With the advancement of in-store technology and new ways to pay ( mobile payments & near field communications) information security is not just a priority for online retailers. Find the latest stats and trends in retail and information security in retail.
More than Just Lines on a Map: Best Practices for U.S Bike Routes
The Retailers Guide to Information Security 2012
1. A Retailers Guide to
Information Security
Keeping You Up To Date With Trends In
Retail Technology
2. Contents
• Online Sales & E-commerce
• The Influence of Smart Phones
• A New Way To Pay
• Trends For The Future
• The Cost of E-Crime
• Information Security
• The Cost of Security
• Christmas Predictions
3. Get Online
The UK has the third largest retail The minimum a retailer can The risks of e-commerce
sales, after the USA and Japan, do is to have a website.
totalling £330bn. The benefits on going online
Basic ways to integrate your come with the threat of exposing
9.4%
Online retail is a growing market website with your physical store your company to e-crime.
which many ‘pure players’ include: Common threats include:
are cashing in on - using only of UK sales were
a website without the costs of • Offering pick up & return of Distributed Denial of Service online in October
running a brick-and-mortar store. online purchases in store (DDoS) 2012
High street sales are decreasing • Offer the ability to check Credit card theft by
as online spending increases. The local shop inventory in-store
• SQL injection
proportion of sales captured on
• Getting social -the ability to
71%
the high street fell 6.9% in 2011 • Session Hijacking
‘share’ and ‘like’ products • Cross Site Scripting
and is expected to fall a further
2.5% by 2014. However, online • Read how larger retailers • Malware
sales are expected to reach 14% of European online
integrate in-store with • Path Traversal retail is UK, Germany
of all retail sales by 2015. e-commerce sites. & France
Protect your brand with PCI DSS
The UK has the highest per capita
compliance
spend online in Europe with 40%
of the UK shopping online at least
once a week.
£43bn
£
• £6.8bn average weekly UK retail sales in predicted UK total
online sales by
October 2012 2015
• £562m average weekly UK online retial sales in
October 2012
• £25bn total UK online spend in 2011
4. M-Commerce
With the increasing popularity Unite smart phones with your
and availability of smart phones, in-store experience
m-commerce is a rapidly growing
retail sector. Smart phones are Research has shown that the
not only being used for direct
purchases but are also influencing
in store sales.
UK is leading the way in Europe
when it comes to integrating
mobile devices into the shopping
86%
use a smart phone
experience. to access the
58% of UK consumers own a smart Internet (UK)
phone and almost half of these Ways to do this include:
have already used it to shop
• Mobile sites & apps
online. By 2020 up to 95% of the
UK is expected to own a smart • Mobile store navigation
phone.
The influence of smart phones
•
•
Barcode scanning
Mobile checkout & tap-to-
pay
75%
research both and
on in store sales is expected to online & in store
increase by 300% by 2016, with • Geofencing before purchasing
15-18% of in store sales being • Mobile specific deals
influenced.
36%
£
• £15.2bn estimated UK in-store sales influenced would like the to
use a phone to
by smart phones scan for more
info
• £1bn in direct mobile purchases (UK)
• Mobile sales increased by 100% in 2012 for
Amazon
5. A New Way to Pay
The development of Near Field Secure your mobile payments Standards for secure
Communication (NFC) has payments
created a new, convenient, The threat to this market lies in its
both real and perceived risk. A
14%
tap-and-pay way to shop. Skrill Ensure you are PCI DSS Compliant
research found that 13% would major incident at this early stage (Payment Card Industry Data
be happy to give up cash today. in the implementation of mobile Security Standard).
payments could easily throw off would pay by
Around 70 million people in Recently developed standards to mobile device
consumer confidence for good.
instead of card
India already mobile payments, improve security include ISO/IEC
according to a survey in 2011. Who is securing mobile payments? 27032; covering e-commerce,
Javelin research found that many online banking, virtual medical
Juniper research into mobile consumers expected banks and records, remote office
commerce predicts NFC credit unions to be responsible applications as well as other
$74bn
payments are set to triple by for securing payment tools -even key areas of concern for cyber
2015 to $74 billion worldwide. if they didn’t actually provide security.
Mobile money transfers, banking, them.
payments and coupons will also predicted global
show significant growth. Banks will need to ensure that NFC payments by
mobile payment tools they back 2015
are secure as many consumers
see and trust them as security
experts.
Threats
21%
think physical money
will disappear in the
next 20 years
Any kind of online banking is a main target for cyber
criminals and NFC & e-wallets are no exception.
Beware of man-in-the-browser and
man-in-the-middle attacks
6. Trends For The Future
• Use customer data to • Radio Frequency
create a personalised Identification
shopping experience Technology (RFID)
• Digital in-store touch
points
• Mobile check out
• Tablet assisted shopping
95%
of the UK will own
a smart phone by
- display product 2020
& related product • Geofencing
information, review and - alerting customers
video tutorials. of real time deals as
$74bn
• Electronic Shelf Labelling they cross a ‘digital
(ESL) & automated till boundary’ near a store.
pricing updates, predicted global
NFC payments by
• Supply chain 2015
management
• Loss prevention
Inspiration
£43bn
predicted UK total
online sales by
• Burberry - Flagship store London 2015
• adiVerse - Virtual footwear wall
• J.C. Penney, Nordstrom - Mobile checkout
• Tesco ,John Lewis - ESL
7. The cost of e-crime
£16.5m
£205.4m
prevention &
security
total costs 2011-12
£111.6m
£77.3m
to UK retailers
lost revenue
due to cutomers being
direct costs deterred by additional
& losses online security measures
These figures do not cover malware, Distributed
Bank
£1.2m Denial of Service (DDoS) attacks or hacking: the
£20m 0293 0003 4783 0394
refunds fraud
true cost of e-crime is likely to be much higher.
