2020 was a market-shaping year for the retail industry. The contactless shopping experience has led to dramatic and dynamic changes to retail operating models. While some retailers achieved record earnings, many struggled to adapt and at least 50 major US retailers entered bankruptcy. In an industry with already paper-thin margins, retailers are faced with consequential decisions as they reimagine the consumer experience and supply chain models.
According to a 2021 Deloitte analysis of retail C-suite executives, the top investment priority is digital acceleration. Yet, digital touchpoints are now table stakes for consumers and retailers alike.
For example, retailers are reimagining person-to-person interactions digitally with the use of live streaming and many are leveraging customer data and analytics to customize interactions and offerings and better anticipate fulfilling customer expectations. These shifts place more value on customer data, artificial intelligence and partner services and integrations (web and supply chain) for retailers. They also place strong emphasis on an important bond between consumer and retailer around trust and data privacy and protection. Today, however, research conducted by Deloitte on consumer perceptions of data privacy and protection concludes retail customers feel vulnerable. A data privacy and protection trust gap exists which retailers need to address as part of their post-pandemic transformation strategy.
of retailers may be vulnerable to web skimming based on a non-intrusive client-side data theft analysis
of data breach incidents within the retail industry in 2020 included personal or payment data
of data breach attacks within the retail industry in 2020 was financially motivated
Building trust - bridging the data privacy and protection gap
of consumers rate retailers unfavorably on data privacy, according to a Deloitte 2021 study
of retailers have digital acceleration as the top investment priority for 2021, followed by supply chain resilience
Client-side data breach and compliance risks
One of every two data breaches is the result of hackers according to a Ponemon 2020 study. With the web browser now a highly targeted attack surface, retail companies are extending their server-centric security perimeter to the web browser to address several client-side vulnerabilities:
Hackers infiltrate ads and ad networks to corrupt and divert ecommerce experiences and conversions (journey hijacking) and steal ad revenues.
Transmission of data to an external recipient or destination, authorized or unauthorized, and happening either accidentally or with malicious intent.
Formjacking mimics real-world card skimming. Malicious code secretly captures data as your customers submit data during log in and checkout. The data is then transmitted to a criminal destination.
This vulnerability involves malicious CSS code being injected into a retailer’s website at runtime. Compromised CSS code can extract sensitive data.
The hacker first finds a way to infect the customer’s device. Once infected, the malware installs itself on the browser without the customer’s knowledge. The malware then records sensitive data sent between the customer and retailer and transmits it to a criminal site.
Tags are used to facilitate the collection and sharing of data between a retailer’s website and third-party technologies. Tag code, delivered at runtime, instructs the browser to send data to third parties and allows third parties access to data collected on the site. This risk is further compounded when third parties include tags for their partners (piggybacking). Tags can impact security and performance.
Keyloggers are a type of monitoring software designed to record keystrokes made by a user. Keystroke loggers record the information your customers type into your website and send to hacker sites.