Time to Get Serious. How to Protect Your Shoppers Data?

Time to Get Serious. How to Protect Your Shoppers Data?

October 31, 2018

Data protection and privacy is a hot topic right now following the recent Facebook scandals and numerous other data breaches. More than ever, many shoppers are hesitant about giving away information they do not need to.

While the switch to EMV chip-based credit cards has helped reduce credit card fraud at the point of sale in 2017 by 66% according to Visa, it is surprising how many retailers (enabled by software companies) are still storing credit card data and sensitive customer information locally - a hacker’s dream. Technology continues to advance to help prevent the stealing of information, but it is still the responsibility of the retailer to make sure their shoppers are not at risk.

Protecting Point-of-Sale Data

Retailers should start by making sure that they have secure in-store protection for their point of sale (POS) system. Ideally, the solution will at least utilize point-to-point encryption (P2PE) which encrypts card data right at the payment device. This data is sent to the gateway, and then on to the merchant processor, without any sensitive data ever touching the POS software or merchant’s environment. Superior to P2PE is end-to-end-encryption (E2EE). Similar to P2PE, one vendor (such as Square) provides their own payment devices connected directly to their merchant processing facilities. With less moving parts, E2EE represents the highest performing and most secure payment processing technology available today.

What is important is that both P2PE and E2EE put the POS software itself out of PCI scope and helps a merchant more readily maintain PCI compliance.

Beyond direct PCI concerns, it is also best practice to secure customer and transactional information. Phone numbers, addresses, purchasing habits and other customer data can be exploited to almost the same extent as credit card data. Rather than storing this data on PCs, local servers or servers placed in a datacenter, native Apple-based solutions (Such as SuitePOS) are generally virus free and impenetrable due to the way data is encrypted in the keychain and PIN/biometric authentication. Coupled with a modern, multi-tenant cloud-based solution as a service on the back-end (NetSuite and Salesforce are two examples) ensures superior protection of this data.

Switching to a proper multi-tenant back-end platform provides retailers the benefits of the latest technology and industry best practices for customer data security. As always, even with the most modern mix of technologies, it is important to conduct routine audits and tests to ensure that the POS and backend systems have the level of security needed to protect data.

Protecting eCommerce Data

Consumers are sharing more data than ever through online shopping and social media. So many consumers are opting to do their shopping online as opposed to brick and mortar because it is extremely convenient. For this reason, online retailers have taken steps to make the shopping experience faster and easier by storing a card on file for repeat purchases.

Even though getting off the couch while shopping online to go get your credit card is not the best experience, retailers need to keep in mind that this convenience can cost much more than the two minutes it takes for the shopper to grab his wallet.

The best thing for online retailers to do to protect their eCommerce customer data is to not store credit card data themselves, and enforce strong password requirements. For those who do choose to store information, it is important to make sure that data is encrypted and tokenized

Another way to help protect customer privacy is to keep your eCommerce separate from social media. Often times, online retailers allow their customers to sign up for their shopping account via Facebook or Google. Again, this is convenient for shoppers who do not want to take the time to create a separate username and password, but it puts customers at a higher risk of having their data unintentionally shared. For instance, Facebook users that recently had their profiles linked to third party apps and accounts, suffered from more of their private data being shared, than those who did during the Cambridge Analytica scandal.

Final Thoughts

Unfortunately, a data breach or cyber attack can happen to anyone, but there are many steps that retailers can take to prevent it from happening to them. It is a retailer’s responsibility to not only protect themselves, but also their shoppers by investing in and modernizing their processes in-store point-of-sale and ecommerce solutions.

For More Information on SuitePOS

Also in Blog

Why are Retailers on NetSuite Switching to SuitePOS for NetSuite?
Why are Retailers on NetSuite Switching to SuitePOS for NetSuite?

August 20, 2019

Performance, reliability, agility, customer experience and native ERP integration top the list!

Read More

Mobile POS is a good add-on, but ripping out your registers is better!
Mobile POS is a good add-on, but ripping out your registers is better!

March 01, 2019

A better approach is to use a single app that has the ability to ring up sales and that also supports important clienteling and endless aisle functions. 

Read More

What is a
What is a "No Database" POS and why does it matter?

January 09, 2019

A "No Database" POS describes a simple sophisticated POS solution that uses the power of an underlying world-class business platform to store settings, customer data, products and transactions. This eliminates expensive and risky integration efforts.



Read More