MCX merchants include: 7-Eleven, Inc.; Alon Brands; Best Buy Co., Inc.; CVS/pharmacy; Darden Restaurants; HMSHost; Hy-Vee Inc.; Lowe’s; Publix Super Markets Inc.; Sears Holdings; Shell Oil Products US; Sunoco, Inc.; Target Corp. and Wal-Mart Stores Inc.
The day that we can walk into a retail store and pay for an item with a smart phone is coming. Is the loss prevention community ready?
It is undeniable that reliance on mobile devices has become a way of life for today’s consumer. Savvy retailers who appeal to customers’ needs and preference for mobile transactions, from merchandising to check out, will drive sales and loyalty by putting the power of convenience into the hands of the consumer. At the same time, there are risks inherent with the convenience that mobility affords the industry and its customers, and security appears to present the greatest obstacle to its adoption.
An August report by Juniper Research asserted that “the scale of global mobile payment transactions is expected to rise nearly fourfold over the next five years to more than $1.3 trillion.” On the heels of that report, twelve major retailers, including Wal-Mart,Target,7-Eleven and SunocoInc., announced an effort to create a mobile wallet. None of this is surprising given the consumer’s growing dependence on mobility and attraction to the convenience it affords.
As the proliferation of retail mobile technologies occurs at lightning speed, the security challenges that arise from these technologies range from issues at the point of sale, to consumer concerns over personal information and personal property and, of course, theft and fraud. When it comes to adopting new technology, an additional challenge can come in the form of the security function itself.
Security Impedes Adoption
According to the 2011 Mobile Payments Global Survey by KPMG, the majority of companies believe that mobile payments — including mobile wallets, mobile banking and contactless card systems — will become mainstream in the next five years; however, while convenience will foster growth, security will impede adoption. The survey respondents agreed that “convenience and accessibility are the key ingredients to success (of mobile payments), and security is the impediment to broad adoption.” Seventy-one percent of respondents said security is the main challenge companies face as they develop mobile payment strategies.
The conversation around adoption of mobile technology, and mobile payments in particular, harkens back to a similar line of thinking concerning IP technology in the slow-to-adopt video surveillance space. While it is true that some retailers continue to rely on analog video systems, it is clear that when it comes to mobility, no one can afford to wait to adopt the latest technology.
Retailers who ignore the trend risk losing out to the competition in the current “I need it now (and can get it elsewhere)” retail environment.
Security’s Role in the Mobile Migration
The application of mobility in retail is still in its infancy. At this time, there is no single standard methodology, which in-and-of-itself makes adoption difficult. However, rather than resisting the unknown, there is much to be gained from getting on board early and working across functions to lay the groundwork for adoption, and to identify ways of making mobile payments secure and executable across the organization. Strategies for addressing the challenges that come with mobile payments are developing, but savvy security professionals will join the conversation early, helping to identify steps retailers can take now to prepare.
To illustrate this point, consider that loss prevention professionals have been credited with easing the transition from paper gift certificates to plastic gift cards. In the NRF Stores magazine article, “Piloting Progress: LP executives strategize approaches to mobile payments fraud,” Joseph LaRocca, senior asset protection advisor to NRF, says: “Loss prevention, in conjunction with other departments, helped stores rapidly adopt anti-fraud gift card technology by tying it to similar credit and debit card procedures. Loss prevention’s ‘operational perspective about how overall programs and strategy can work better’ helped to ease the transition.”
The mobile payment landscape is more complex than gift card technology; however, this is a good example of how using what we already know about protecting consumers and consumer data can help security professionals see the process from an operational perspective and determine the best way to move forward. In this case, the standards set in place by the Payment Card Industry (PCI) Security Standards Council ensure the safe handling of cardholder information, and much of that policy can be mapped on to mobile payment technologies or altered to enhance security surrounding those transactions.
The Path to Secure Mobile Transactions
Security teams can add value in the run-up to full adoption of mobile technologies by making recommendations to improve processes in other departments; while simultaneously addressing the unease that accompanies new technology by identifying potential pitfalls and addressing concerns early.
The following steps can be taken to ensure security teams are fully engaged and the entire organization is prepared to meet the challenges associated with a transition to mobile payments:
1. Identify operational vulnerabilities. According to the KPMG study, “Companies recognize that any new solution must be at least as convenient as any existing payment solution in consumers’ hands today, and must eventually be as broadly accepted as extant solutions.”
To lay the foundation for seamless integration and a positive customer experience with mobile technology, work across teams and departments to review processes around point of sale, returns and other customer-facing interactions, as well as back-office procedures. This will help reveal processes that are susceptible to breakdown.
Anything that is an issue now is likely to be an even greater risk once mobile payments are introduced, and identifying them early can greatly reduce the need for mitigation and time spent managing exceptions later.
2. Train employees. Training is imperative to ensure that any process is carried out consistently. In the course of identifying processes that are susceptible to breakdown, opportunities for training will become evident. In addition to training employees on new processes and unfamiliar devices associated with new mobile technologies such as mobile payments, time should be spent educating staff on how data is handled on those devices, how to secure them, and why it is essential to do so.
3. Educate the public. According to Juniper Research’s report, Mobile Payments Strategies: NFC, Remote Purchases & Money Transfer 2012-2017, consumer awareness of near field communication (NFC) — the technology that makes purchasing a product with the wave of an iPhone possible — is “extremely low.” In laying the groundwork for adoption, it is essential that communication to consumers be considered.
Resistance that results from fear associated with something “new and unknown” will be experienced both inside and outside of the organization — address it early and communicate clearly.
Consumers want to know mobile technologies are secure. If data is encrypted, tell them. Further, customers too often use weak passwords that fail to secure their devices. Fear of a lost or stolen unsecured device can be a powerful deterrent to adopting the mobile payment options available.
4. Identify fraud mitigation tools that will benefit your operation. As with any monetary transaction, it is crucial that the retailer using mobile payments have the means to mitigate fraud and prevent shrink.
A variety of fraud mitigation tools are available, including: online purchase authentication, transaction verification, IP geolocation, device fingerprinting and automated transaction scoring. Work with other departments to determine your organization’s need and do the research to ensure every possible measure is in place for a secure shopping experience.
The advancement of mobile technologies is happening at a speed that outpaces our ability to identify and prepare for every challenge. In the face of this, security teams cannot afford to be an impediment to adoption.
On the contrary, by getting involved early, security can help retailers meet those challenges and craft strategies that will ensure a secure shopping experience as newer and more advanced technologies continue to enter the market.
Andrew Wren serves as chief executive officer of Wren Solutions, a loss prevention technology provider helping leading retailers reduce loss and increase profits. Wren is responsible for corporate and product strategy, leveraging his more than two decades of security technology expertise. To learn more about Wren Solutions, visit www.wrensolutions.com.