtual footwear wall • J.C. Penney, Nordstrom - Mobile checkout • Tesco ,John Lewis - ESL
  7. 7. The cost of e-crime £16.5m £205.4m prevention & security total costs 2011-12 £111.6m £77.3m to UK retailers lost revenue due to cutomers being direct costs deterred by additional & losses online security measures These figures do not cover malware, Distributed Bank £1.2m Denial of Service (DDoS) attacks or hacking: the £20m 0293 0003 4783 0394 refunds fraud true cost of e-crime is likely to be much higher. According to research by the British Retail Consortiumidentification £15m (BRC). The retailers questioned constitute 45% of the UK retail sector by turnover. £16.5m in prevention and fraud security excludes payments to banks for systems such card & card-not- as 3D Secure and ‘chargebacks’ present fraud
  8. 8. Information SecurityTrust in a brand rated second Surveys show that 20% of retailershighest factor in a customer questioned sufferied serious orloyalty survey, serious information very serious disruptions from DDoSsecurity breaches can have attacks in 2011-12.a severe impact on a brandsreputation and therefore Confidence in reatail companiescustomer loyalty. information security plans has fallen since 2008 as technologyUK brands are the second most advances faster than retailerstargeted globally by phishing can secure it.attacks, after the US, with 86% oftheses originating from within the £100,000UK.The most common fraudexpercieced by UK retails in 2011-12 was card not present fraud, estimated average costalmost 80% said this was nownow common or very common. to recover from a single DDoS attack2009 80%2010 75%2011 71%2012 69% Percentage of companies responding yes plans?question how confident are you in your security to the “Are you confident are you in your security measures?
  9. 9. Information SecurityThis PWC research indicates that in the past 2 years many fundamental elementshave been omitted from retailers information security policies. Who do European retailers employ? 49% CISO 33% CSO 38% £ • at least £16.5m spent in UK retail on internal other dedicated security and external security provision staff • UK retailers spent £10.5m staffing security systems in 2011-12 Find out more about what to look for when hiring • £6m invested in security technology by UK infosec staff for retail. retailers in 2011-12
  10. 10. Christmas More christmas shoppers avoid detection. • Parcel Delivery Notifications: make DDoS a bigger threat fake delivery notifications • RUDY-R-U-Dead-Yet: with malicious links, ensureWith increased traffic from online designed for http attacks your emails match your 17%Christmas shopping, e-commerce using long-form field purchase/tracking numbersites will already be under added submissionsstrain. • Fake Order Confirmations: to • Low-Orbit Ion Cannon (LOIC): predicted rise in UK scare shoppers into believingA Distributd Denial of Service made famous by Anonymous online sales over someone has ordered christmas(DDoS) attack at this already it can be capable of one something under their name,busy time could be much more click DDoS attacks and thus clicking links toeffective. • Power DDoSer cancel the transaction.A survey by Riverbed Technolgies • Silent DDoSer: has the ability • Holiday Screen Savers: an 10%showed that 69% of Europeans create bots, use zombie IPs easy way for hackers towould feel uncomfortable and steal Windows keys spread malwaremaking payments on slow predicted UKloading websites. Don’t let the cyber-grinch • Social Media Malware: Christmas sales steal Christmas including fake Christmas influenced by5 DDoS tools to be aware of competitions, videos and smartponesinclude: Kaspersky Lab has highlighted key twitter viruses. threats to customers this season.• Hulk Web Server: creates a unique pattern for every • Christmas eCards: a route request, increasing the load for phishing attacks, links to 42min £ on servers and helping it to eCards containg malware average time per • £330 million of sales will be made directly day spent online through smartphones this December shopping this christmas* • £500 million sales through tablets this December • £33.5bn of Christmas sales will involve smartphones * predictions by Riverbed Technology Survey
  11. 11. SourcesBritish Retail Discovering The Value PWC:Global State OfConsortium: Counting Of Mobile In Retail, Information SecurityThe Cost Of E-Crime, 2012 Survey: Retail And2012 Consumer Responses, Deliotte: ConsumerDeloitte: European Business News :£3.5bn 2012 Via Resource GroupE-commerce of Christmas sales Department ForAssessment: to be purchased Business Innovation & Via Resource is a consultancyBenchmarking The Top on or influenced by Skills: Retail specialising in information security & risk200 In Online Retail, smartphones. management.2012 Department For Office For National Business Innovation Join our mailing list to receive updatesDeloitte: The Changing Statistics: Retail & Skills: BIS RetailFace Of Retail: The Statistics. Latest Edition Strategy, October 2012 on information security news andStore Of The Future, October 2012 statistics.2011 Javelin: The Battle For PWC: Consumer Control Of The Mobile Simply send your details toDeloitte: The Changing Intelligence Series: Wallet: Sorting Out contact@viaresource.comFace Of Retail: Right Customer Loyalty, 2012 Players, TechnologiesSizing The Retail Estate, And Strategies To Win2012 PWC: Global Multi- Channel ConsumerDeloitte: The Dawn Survey, 2011 Contact USOf Mobile Influence: W E T 0203 327 1996