According to research by the British Retail Consortium
identification £15m (BRC). The retailers questioned constitute 45% of the
UK retail sector by turnover. £16.5m in prevention and
fraud security excludes payments to banks for systems such
card & card-not- as 3D Secure and ‘chargebacks’
present fraud
8. Information Security
Trust in a brand rated second Surveys show that 20% of retailers
highest factor in a customer questioned sufferied serious or
loyalty survey, serious information very serious disruptions from DDoS
security breaches can have attacks in 2011-12.
a severe impact on a brands
reputation and therefore Confidence in reatail companies
customer loyalty. information security plans has
fallen since 2008 as technology
UK brands are the second most advances faster than retailers
targeted globally by phishing can secure it.
attacks, after the US, with 86% of
theses originating from within the
£100,000
UK.
The most common fraud
expercieced by UK retails in 2011-
12 was card not present fraud, estimated average cost
almost 80% said this was now
now common or very common. to recover from a single
DDoS attack
2009 80%
2010 75%
2011 71%
2012 69%
Percentage of companies responding yes plans?question
how confident are you in your security to the
“Are you confident are you in your security measures?
9. Information Security
This PWC research indicates that in the past 2 years many fundamental elements
have been omitted from retailers information security policies.
Who do European
retailers employ?
49%
CISO
33%
CSO
38%
£
• at least £16.5m spent in UK retail on internal other dedicated
security
and external security provision staff
• UK retailers spent £10.5m staffing security
systems in 2011-12 Find out more about what
to look for when hiring
• £6m invested in security technology by UK
infosec staff for retail.
retailers in 2011-12
10. Christmas
More christmas shoppers avoid detection. • Parcel Delivery Notifications:
make DDoS a bigger threat fake delivery notifications
• RUDY-R-U-Dead-Yet:
with malicious links, ensure
With increased traffic from online designed for http attacks
your emails match your
17%
Christmas shopping, e-commerce using long-form field
purchase/tracking number
sites will already be under added submissions
strain. • Fake Order Confirmations: to
• Low-Orbit Ion Cannon (LOIC): predicted rise in UK
scare shoppers into believing
A Distributd Denial of Service made famous by Anonymous online sales over
someone has ordered christmas
(DDoS) attack at this already it can be capable of one
something under their name,
busy time could be much more click DDoS attacks
and thus clicking links to
effective. • Power DDoSer cancel the transaction.
A survey by Riverbed Technolgies • Silent DDoSer: has the ability • Holiday Screen Savers: an
10%
showed that 69% of Europeans create bots, use zombie IPs easy way for hackers to
would feel uncomfortable and steal Windows keys spread malware
making payments on slow predicted UK
loading websites. Don’t let the cyber-grinch • Social Media Malware: Christmas sales
steal Christmas including fake Christmas influenced by
5 DDoS tools to be aware of competitions, videos and smartpones
include: Kaspersky Lab has highlighted key twitter viruses.
threats to customers this season.
• Hulk Web Server: creates
a unique pattern for every • Christmas eCards: a route
request, increasing the load for phishing attacks, links to
42min
£
on servers and helping it to eCards containg malware
average time per
• £330 million of sales will be made directly day spent online
through smartphones this December shopping this
christmas*
• £500 million sales through tablets this
December
• £33.5bn of Christmas sales will involve
smartphones * predictions by Riverbed Technology Survey
11. Sources
British Retail Discovering The Value PWC:Global State Of
Consortium: Counting Of Mobile In Retail, Information Security
The Cost Of E-Crime, 2012 Survey: Retail And
2012 Consumer Responses,
Deliotte: Consumer
Deloitte: European Business News :£3.5bn
2012 Via Resource Group
E-commerce of Christmas sales Department For
Assessment: to be purchased Business Innovation &
Via Resource is a consultancy
Benchmarking The Top on or influenced by Skills: Retail specialising in information security & risk
200 In Online Retail, smartphones. management.
2012 Department For
Office For National Business Innovation Join our mailing list to receive updates
Deloitte: The Changing Statistics: Retail & Skills: BIS Retail
Face Of Retail: The Statistics. Latest Edition Strategy, October 2012 on information security news and
Store Of The Future, October 2012 statistics.
2011 Javelin: The Battle For
PWC: Consumer Control Of The Mobile Simply send your details to
Deloitte: The Changing Intelligence Series: Wallet: Sorting Out contact@viaresource.com
Face Of Retail: Right Customer Loyalty, 2012 Players, Technologies
Sizing The Retail Estate, And Strategies To Win
2012 PWC: Global Multi-
Channel Consumer
Deloitte: The Dawn Survey, 2011 Contact US
Of Mobile Influence:
W www.viaresource.com
E contact@viaresource.com
T 0203 327 1996