Are retailers ready for the next wave of cyber scams?
Presented here for discussion is a summary of a current article published with permission from Knowledge@Wharton, the online research and business analysis journal of the Wharton School of the University of Pennsylvania.
Following the major cybersecurity breaches from Target, Home Depot, Neiman Marcus, Michael’s Stores and others that made headlines a few years ago, retailers have learned from the weaknesses that were exposed in their systems. But a large number and variety of scams are happening all the time.
“It’s almost like a game of Whack-a-Mole,” said Robert Meyer, Wharton marketing professor and co-director of Wharton’s Risk Management and Decision Processes Center.
The retail space has been particularly attractive to hackers because it’s a low-risk, high-reward crime. David Lawrence, founder of Risk Assistance Network and Exchange (RANE), states, “Attacks can be launched easily, cheaply, remotely, and the risk of prosecution is extremely low. Stolen consumer data is highly valuable and marketable in the commission of identity theft and financial fraud.”
Moreover, the data collected at all stages of the shopping process — from browsing and buying online, opting into mobile ads at a store, posting store check-ins and reviews on social media to paying with a credit card or mobile wallet — is becoming more valuable. Says Denise Dahlhoff, research director at Wharton’s Baker Retailing Center, “More technology and data have many benefits for consumers and retailers, but they also increase the risk of security breaches.”
While steps may have been taken to shore up protections around internal data infrastucture and POS systems, the need to provide third-party vendors with access to store sensitive information opens up retailers to hacks. With little training on phishing scams, malware and viruses, employees at the store level accessing company systems through their own personal devices or surfing the internet on company computers also underscores the vulnerabilities in a retailer’s network.
“Technology is embedded in every company,” says Christopher Yoo, professor of law, communication, and computer and information science at the University of Pennsylvania Law School, and founding director of the Center for Technology, Innovation, and Competition. “Retailers have to reeducate themselves and incorporate a technical strategy, and this requires the attention of the c-suite.”
DISCUSSION QUESTIONS: How is the increasingly digital nature of retailing heightening risks of security breaches for stores? What types of investments do you think are necessary to shore up risks?