![Value Retail promotional image](https://americanmarketer.com/wp-content/uploads/2015/06/Value-Retail-China-185.png)
As retailers innovate and enhance the omnichannel shopping experience, one of their biggest challenges will be creating an inclusive payment security strategy, according to a new report by Boston Retail Partners. Payment security is one of the top concerns for retailers today, with hackers becoming more sophisticated and even high-profile institutions falling victim to data breaches. In order to protect themselves, brands need to update and strengthen their security systems, which may now be out-of-date.
"Hackers and fraudsters are in a constant back and forth with retailers as it relates to payment security," said Ryan Grogman, vice president at Boston Retail Partners. "As retailers close certain loops, the hackers move on to the next most vulnerable spot in the transaction, and retailers are then forced to develop new measures to address the weakness.
"This cycle has been going on for many years, and the biggest change in payment security today is the sophistication and level of technology available to both sides," he said. "The advent of PCI standards really moved the needle forward in terms of retailer defenses, but even with these controls in place, we are seeing high-profile retailers subjected to massive data breaches and the associated public relations fallout.
"For the card issuers and banks, they are driven by a need to reduce the amount of fraudulent charges. For retailers, it is the fear of being the next company in the headlines for a breach along with having their valued customers’ sensitive information exposed that is driving many of these changes. EMV is another attempt by the issuers to deflect the fraud liability back to retailers, and that financial liability has driven many retailers to allocate more budget to enhance payment security and implement EMV."
Boston Retail Partners' "Payment/Data Security in an Omnichannel World" is based on data from the consultancy's 2016 POS/Customer Engagement Survey. Payment plan Boston Retail Partners’ survey found that most retailers are planning to implement a multi-tiered security strategy. Most effective is combining end-to-end encryption with EMV transactions. EMV-enabled credit cards include an embedded chip, which a compatible terminal can read to verify that it is the original issued card. This prevents the use of fraudulent or counterfeit cards. Today, only 22 percent of retailers support EMV transactions, up from 10 percent last year, but another 53 percent plan to have EMV in place within the next 12 months. The burden of liability surrounding EMV shifted in October, and now payment networks hold merchants in the United States accountable for fraudulent transactions surrounding chip cards if the retailer does not support EMV.![Bloomingdale's Palo Alto store](https://americanmarketer.com/wp-content/uploads/2014/12/Bloomingdales-Palo-Alto-store.jpg)
"Luxury retailers win a majority of their most valued customers through establishing a relationship built on personalization and trust," Mr. Grogman said. "With that loyalty can come a lifelong relationship, but it is essential that the customer trusts the retailer to value their needs, preferences and most importantly their personal information.
"With higher per-item retail prices and higher transaction totals, the customer base itself will skew towards higher limit credit cards," he said. "It becomes essential to protect this sensitive payment data by employing the latest technology trends in end-to-end encryption and tokenization so that nowhere in the process can hackers gain access to this sensitive information."
Samsung Pay powered by Mastercard
Fashion ecommerce has shown no signs of slowing, with online purchases expected to more than double to $3.5 trillion by 2019, and with that, fraudulent sales have kept up the pace, according to a new report by Riskified.
Riskified’s “Fraud in Online Fashion” report is geared toward ecommerce retailers selling premium and luxury fashion brands in the online space. For an industry that counted $8.5 billion in online sales for 2015, a figure expected to double by 2020, online retailers must be aware of the increasingly difficult challenges and risks the counterfeiting underworld presents (see story).
Unlike in-store, one it becomes hard for brands to tell whether the card being used is actually the purchaser's without the help of a chip, signature or identification. Therefore, retailers have to rely on an automatic monitoring system that audits purchases that are suspect and enables legitimate transactions to go through. Manual auditing is clunky in today’s ecommerce environment where consumers expect services such as same-day delivery. Instead, brands should be learning about their consumer profile to be able to flag suspicious transactions, leveraging available data from past transactions and looking at trends. In an effort to make online shopping simpler, retailers often store consumer credit card information, sparing the shopper from entering her card number each time she returns. While this could open a consumer’s data up to hackers, a number of retailers that use tokens in-store are also leveraging them online, protecting consumers across channels."The most effective approach for securing payment card transactions is the multi-tiered approach of implementing end-to-end encryption, tokenization, support for EMV, in addition to a rigorous set of security protocols," Mr. Grogman said. "For ecommerce transactions, those additional controls may come in the form of advanced fraud management through the use of tools, retailer-specific business rules and rigorous monitoring.
"As it relates to omnichannel, there is an expectation on behalf of the consumer that they can buy anywhere, return anywhere and ship anywhere at anytime and the overall experience should be relatively seamless across the various channels," he said. "Sometimes advanced security controls make it challenging to support such an experience, so retailers should evaluate the impacts on their cross-channel practices when designing payment security programs.
"One key example is the use of tokenization. By replacing card values with meaningless token values, retailers can greatly reduce their risk of a breach; however, if these tokens are not similar across channels or if they are uniquely generated for every swipe of the same card, then retailers will be hamstrung when it comes to efficiently processing cross-channel returns or transaction lookups by credit card. An omnichannel, multi-use token addresses this scenario and has become the best practice for forward thinking retailers."