Retail and the Long Fought Cybercrime Battle |
No matter a retailers shape or size cybercriminals dont discriminate In recent years the number of attacks targeting retailers has significantly gone up with 75 percent of them saying that they have been targeted at some point According to a report from the National Retail Federation retailers in the US lost nearly 47 billion to cybercrime in 2017 and fraudsters arent slowing down As cyberattacks against retailers continue to mount more companies are heavily investing in protecting data and payments alike Nearly 85 percent of 196 retailers surveyed by data security solution provider Thales said they plan to increase their security spending in the coming year Stopping cybercriminals takes more than just money those funds must be directed at the right tools technologies and techniques if retailers want to curb cybercrime In this Deep Dive PYMNTS examines past efforts to stop retail fraud and whats being used today Public action and regulations As fraud has become more widespread in the retail sector several governments regulatory bodies and other public authorities worldwide have taken an increasingly active role in protecting merchants and their customers In Europe for example the European Central Bank ECB undertook several efforts to strengthen retail security In 2003 when online revenues were just a small fraction of todays totals the ECB released recommendations to protect personally identifiable information PII and financial details exchanged in these transactions with two-factor authentication among other steps The European Banking Authority followed up on those recommendations by passing new ones in late 2014 which are still in effect today In 1999 President Bill Clinton of the United States a presidential directive to create the Financial Services Information Sharing and Analysis Center a group that identifies cybersecurity threats coordinates fraud protections and shares information to companies in a wide range of industries Recently the US Federal Reserve has also looked to protect retailers and their customers In June 2015 the Fed brought together a group known as the Secure Payments Task Force which was comprised of a diverse group of companies and stakeholders that issued their own recommendations for improving retail security The groups report Strategies for Improving the US Payment System called for a faster more efficient and secure payments system specifically designed for online transactions EMV and 3D Secure Private players are also looking to help prevent cyberattacks as shown with the release of the Europay Mastercard and Visa EMV standards The standards called for retailers to accept card-based payments using chip-and-PIN technology an upgrade to existing retail security systems Similar to the EMV standards Mastercard and Visa came together in 2001 to design the 3D Secure 3DS protocols which offer greater fraud protection to online transactions made via debit or credit cards These protocols saw an upgrade last year with the release of 3D Secure 20 The upgrade provides consumers with a simpler payment experience without sacrificing security and eliminates most of the features that consumers found unpleasant when completing online payments allowing payment processes to be integrated directly into a websites checkout and blended more easily with omnichannel features and loyalty programs 3DS 20 also better handles the increasing amount of mobile purchases made in recent years Because consumers expect mobile transactions to happen without interruption frictionless flow transactions those that are not interrupted by security protocols require earlier risk reduction and richer collection of data These standards and protocols paired with technologies like artificial intelligence machine learning and encryption have become retailers main weapons in strengthening the industrys cybersecurity Implementing best practices Most projections indicate that retail fraud will continue to increase As consumers continue to adopt mobile online and other connected commerce channels fraudsters will only have more opportunities to get their hands on PII and payments data Retailers that want to offer their customers the best protection should comply with not only their jurisdictions regulations but should also implement the recommendations and best practices from around the world and from different sectors of the cybersecurity space LATEST INSIGHTS Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation thats reshaping the payments and commerce ecosystem Check out our latest Real-Time Payments Playbook