Safeguard Shopper Privacy and Ensure Retail Security in a Mobile First World

Share Post

Image result for memory mirror

Digital signs, mobile payments, magic mirrors, stock-picking robots and many other smart devices are changing the retail shopping experience. Smart, connected devices create new, interactive experiences that keep shoppers engaged—and increase sales. That's why retailers are embracing Internet of Things (IoT) devices from the floor to the warehouse. In fact, Juniper Research predicts that retailers will connect 12.5 billion digital signs, Bluetooth beacons and other smart devices to IoT platforms by 2021—a 350 percent increase from 2016.

As retailers use more smart devices and as cyber threats evolve and grow in number, cybersecurity and privacy become an even bigger challenge. The retail industry is already a top target for cybercriminals. Smart devices often have lower security standards than traditional mobile devices or desktop computers, and vulnerabilities can be difficult to patch. That means IT leaders need to be proactive to mitigate a rising risk.

Beyond cybersecurity, success depends on walking the tightrope between customer privacy and trust with a personalized shopping experience.

Increase Sales while Protecting Shopper Privacy

Understanding customers' past purchases, preferences and their locations can help retailers deliver a memorable shopping experience, but cross the invisible line, and what's convenient to a shopper can transform into unacceptable behavior from the retailer.

The context and the conditions of the interaction are critical. Let's take the example of using mobile engagement to minimize the impact of cross-shopping. A shopper in a major big-box store who uses his phone to visit the website of a specialty electronics retailer while standing in an aisle filled with bountiful summer produce may be insignificant, but if that person is standing in the consumer electronics section, it's pretty likely that he's comparing prices. At this point, a retailer could offer a price match to keep the customer interested.

But how? A push notification that magically appears on the shopper's phone just moments after visiting a competitor's website is more than a coincidence. It's more like digital stalking or even worse, it seems like the retailer has hacked into the shopper's phone.

Now picture a nearby digital sign showing a "price match" ad. The retailer can offer the shopper a price match without being intrusive. If the promotion is included in the regular rotation of digital signage content, then it doesn't seem like the person's digital footsteps are being tracked. It is a happy coincidence that the store is willing to match the price.

Securing Wired and Wireless Networks

The rise of smart, connected devices typically doesn't come with a commensurate increase in the IT security budget. But fortunately, IT leaders can leverage many of the network and security tools they already use to create a more secure environment.

With PCI compliance a fact of operations, secure networking has long been a priority, and retailers have fortified their wireless networks so they can process payments securely. They've deployed strong authentication and access control solutions like Aruba ClearPass to identify devices, enforce policies and protect the network.

Let's say an Apple TV tries to connect to the retailer's network, but it's not an authorized device. With ClearPass, IT can automatically block that device until it is vetted. Similarly, a printer that doesn't support device certificate authentication can be automatically assigned to the print VLAN, where it cannot talk to any secure devices. ClearPass can be used to profile all kinds of devices, from tablets to digital signs to surveillance cameras, ensure they use the appropriate VLAN, and only talk to the appropriate devices and systems.

Retailers have paid close attention to securing the wireless network to support PCI requirements, but the security of the wired networks can be overlooked. Switch ports that are open and accessible to curious and potentially malicious hands, whether in the warehouse or on the floor, create risk. But with the per-port tunneled node capability on Aruba switches, traffic from individual ports can be tunneled back to the mobility controller and policies enforced via a stateful firewall so that both wired and wireless traffic follow the same policies.

Retailers also need to consider who's holding the device—and where the person is physically located.

Vetting the Wandering Mobile POS

Mobile point of sale (POS) has taken off. Associates and shoppers like the convenience and mobile POS increases sales. But Apple iPad or Android tablets are a lot smaller than a traditional POS system sitting at the checkout, and devices can be misplaced or even stolen. Retailers need to protect the mobile POS system from mischief and malice.

Using mobile device management (MDM) software like MobileIron or Airwatch, in conjunction with ClearPass, can bring that peace of mind. If someone steals a mobile POS device and jailbreaks it, strong authentication isn't enough. MDM can detect the compromise and ClearPass can prevent network access, mitigating the risk of card skimming by employees or other bad actors.

The location of the smart devices matters, too.  A mobile POS system doesn't usually move from store to store so if a device appears in another store. ClearPass can detect the change of location and react accordingly, so if someone inadvertently (or intentionally) takes a device outside the store, an extra level of authentication can be applied when the device shows up in a new location. With ClearPass, when coupled with multi-factor authentication like Duo, the device can ask the user for more complex verification before network access is granted.

But what happens if someone steals a mobile payment system or surveillance camera, and then brings it back? A device that has been offline, whether for a day or a couple of months, needs a higher level of vetting. ClearPass can do that. When the person brings the device back to the store and tries to log into the network, ClearPass can identify the device, check its security posture, and send a trouble ticket to the helpdesk so that IT has to explicitly authorize access.

To whom a device talks also matters. For instance, there's no reason for a surveillance camera to communicate with any systems other than the surveillance system's server and the manufacturer's website for software updates. With ClearPass, retailers can ensure that IP cameras only have local LAN access and a single firewall entry for software updates. Using ClearPass also eliminates the burden of manually configuring all the cameras in all the locations. Security is enforced consistently and IT is free to do more strategic work.

Watching for Bad Behaviors

Strong authentication, network access control and MDM create a secure foundation for retail networks, and many retailers are exploring the use of security analytics to provide additional protections.

Aruba IntroSpect uses advanced AI-based machine learning, visualizations and instant forensic insight to find compromised users, systems and devices so they can be remediated before the damage the operations and reputation of the retailer. IntroSpect integrates both behavior-based attack detection and forensically rich incident investigation and response at an enterprise scale. And that provides the intelligence to stop attacks before lasting damage is done.

Learn More

Retail faces more cyber attacks than any other industry, and the costs of a data breach can be devastating. Aruba can help retails create memorable shopping experiences using innovative new technologies while mitigating cyberrisk. Learn how.